Re: Issues Encountered with Sling Scheduler

[Robert Munteanu]

Hi Jitesh,

On Fri, 2024-02-02 at 13:26 +0530, Jitesh Shetty wrote:
> Dear Apache Sling Team,
> 
> I hope this email finds you well. I wanted to reach out regarding
> some
> issues I've encountered while working with the Sling scheduler. Below
> are
> the points I'd like to address:
> 
> *1. Scheduler Process Issues:* While working with the Sling
> scheduler, I've
> encountered issues with its scheduler process. Despite having the
> correct
> cron expression, it seems to not be functioning as expected.

I think this is the root cause for your problems, and 2 and 3 are very
much related. I would encourage you to generate a reproducible scenario
where the Scheduler does not work as expected and create an issue at
https://issues.apache.org/jira/browse/SLING .

> 
> *2. Scheduler Behavior After Server Restart:* Additionally, there's a
> peculiar scenario where after restarting the server, the scheduler
> works
> for a certain period but then stops working. This behavior persists
> for
> sometimes even a day post-restart.
> 
> *3. Lack of Logging When Scheduler Stops Working:* One notable
> observation
> is that when the scheduler stops working automatically, there are no
> logs
> printed in the log file indicating whether it has been disabled or
> enabled.
> However, I do notice similar logs in the sling-scheduler.logs file.
> 
> *4. Discrepancy in Timestamps:* Furthermore, despite finding logs in
> sling-scheduler, they do not reflect the correct time I have
> specified. I
> suspect this might be due to server timestamp issues, but I'm having
> trouble pinpointing the exact cause.

Logs timestamps by default are generated by slf4j/logback, so any
issues should be traced back to those libraries. As you mentioned
though, I would first start with checking the server time accuracy
using the preferred tools for your OS.

Thank,
Robert

> 
> I'm reaching out to seek assistance and guidance on resolving these
> issues.
> Any insights or suggestions you could provide would be greatly
> appreciated.
> 
> Thank you for your attention to this matter.
> 

Re: CustomNodeType on startup in Sling12

[Robert Munteanu]

Hi Rahul,

On Tue, 2024-02-06 at 12:29 +0530, Rahul Rupani wrote:
> I am using the sling12 kickstart jar with my custom feature.json file
> and a
> custom script,
> The problem is when i try to create a node in my bin browser with the
> jcr:PrimaryType as vlt:PackageDefinition it gives me -
> Error - 400 javax.jcr.nodetype.NoSuchNodeTypeException: Node type
> vlt:PackageDefinition does not exist
> But when i go to Packages inside bin browser and then go back to
> creating
> the same node it is successful, first of all let me know why and what
> is
> this behaviour and also how can i add the custom node type in my
> feature.json or my start script as i want it on a fresh server start,
> Thanks

I suspect 'bin browser' is the Composum Nodes package installed by
Sling. I would first start by upgrading to the latest Composum Nodes
version, and if that does not work ask at
https://github.com/ist-dresden/composum-nodes .

Thanks,
Robert

Sling integration with OpenTelemetry

[Robert Munteanu]

Hi,

If you're using OpenTelemetry with your Sling apps (or plan to) you
might want to look at an initial PR I created for OpenTelemetry to
gather better traces for Sling apps.

https://github.com/open-telemetry/opentelemetry-java-instrumentation/pull/9469

Thanks,
Robert

Re: error.log

[Robert Munteanu]

Hi Juerg,

On Tue, 2023-05-30 at 21:52 +0200, Juerg wrote:
> Hi all
> 
> Sorry, where has error.log gone in Sling 12? In earlier versions, it
> was 
> at {sling.path}/sling/logs, along with request and access logs.
> In V. 12, it seemingly vanished...

The Sling Starter 12 moved to the feature launcher, and that launcher
has a slightly different filesystem layout. My examples use the 13-
SNASPHOT version of the Starter, not yet released, but 12 should be
similar.

When launching the Starter you can see a bunch of information printed
on the terminal, e.g. 

$ target/dependency/org.apache.sling.feature.launcher/bin/launcher -f
target/slingfeature-tmp/feature-oak_tar.json
[INFO] 
[INFO] Apache Sling Application Launcher
[INFO] -
[INFO] Initializing...
[INFO] Artifact Repositories: [file:///home/robert/.m2/repository,
https://repo.maven.apache.org/maven2,
https://repository.apache.org/content/groups/snapshots]
[INFO] Assembling final feature model...
[INFO] 
[INFO] Assembling launcher...
[INFO] Using 230 local artifacts, 0 cached artifacts, and 0 downloaded
artifacts
[INFO] 
[INFO] Starting launcher...
[INFO] Launcher Home: /home/robert/sources/apache/sling/org-apache-
sling-starter/launcher
[INFO] Cache Directory: /home/robert/sources/apache/sling/org-apache-
sling-starter/launcher/cache

'Launcher Home' indicates where all the runtime information is stored,
and the logs are found under $LAUNCHER_HOME/logs.

If you prefer, you can set the launcher home be 'sling' for
compatibility

$ target/dependency/org.apache.sling.feature.launcher/bin/launcher -f
target/slingfeature-tmp/feature-oak_tar.json -p sling
(snip)
[INFO] Starting launcher...
[INFO] Launcher Home: /home/robert/sources/apache/sling/org-apache-
sling-starter/sling

Hope this helps,
Robert

CVE-2022-47937: Multiple parsing problems in the Apache Sling Commons JSON module

[Robert Munteanu]

Severity: moderate

Affected versions:

- org.apache.sling.commons.json through 2.0.20

Description:

** UNSUPPORTED WHEN ASSIGNED ** 





Improper input validation in the Apache Sling Commons JSON bundle allows an 
attacker to trigger unexpected errors by supplying specially-crafted input.




NOTE: This vulnerability 
only affects products that are no longer supported by the maintainer




The org.apache.sling.commons.json bundle has been deprecated as of March
 2017 and should not be used anymore. Consumers are encouraged to 
consider the Apache Sling Commons Johnzon OSGi bundle provided by the 
Apache Sling project, but may of course use other JSON libraries.

Credit:

The vulnerability was discovered and reported by BIngDiAn. (finder)

References:

https://issues.apache.org/jira/browse/SLING-6536
https://github.com/apache/sling-org-apache-sling-commons-johnzon
https://sling.apache.org/
https://www.cve.org/CVERecord?id=CVE-2022-47937

Re: Sling 12 issue

[Robert Munteanu]

Hi Rahul,

On Wed, 2023-04-05 at 08:56 +0530, rahul rupani wrote:
> Hi, can anyone help me with turning on or creating a debug port for
> sling
> 12 as I'm having trouble doing it, Thanks.

How are launching Sling?

Thanks,
Robert

Re: Registring Nodetype with Apache Sling / Oak access error

[Robert Munteanu]

Hi Juerg,

On Thu, 2023-01-26 at 17:02 +0100, JCR wrote:
> Hi all,
> 
> I try to register custom nodetypes with Sling 11. This results in an 
> jackrabbit-oak access, however.
> The issue is documented at 
> https://stackoverflow.com/questions/75228033/registring-nodetype-with-apache-sling-oak-access-error
>  
> .
> 
> No answers so far, any hints would be highly appreciated.

For the record, this is the code from the StackOverflow question:

URL cndURL = new URL("http://localhost:8080/path/to/cnd-file;);
boolean result =
NodeTypeLoader.registerNodeType(currentNode.getSession(), cndURL);

I see that you used currentNode.getSession(), what kind of privileges
does the session have?

Also, have you considered using repoinit? See [1] and "register
nodetypes".

Thanks,
Robert

[1]:
https://sling.apache.org/documentation/bundles/repository-initialization.html

[ANN] Apache Sling 12 Released

[Robert Munteanu]

The Apache Sling PMC is pleased to announce the release of Apache
Sling version 12. The release is available for download at

    https://sling.apache.org/downloads.cgi

About Apache Sling
--
Apache Sling™ is a framework for RESTful web-applications based on an
extensible content tree.

In a nutshell, Sling maps HTTP request URLs to content resources based
on the request's path, extension and selectors. Using convention over
configuration, requests are processed by scripts and servlets,
dynamically selected based on the current resource. This fosters
meaningful URLs and resource driven request processing, while the
modular nature of Sling allows for specialized server instances that
include only what is needed.

Sling serves as basis for a variety of applications ranging from
blogging engines all the way to enterprise content management systems.

Release notes
-

The major points of interest for this release are:

* Official support for Java 17
* Update to Oak 1.42.0
* Migration to the Feature Model
* Support for content-package development
* Java API for ordering resources
* Scripting enhancements
* Improvements in run mode support
* Running multiple versions of the same bundle in parallel
* Performance improvements in resource resolution
* Repository maintenance
* OSGi Core R8 compliance

The full release notes are available online at

    https://sling.apache.org/news/sling-12-released.html

Enjoy!

On behalf of the the Apache Sling PMC,
Robert Munteanu 

Re: Sling affected by latest log4j vulnerability?

[Robert Munteanu]

Hello Juerg,

On Mon, 2021-12-13 at 13:56 +0100, JCR wrote:
> https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability
> 
> I don't think so. But there are folks here who know much more about
> the internals...
> 
> Anybody?
> 
> Thanks,
> Juerg

We are working on an official statement to be posted on the Sling
website. In the meantime, we have checked the sling source repos and
there are no traces of log4j2, so user applications should be fine as
long as they do not import log4j2 on their own.

Thanks,
Robert

Re: Stopping Apache Sling Launchpad upon exception in OSGi bundle

[Robert Munteanu]

On Wed, 2021-04-28 at 22:39 +0200, Robert Munteanu wrote:
> Hi Michael,
> 
> On Tue, 2021-04-27 at 14:51 +, Lescisin, Michael wrote:
> > Could someone kindly explain how Sling Launchpad can be
> > reconfigured so
> > that the executable JAR will terminate if
> > org.apache.felix.http.jetty
> > throws a java.net.BindException?
> 
> By looking at the code, it seems that the bundle's activator errors
> out. If that is the case, the org.apache.felix.http.jetty bundle
> should
> not start, and remain in a RESOLVED state.

Sorry, I spoke to soon. Exceptions are caught and logged, so they don't
prevent the bundle from starting.

Thanks,
Robert

Re: Stopping Apache Sling Launchpad upon exception in OSGi bundle

[Robert Munteanu]

Hi Michael,

On Tue, 2021-04-27 at 14:51 +, Lescisin, Michael wrote:
> Could someone kindly explain how Sling Launchpad can be reconfigured so
> that the executable JAR will terminate if org.apache.felix.http.jetty
> throws a java.net.BindException?

By looking at the code, it seems that the bundle's activator errors
out. If that is the case, the org.apache.felix.http.jetty bundle should
not start, and remain in a RESOLVED state.

To validate that, you could write a small bundle with a BundleListener
[1] that checks when the bundle goes through the STARTING -> STOPPING -
> RESOLVED state.

I think this is not fool-proof, because you can't be certain why the
bundle is stopping. A better way would be for the felix http jetty
bundle to expose a way of notifying other bundles when binding fails. 

Thanks,
Robert

[1]:
https://docs.osgi.org/javadoc/osgi.core/7.0.0/org/osgi/framework/BundleListener.html

Re: Kickstart: starting from feature archive without network / maven repo not possible

[Robert Munteanu]

Hi,

On Wed, 2021-04-14 at 12:33 +0200, Dr. Hans-Peter Störr wrote:
> I also tried to switch the kickstarter to the newest
> org.apache.sling.feature.launcher.version , but that didn't help.
> When I try to use the original Sling feature launcher with the FAR
> created by kickstarter, that works to some extend:
> 
> java -jar org.apache.sling.feature.launcher-1.1.19-SNAPSHOT.jar -f
> org.apache.sling.kickstart-0.0.13-SNAPSHOT-oak_tar_far.far -u
> 'jar:file:/app/org.apache.sling.kickstart-0.0.13-SNAPSHOT-
> oak_tar_far.far!'
> 
> This retrieves many artefacts from the FAR but fails when it tries to
> retrieve org.apache.felix.framework-7.0.0.jar . But it seems
> kickstarter doesn't give that option to the sling starter it calls,
> and there also doesn't seem to be an option to kickstarter to set the
> repositories it tries to retrieve artefacts from. (The problem with
> the felix framework version is possibly one it inherits from Sling
> Starter itself - when I grab a org.apache.sling.starter-12-SNAPSHOT-
> oak_tar_far.far from there, the same thing happens.)

Have you tried copying over the felix framework jar to
$HOME/.m2/repository in the container image, or wherever the feature
launcher looks for it?

Thanks,
Robert

Re: Sling/Felix JDBC Connection Pool problem

[Robert Munteanu]

Hi,

On Mon, 2021-03-01 at 10:08 +0100, JCR wrote:
>  Class.forName("org.mariadb.jdbc.Driver");
>  Connection con = 
> DriverManager.getConnection("jdbc:mariadb://localhost:3306/dbdb", 
> "dbuser1", "pwd");

In addition to what others have said, please avoid using Class.forName
in OSGi environments

  https://blog.hargrave.io/2007/09/classforname-caches-defined-class-in.html

Thanks,
Robert

Re: Problem entering debug mode with Eclipse

[Robert Munteanu]

Hi Juerg,

I thought I replied on a similar email you sent to dev@sling, but I
can't find it anymore ... Anyway, reply below

On Fri, 2021-02-26 at 11:00 +0100, JCR wrote:
> > I run Eclipse 2020-03 and Sling 11. When trying to start the server
> > in 
> > debug mode in Eclipse, I get more often than not a 404 and Eclipse 
> > wouldn't connect:
> > 
> >   > org.apache.commons.httpclient.HttpException: Got status code 404 
> > for call to 
> > http://localhost:8080/system/sling/tooling/sourceReferences.json
> > 
> > Checking the repo, there is really nothing there at that location
> > (not 
> > surprising). But strange enough, it sometimes connects in debug mode 
> > despite this missing entry, so I really wonder...
> > 
> > What is missing there and how can it be fixed?

The IDE tooling is supposed to automatically install the 'Tooling
Support Source' bundle for this functionality to work. Can you try
manually downloading it from 

  https://sling.apache.org/downloads.cgi

and installing it in your Sling instance?

Thanks,
Robert

Re: Workflow

[Robert Munteanu]

Hi Nicola,

On Thu, 2021-01-28 at 10:24 +0100, Nicola Cisternino wrote:
> Hi all
> 
> 1) Do you know if there is a bundle (in Vanilla Sling, no AEM) that 
> implements the Workflow logic (better if jBPM ...)

jBPM is OSGi-enabled, according to the documentation [1].


> 2) Do you know if AEM uses jBPM?
> 3) What do you recommend to introduce workflows in a Sling project?

Can't comment on AEM or recommend anything - I did not use workflows so
far.

Thanks,
Robert

[1]: https://docs.jboss.org/jbpm/v5.1/userguide/ch18.html

Re: Repo inconsistent

[Robert Munteanu]

Hi Juerg,

On Sun, 2021-01-31 at 20:47 +0100, JCR wrote:
> Hi
> 
> A SysAdmin removed a number of tar files from repository/tarJournal
> by 
> error from an older CRX instance.
> 
> Now, for certain nodes we get an error message if we try to recreate 
> these nodes, such as:
> 
> "Could not save changes. Received 403 (Forbidden) for saving changes
> in 
> workspace crx.default. failed to retrieve item state of item 
> 5a2d9a6b-3d4c-4069-aeb9-effa464cbef3".
> 
> Is there a way to make this consistent again?

oak-...@jackrabbit.apache.org might be a better audience for this. As
far as I know, deleting tar files is not a recoverable error, unless
they were old results for a repository compation.

Thanks,
Robert

Re: Sling Log Rotation Pattern '.'yyyy-MM-dd-a

[Robert Munteanu]

Hi Yonit,

On Wed, 2021-01-27 at 15:51 +, Yonit David wrote:
> 
> Hi Robert,
> Sorry about that.  Does this work?
> 
> http://sling.apache.org/jcr/sling/1.0;
> xmlns:jcr="http://www.jcp.org/jcr/1.0;
>     jcr:primaryType="sling:OsgiConfig"
>     org.apache.sling.commons.log.file="logs/error.log"
>     org.apache.sling.commons.log.file.number="5"
>     org.apache.sling.commons.log.file.size="'.'-MM-dd-a"/>

Yes :-)

I followed the code paths and found out that we are passing the
parameter to the logback TimeBasedRollingPolicy, see [1].

I don't see anything incorrect here, so not sure what we can do. I
could think of a couple of things you can try to sort this out

a. Start with logback in debug mode by adding -Dlogback.debug=true to
your launch script and see if the pattern used matches your
expectations, e.g. "Configured TimeBasedRollingPolicy with pattern 
..." or if you spot something else going wrong.

b. Try and configure a plain Logback application with the log rotation
pattern and see if that works.

Hope this helps,
Robert

P.S. It would make the conversation easier to follow for me and others
if you would use bottom-posting [2] when replying to emails. Thanks!

[1]: 
https://github.com/apache/sling-org-apache-sling-commons-log/blob/c7d5ac9b2b1ddaae48f3d160b6b001b9f9428059/src/main/java/org/apache/sling/commons/log/logback/internal/LogWriter.java#L200-L211
[2]: https://en.wikipedia.org/wiki/Posting_style#Bottom-posting

Re: Sling Log Rotation Pattern '.'yyyy-MM-dd-a

[Robert Munteanu]

Hi Yonit,

On Wed, 2021-01-27 at 15:43 +, Yonit David wrote:
> Thank you so much for your reply.  Here is my configuration:
> 
> [cid:image002.jpg@01D6F490.D200BCE0]

I am not able to see the image. Can you please resend, in plain text if
at all possible?

Our mailing list viewer has the same problem [1]

Thanks,
Robert

[1]:
https://lists.apache.org/thread.html/r76a17367616515887927a81d410e9cc602ef28bb260b310462df74b1%40%3Cusers.sling.apache.org%3E

Re: Sling Log Rotation Pattern '.'yyyy-MM-dd-a

[Robert Munteanu]

Hi Yonit,

On Fri, 2021-01-22 at 21:00 +, Yonit David wrote:
> Hello!
> 
> Has anyone been successful in getting the sling log rotation pattern
> for twice a day - at noon and at midnight to actually work?  '.'-
> MM-dd-a "
> 
> 
> Other patterns work as expected, but this one seems to just rotate
> once a day at midnight with the addition of AM or PM on the filepath
> instead of actually generating 2 per day.

I haven't tried it myself. Can you share your configuration? Maybe
someone can spot something there. And FWIW, Sling logging configuration
is based on logback [1], so if it works there it should with Sling as
well.

Thanks,
Robert

[1]: https://logback.qos.ch/

Re: Run Sling in debug mode

[Robert Munteanu]

Hi Juerg,

On Sun, 2021-01-10 at 22:23 +0100, JCR wrote:
> Thanks, Paul!
> 
> By the wording here: 
> https://sling.apache.org/documentation/development/slingstart.html#debugging-1
>  
> , I was under the impression that the launchpad.debug option would
> add 
> these parameters implicitly.

That page refers to the slingstart-maven-plugin, not to the launcher
jar itself.

"Since version 1.2.0 of this plugin it is possible to easily start a
Sling server in debug mode..."

So if you're launching the application using the slingstart-maven-
plugin from within a Maven project, you only need to pass -
Dlaunchpad.debug. Otherwise you need to pass the full set of options.

Hope that helps,
Robert

> 
> Works now, thanks a lot!
> Juerg
> 
> On 08.01.21 13:44, Paul Bjorkstrand wrote:
> > Sounds like you are missing the debugging jvm arg:
> > -agentlib:jdwp=transport=dt_socket,address=30303,server=y,suspend=n
> > 
> > Take a look at the debugging
> >   instructions:
> > https://sling.apache.org/documentation/development/getting-and-building-sling.html#debug-sling-in-eclipse-1
> > 
> > Happy debugging!
> > 
> > On Fri, Jan 8, 2021, 06:22 JCR  wrote:
> > 
> > > Hello
> > > 
> > > I tried starting up Sling standalone in debug mode, by either
> > > providing
> > > the debug-param on the command line (java -Dlaunchpad.debug=true
> > > -jar
> > > org.apache.sling.starter-11.jar) and modifying sling.properties
> > > respectively (by adding line launchpad.debug=true). In either
> > > case,
> > > Eclipse is unable to connect, reporting that port 30303 is not
> > > available.
> > > 
> > > What's missing?
> > > 
> > > Thanks,
> > > Juerg
> > > 
> > > 

Re: Datasource selection

[Robert Munteanu]

On Tue, 2020-12-15 at 14:35 +0100, Nicola Cisternino wrote:
> Hi Robert.
> Declarative services are best way ... but i need to use different 
> datasources starting from a (request) payload attribute received from
> a 
> servlet ...
> So I decided to migrate (in a bundle service)  the custom pool engine
> that we used in the old webapp.

I would suggest trying the following (may need adjustment, typing out
of memory):

private Map dataSources = new
ConcurrentHashMap<>();

private BundleContext ctx;

@Activate
void activate(BundleContext ctx) {
  this.ctx = ctx;
}

@Reference(service=DataSource.class, policy = DYNAMIC,
cardinality=MULTIPLE)
void bindDataSource(ServiceReference ref) {
  dataSources.put((String) ref.getProperty("datasource.name"),
ctx.getServiceReference(ref));
}

void unbindDataSource(ServiceReference ref) {
  dataSources.remove((String) ref.getProperty("datasource.name"));
}

This way you get the datasources injected and via SCR and you get to
use the datasource.name as a key. There is probably more defensive
coding needed, but this is what I would use as a starting point.

Thanks,
Robert

> 
> Thanks.
> Nicola.
> 
> Il 12/14/20 12:55 PM, Robert Munteanu ha scritto:
> > Hi Nicola,
> > 
> > On Fri, 2020-12-11 at 16:16 +0100, Nicola Cisternino wrote:
> > > Hi all
> > > 
> > > I'm using Sling Datasource Bundle (org.apache.sling.datasource)
> > > and I
> > > configured two entries named (datasource.name property):
> > > *source1*
> > > and
> > > *source2*.
> > > I can select single datasource using DS annotations:
> > > 
> > > @Reference(target =
> > > "(&(objectclass=javax.sql.DataSource)(datasource.name=*source1*))
> > > ")
> > > private DataSource dataSource;
> > > 
> > > But ... how can I select single datasource programmatically ?
> > How do you select the datasources programatically now?
> > 
> > As a side note, I'd try to stick to declarative services as much as
> > possible as it makes things simpler to write and understand.
> > 
> > Thanks,
> > Robert
> > 
> 

Re: Datasource selection

[Robert Munteanu]

Hi Nicola,

On Fri, 2020-12-11 at 16:16 +0100, Nicola Cisternino wrote:
> Hi all
> 
> I'm using Sling Datasource Bundle (org.apache.sling.datasource) and I
> configured two entries named (datasource.name property): *source1*
> and 
> *source2*.
> I can select single datasource using DS annotations:
> 
> @Reference(target = 
> "(&(objectclass=javax.sql.DataSource)(datasource.name=*source1*))")
> private DataSource dataSource;
> 
> But ... how can I select single datasource programmatically ?

How do you select the datasources programatically now? 

As a side note, I'd try to stick to declarative services as much as
possible as it makes things simpler to write and understand.

Thanks,
Robert

Re: Form Authentication for SPA

[Robert Munteanu]

Hi Nicola,

On Wed, 2020-12-02 at 16:41 +0100, Nicola Cisternino wrote:
> Hi all.
> 
> I am exploring the Sling Form Based AuthenticationHandler 
> <
> https://github.com/apache/sling-org-apache-sling-auth-form/blob/master/src/main/java/org/apache/sling/auth/form/impl/FormAuthenticationHandler.java
> > 
> to understand how use it in a SPA login.
> Documentation 
> <
> https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html
> > 
> says to use (for Ajax calls) the *j_validate* parameter to just
> validate 
> the credentials.
> So the login call would be something like:
> 
> curl -v -F 'j_username=admin' -F 'j_password=admin' -F
> 'j_validate=true' 
> http://localhost:8080/j_security_check
> 
> My questions are:
> 1) Is /j_security_check the correct endpoint for javascript login
> call ?

Yes.

> 2) What are the differences using the /system/sling/login endpoint 
> (servlet) ?

The /system/sling/{login,logout} paths are entry points for browsers.

> 3) What are the "LoginServlet 
> <  
> https://github.com/apache/sling-org-apache-sling-auth-core/blob/master/src/main/java/org/apache/sling/auth/core/impl/LoginServlet.java
> >" 
> and "LogoutServlet 
> <  
> https://github.com/apache/sling-org-apache-sling-auth-core/blob/master/src/main/java/org/apache/sling/auth/core/impl/LogoutServlet.java
> >" 
> intended for?

See above.

> 4) Can I map the login request with a custom endpoint (for example: 
> /ws/login) ?

You can probably mount the SlingLoginServlet at a different path, but I
think it's simplest to redirect/rewrite from an intermediate HTTP
server, such as Apache HTTPd.

> 5) What would be the best way to extend the Form Based 
> AuthenticationHandler functionality making it work with a json
> payload 
> that returns the token in the response (and send it in a X-
> Authorization 
> header) ?

I am not sure about that, maybe someone else on the list knows. I guess
you can always try and write your own authentication handler, but I
have not tried that yet.

Hope this helps,
Robert

Re: Sling Starter 12: for using ehcache 3 : sun.misc.Unsafe not accessible

[Robert Munteanu]

Hi,

On Mon, 2020-10-05 at 09:14 +0200, spiege...@planet.ms wrote:
> Hi!
> 
> "Robert Munteanu"  wrote:
> > I am not sure how clean this solution is, but you might want to add
> > the
> > following to your feature model
> > 
> >   "framework-properties": {
> > "org.osgi.framework.system.packages.extra": "sun.misc"
> >   }
> > 
> > I think you can also set it via the CLI with
> > 
> > -D org.osgi.framework.system.packages.extra=sun.misc
> 
> Thank you, yes,
> -D org.osgi.framework.system.packages.extra=sun.misc
> is a workaround which does help and makes sun.misc.Unsafe3 accessible
> again to the ehcache 3 bundle on Sling Starter 12, though I have an
> uneasy feeling about it. Setting system properties is not a nice
> thing you should have to do when
> deploying an application, and we don't create a feature model for it
> so far.
> 
> This is, however, something different than what happens on Sling 11 -
> now sun.misc is "officially" exported by the felix framework bundle 
> http://localhost:9090/system/console/bundles/0 which it isn't on
> Sling Starter 11. Not sure whether this is good or bad.
> 
> I'm still wondering whether I should open a bug for this, though,
> since that is a sudden change of the behavior when going from 11 to
> 12. I'm not quite sure about that and for which subproject this would
> be. What do you think?

I think you can file this against the Starter. If it's a regression
compared to version 11 we should fix it.

Thanks,
Robert

Re: Sling Starter 12: for using ehcache 3 : sun.misc.Unsafe not accessible

[Robert Munteanu]

Hi Hans-Peter,

On Fri, 2020-10-02 at 12:38 +0200, spiege...@planet.ms wrote:
> Do you have suggestions what to do to allow sun.misc.Unsafe to be
> used by the ehcache 3 bundle?
> Any help would be greatly appreciated!

I am not sure how clean this solution is, but you might want to add the
following to your feature model

  "framework-properties": {
"org.osgi.framework.system.packages.extra": "sun.misc"
  }

I think you can also set it via the CLI with

-D org.osgi.framework.system.packages.extra=sun.misc

Hope this helps,
Robert

Re: new Sling feature launcher: how to set port and control port

[Robert Munteanu]

Hello,

On Wed, 2020-09-30 at 19:34 +0200, spiege...@planet.ms wrote:
> Hi!
> 
> I'm just trying out the latest snapshot of the sling starter (
> https://github.com/apache/sling-org-apache-sling-starter), but I do
> have some trouble. When you use the new Sling feature launcher
> https://github.com/apache/sling-org-apache-sling-feature-launcher
> - how do you set the port and control port, as one does with the -j
> and -p arguments of the Sling launchpad
> https://sling.apache.org/documentation/the-sling-engine/the-sling-launchpad.html
> 
> And, more importantly - where is that documented?
> 
> More generally, it would be very interesting to have the a
> documentation that lists the equivalents of the old launchpad options
> with the new launcher. For instance, it's not clear to me how to best
> stop it now.

The feature launcher is more bare-bones compared to the launchpad, so
there is no control port. The feature launcher documentation is at [1],
but we plan to have a user-oriented documentation by the time of the
Sling Starter 12 release.

For stopping the application, simply stop the running process using
(for Linux) the `kill` command or pressing CTRL-C on the terminal where
the process was lunached.

For setting the jetty HTTP port, you must pass the following argument
to the process

  -D org.osgi.service.http.port=9090

As Andy mentioned, we have an open item to adding kickstart support
[2], which is a more full-featured launcher .

Hope this helps, and let us know if you have more questions.

Thanks,
Robert

[1]: https://github.com/apache/sling-org-apache-sling-feature-launcher
[2]: https://issues.apache.org/jira/browse/SLING-9635

Re: Localized Content

[Robert Munteanu]

Hi Deepak,

On Fri, 2020-09-04 at 15:38 +0530, Deepak Dixit wrote:
> Hi Team,
> 
> How to create localized content using sling?
> 
> I am exploring sling cms app [1], I want to generate the localized
> site
> using sling.
> 
> Is it possible to generate the localized site using sling?

Have you seen the i18n support from Sling?

  
https://sling.apache.org/documentation/bundles/internationalization-support-i18n.html

Thanks,
Robert

Re: How to test other System User Access

[Robert Munteanu]

Hi Cris,

On Wed, 2020-07-08 at 14:59 -0400, Cris Rockwell wrote:
> It looks like JackrabbitAccessControlManager (
> https://jackrabbit.apache.org/oak/docs/security/accesscontrol/editing.html
>   ng.html>) might offer this utility, but so far I’m not able to find
> it in a bundle provided by Sling 12

The AccessControlManager is obtained from a javax.jcr.Session using

  session.getAccessControlManager()

It is usually safe to downcast to a JackrabbitAccessControlManager, if
you need the extra functionality exposes by that interface.

Thanks,
Robert

Re: Add license to package

[Robert Munteanu]

Hi Cris,

On Thu, 2020-06-25 at 12:10 -0400, Cris Rockwell wrote:
> I’m trying to build a JCR package using maven. The config below
> builds the package, but I also get an error related to verify-legal-
> files
> 
> [ERROR] Failed to execute goal org.codehaus.mojo:ianal-maven-
> plugin:1.0-alpha-1:verify-legal-files (verify-legal-files) on project
> org.apache.sling.auth.saml2.example: Artifact does not contain any
> legal files: org.apache.sling.auth.saml2.example-0.2.0.zip -> [Help
> 1]
> 
> 
>   org.apache.jackrabbit
>   filevault-package-maven-plugin
>   true
>   
> SAML2 Example Config, User and ACL Package
> ${project.groupId}
> ${project.version}
> mixed
> 
>   
> /apps/sling/saml2
>   
> 
>   
> 
> 
> How can the license be added to the JCR package?

The plug-in expects that the files names LICENSE and NOTICE are present
in the package. I assume they are not, hence the failure.

One option is to add them manually to the content project by copying
them into whatever directory the plug-in uses for creating the content
package.

If you have a complete build to share, I could look into why they are
not being picked up automatically.

Thanks,
Robert

Re: Intention of dropping WAR support for Sling 12

[Robert Munteanu]

On Tue, 2020-06-02 at 23:10 +0200, Robert Munteanu wrote:
> If WAR support for the Sling Starter is important for you, please let
> us know so we can understand how to best manage this transition.

For the record, no one actually asked for further WAR support, so there
is no plan to create support for WAR artifacts for Sling 12.

Thanks,
Robert

Re: [REQUEST] Release Apache Sling Dynamic Include 4.0.0

[Robert Munteanu]

Hi John,

On Wed, 2020-06-17 at 15:03 +, John Mitchell wrote:
> Hi,
> 
> 7 improvements have been made since the last release:
> 
> https://issues.apache.org/jira/browse/SLING-8255?jql=project%20%3D%20SLING%20AND%20fixVersion%20%3D%20%22Dynamic%20Include%203.2.0%22
> 
> They are tagged in Jira as 3.2.0 – but the release would 4.0.0. due
> to the upgrade of the parent POM in SLING-8192

I guess you mean https://issues.apache.org/jira/browse/SLING-8987,
right?

I was a bit hesitant to bump it to 4.0, since the packages (IMO and
based on discussions with users) are not meant to be imported and
typically not important. Hence I bumped only the major version
component.

> It would be great if these issues could be released.

I will start a release vote early next week at the latest.

Thanks,
Robert

Re: Sling data migrations

[Robert Munteanu]

Hi Carlos,

On Wed, 2020-06-10 at 09:19 -0400, Carlos Munoz wrote:
> Thank you both for the ideas. At this point we are thinking of a
> larger
> changes (more than just property mappings or resource type changes),
> so
> Daniel's approach sounds like a better fit.
> 
> When you say "pull it down" do you mean via the REST Api? If not,
> what
> other way to export the data is there?
> Same question for "reloading"... is this a reload using the REST
> api's
> "import" operation?

One option for download/reupload is using content packages. The
composum package manager should have all that is needed. See [1] for
context.

Some pieces may be missing unless you're in sync with the Sling Starter
12 SNAPSHOT, but working through the composum UI and the WCM.io maven
plugin  should work just fine.

Thanks,
Robert


[1]: https://sling.apache.org/documentation/development/content-packages.html

> 
> On Wed, Jun 10, 2020 at 9:03 AM Daniel Klco  wrote:
> 
> > I agree with Nicolas' approach, however it depends on the scale
> > you're
> > attempting to make changes.
> > 
> > If it's fairly straight forward such as resourceType/a =>
> > resourceType/b or
> > property mapping, Sling Pipes is a great solution. If you need to
> > do a
> > *lot* of
> > changes to the structure if your content, you may be better to pull
> > it
> > down, transform it offline and reload.
> > 
> > On Wed, Jun 10, 2020 at 2:51 AM Nicolas Peltier <
> > npelt...@apache.org>
> > wrote:
> > 
> > > Hi Carlos,
> > > 
> > > one approach (not saying it's the best, i'm the main maintainer
> > > of them)
> > is
> > > to use a handful of sling pipes [0] and script to kick them off,
> > > or as
> > > package hooks.
> > > 
> > > Nicolas
> > > 
> > > [0] 
> > > https://sling.apache.org/documentation/bundles/sling-pipes.html
> > > 
> > > Le mar. 9 juin 2020 à 23:55, Carlos Munoz  a
> > > écrit :
> > > 
> > > > Hi Sling devs, I was wondering what the best approach would be
> > > > to take
> > an
> > > > exisiting repository and making changes to the content
> > > > structure in a
> > > safe
> > > > and repeatable way.
> > > > 
> > > > Thanks in advance!
> > > > 

Intention of dropping WAR support for Sling 12

[Robert Munteanu]

Dear Sling users,

The Apache Sling developers have been discussing migrating the next
Sling release to the feature model. You can read more about the feature
model at [1],[2] and the migration plans at [3].

We are confident that users and developers of Sling alike will be
better served with the feature model.

We will aim to make the transition as seamless as possible for our
users, but there will be some differences at runtime, and the most
important one is that there is no WAR file support.

The concrete impact is that as of Sling 12 you will no longer be able
to download a WAR file of the Sling Starter. The archetypes will also
be tailored for building feature model applications, so no WAR support
there.

You will still have the provisioning model tooling around and the older
archetypes for building your own apps, even if it hasn't seem that much
attention lately.

If WAR support for the Sling Starter is important for you, please let
us know so we can understand how to best manage this transition.

Thanks,

Robert


[1]: https://sling.apache.org/documentation/development/feature-model.html
[2]: https://github.com/apache/sling-org-apache-sling-feature
[3]: 
https://cwiki.apache.org/confluence/display/SLING/Migrating+the+Sling+Starter+to+the+Feature+Model

Re: org.apache.sling.commons.metrics.MetricsService not supporting gauge type

[Robert Munteanu]

On Wed, 2020-05-27 at 00:07 +, Allen Liu wrote:
> Hi Robert,
> Thanks a lot for the info. I was also using MetricRegistry to
> register the gauge metrics. I thought there was a way to add the
> gauge metric using metricsService.
> After looking into the implementation of metricsService, it seems to
> be not trivial to add the gauge registration in the metricsService. 
> 
> So, I will keep my implementation as it is to register gauge metrics
> using MetricRegistry.


While looking futher, it seems that there is Gague support, please see

  https://issues.apache.org/jira/browse/SLING-5966

Can you give this a try and let me know if it works for you?

Thanks,
Robert

Re: org.apache.sling.commons.metrics.MetricsService not supporting gauge type

[Robert Munteanu]

Hi Allen,

On Fri, 2020-05-22 at 20:52 +, Allen Liu wrote:
> Hi all
> 
> I have been using metricsService to add metric instrumentation for
> counter, histogram, meter and timer. However, the metricsService
> doesn’t seem to have a way to add gauge type instrumentation.
> Does anyone know how to add gauge instrumentation using
> metricsService?

You should be able to reference a com.codahale.metrics.MetricRegistry
service directly, and use the raw DropWizard APIs for gauges.

Hope this helps,
Robert

Re: Resource to json serializing

[Robert Munteanu]

On Thu, 2020-05-14 at 09:25 +0200, Carsten Ziegeler wrote:
> I think it makes sense to discuss API options first, to avoid going
> back 
> 
> and forth.

+1. We can do this as a Jira, or via email, but we definitely need to
properly define this, as we're talking about exposing API.

Thanks,
Robert

Re: Resource to json serializing

[Robert Munteanu]

On Wed, 2020-05-13 at 11:45 +0200, JCR wrote:
> And the invoice goes... to the ASF?

If you're looking for someone to invoice I don't think anyone here can
help :-)

> 
> Where can I raise the issue? I don't think I have write access to the
> Sling Jira.

https://issues.apache.org/jira/browse/SLING

Once registered you can definitely create issues.

> And what would be the best approach? Re-activate the
> org.apache.sling.commons.json package?

That package was retired for legal reasons, so it can't be reactivated.
More details are at 

  https://issues.apache.org/jira/browse/SLING-6536

However, it's on Maven Central, and you can deploy it to your instance
if you think it's useful and you judget that the licensing terms are
acceptable to you. However, it is not supported by us.

  https://search.maven.org/search?q=a:org.apache.sling.commons.json

The approach would be to expose a new API to allows consumers to render
objects as JSON (and probably other formats) in the format used by the
DefaultGetServlet and also filter the properties that are rendered.

Thanks,
Robert

> 
> Thanks, Juerg
> 
> On 12.05.2020 17:47, Robert Munteanu wrote:
> > On Tue, 2020-05-12 at 16:09 +0200, JCR wrote:
> > > Thanks Daniel, John,
> > > 
> > > As the app makes high usage of dynamic JCR Node features (based
> > > on
> > > nt:unstructured, mixins, etc), a relatively static sling model
> > > class
> > > seems a bit unpractical, though a typesafe contract would be
> > > desirable,
> > > of course.
> > > 
> > > On the other hand, the JsonItemWriter would almost be ideal but
> > > is
> > > not
> > > present in Sling 11 anymore. Actually, the entire commons.json
> > > package
> > > disappeared. Seemingly, this package has been replaced by Apache
> > > Johnzon
> > > but I cannot find anything equivalent to JsonItemWriter.
> > > 
> > > Anybody aware of its substitute?
> > FWIW, the rendering in the DefaultGetServlet is not accessible to
> > the
> > outside world [1]. I could imagine that we could open on the
> > default
> > renderers in ways that do not break encapsulation.
> > 
> > Feel free to raise an issue if that's interesting to you.
> > Obviously, a
> > PR would be even better :-)
> > 
> > Thanks,
> > Robert
> > 
> > > Thanks,
> > > Juerg
> > > 
> > > 
> > > On 11.05.20 16:39, John Kramer wrote:
> > > > You could also use a JsonItemWriter and write your own servlet
> > > > if
> > > > you want to do it that way:
> > > > 
> > > > https://sling.apache.org/apidocs/sling8/org/apache/sling/commons/json/jcr/JsonItemWriter.html
> > > > 
> > > > 
> > > > John Kramer
> > > > Manager, AEM Engineer
> > > > E-Commerce Web Team
> > > > e: john.kra...@panerabread.com <mailto:john.kra...@panera.com>
> > > > m: 314-435-2370
> > > > 
> > > > On 5/11/20, 08:54, "Daniel Klco"  wrote:
> > > > 
> > > >   Warning:  This email originated from outside of Panera.
> > > > Beware
> > > > of clicking links and attachments.
> > > >
> > > >   
> > > >   Sounds like a use case for Sling Models Exporter:
> > > >   
> > > >   
> > > > https://sling.apache.org/documentation/bundles/models.html#exporter-framework-since-130-1
> > > >   
> > > >   
> > > > https://blogs.perficient.com/2018/07/26/no-servlets-required-exporting-data-with-sling-models/
> > > >   
> > > >   The only caveat is that it's designed for named
> > > > parameters, if
> > > > you really
> > > >   need it to be completely configurable at runtime, I'd
> > > > suggest
> > > > creating a
> > > >   servlet attached to a resource type that filters the
> > > > current
> > > > resources
> > > >   value map and uses Jackson to convert it to a JSON.
> > > >   
> > > >   On Mon, May 11, 2020 at 4:31 AM JCR 
> > > > wrote:
> > > >   
> > > >   > Before I write anything on my own...
> > > >   >
> > > >   > Hello
> > > >   >
> > > >   > There is this convenient .json extension which produces
> > > > a
> > > > JSON
> > > >   > serialization of any given resource in Sling.
> > > >   >
> > > >   > What would be a "best practice" if I only wanted a
> > > > subset of
> > > > all
> > > >   > properties to be serialized on the json stream? That
> > > > is, I
> > > > would like to
> > > >   > provide a "positive" list (lists all props to be
> > > > exported)
> > > > or a
> > > >   > "negative" one (props to be excluded).
> > > >   >
> > > >   > Example: I have props a, b and c on a given
> > > > node/resource
> > > > and only a and
> > > >   > c should appear on the output.
> > > >   >
> > > >   > Thanks for any pattern hint
> > > >   > Juerg
> > > >   >
> > > >   >
> > > >   
> > > > 
> > [1]: 
> > https://github.com/apache/sling-org-apache-sling-servlets-get/blob/master/src/main/java/org/apache/sling/servlets/get/impl/helpers/JsonRenderer.java
> > 

Re: Resource to json serializing

[Robert Munteanu]

On Tue, 2020-05-12 at 16:09 +0200, JCR wrote:
> Thanks Daniel, John,
> 
> As the app makes high usage of dynamic JCR Node features (based on 
> nt:unstructured, mixins, etc), a relatively static sling model class 
> seems a bit unpractical, though a typesafe contract would be
> desirable, 
> of course.
> 
> On the other hand, the JsonItemWriter would almost be ideal but is
> not 
> present in Sling 11 anymore. Actually, the entire commons.json
> package 
> disappeared. Seemingly, this package has been replaced by Apache
> Johnzon 
> but I cannot find anything equivalent to JsonItemWriter.
> 
> Anybody aware of its substitute?

FWIW, the rendering in the DefaultGetServlet is not accessible to the
outside world [1]. I could imagine that we could open on the default
renderers in ways that do not break encapsulation.

Feel free to raise an issue if that's interesting to you. Obviously, a
PR would be even better :-)

Thanks,
Robert

> 
> Thanks,
> Juerg
> 
> 
> On 11.05.20 16:39, John Kramer wrote:
> > You could also use a JsonItemWriter and write your own servlet if
> > you want to do it that way:
> > 
> > https://sling.apache.org/apidocs/sling8/org/apache/sling/commons/json/jcr/JsonItemWriter.html
> > 
> > 
> > John Kramer
> > Manager, AEM Engineer
> > E-Commerce Web Team
> > e: john.kra...@panerabread.com 
> > m: 314-435-2370
> > 
> > On 5/11/20, 08:54, "Daniel Klco"  wrote:
> > 
> >  Warning:  This email originated from outside of Panera. Beware
> > of clicking links and attachments.
> >   
> >  
> >  Sounds like a use case for Sling Models Exporter:
> >  
> >  
> > https://sling.apache.org/documentation/bundles/models.html#exporter-framework-since-130-1
> >  
> >  
> > https://blogs.perficient.com/2018/07/26/no-servlets-required-exporting-data-with-sling-models/
> >  
> >  The only caveat is that it's designed for named parameters, if
> > you really
> >  need it to be completely configurable at runtime, I'd suggest
> > creating a
> >  servlet attached to a resource type that filters the current
> > resources
> >  value map and uses Jackson to convert it to a JSON.
> >  
> >  On Mon, May 11, 2020 at 4:31 AM JCR  wrote:
> >  
> >  > Before I write anything on my own...
> >  >
> >  > Hello
> >  >
> >  > There is this convenient .json extension which produces a
> > JSON
> >  > serialization of any given resource in Sling.
> >  >
> >  > What would be a "best practice" if I only wanted a subset of
> > all
> >  > properties to be serialized on the json stream? That is, I
> > would like to
> >  > provide a "positive" list (lists all props to be exported)
> > or a
> >  > "negative" one (props to be excluded).
> >  >
> >  > Example: I have props a, b and c on a given node/resource
> > and only a and
> >  > c should appear on the output.
> >  >
> >  > Thanks for any pattern hint
> >  > Juerg
> >  >
> >  >
> >  
> > 

[1]: 
https://github.com/apache/sling-org-apache-sling-servlets-get/blob/master/src/main/java/org/apache/sling/servlets/get/impl/helpers/JsonRenderer.java

dev@sling too noisy? ( was: Sling Slack Channel)

[Robert Munteanu]

(Note subject change and moving ofer to dev@sling, please keep relies
there).

On Thu, 2020-04-23 at 09:47 +0200, Bertrand Delacretaz wrote:
> Hi,
> 
> On Wed, Apr 22, 2020 at 9:00 PM Sergiu Dumitriu  > wrote:
> > ...There is indeed a volume issue, and personally I think it's from
> > the
> > fact that the list doesn't contain just direct email discussions,
> > but
> > also all notifications from github and jira...
> 
> Those should be easy to filter to different mail folders if you need
> that - or is there something missing to do that?

Well, I do filter those. Question is whether there is something that we
want to ask everyone to do? We currently have dev@ and commits@, which
contain:

dev@
- VOTE threads
- Discussions
- JIRA activity
- GitHub pull request activity
- Jenkins notifications

commits@
- github activity (well, via gitbox)
- Nexus Staging activity
- SVN commits ( dist.apache.org )

My assumption would be that too much 'noisy' traffic on dev@ is not
welcoming to contributors. An idea would be to reshuffle move over some
things from dev@ to commits@ .

Thanks,
Robert

Re: Sling Slack Channel

[Robert Munteanu]

Hi Cris,

On Tue, 2020-04-21 at 12:07 -0400, Cris Rockwell wrote:
> I’ve read thread [1] and have a few observations:
> 
> 1. It happened on the Sling Dev email list. Sling Dev has too many
> daily emails. The context and substance of most messages are
> difficult to understand unless you’re already fully entrenched. I
> unsubscribed pretty quick. It is not the best platform for all
> collaboration across the project community.

That's good feedback, thank you. What would you suggest to make this
list friendlier to those how are not fully entrenched? Is it volume? Is
it lack of response to 'simpler' questions? Something else?

> 2. To summarize the respondents of thread [1] every non-Adobe
> responder in the thread wanted Slack. Adobe already has a company
> chat platform. More collaboration across organizational boundaries
> would be a good thing for the project.

Like Carsten said, I don't think that's a fair characterisation. In my
(personal, biased) opinion, the contributors from Adobe are the least
susceptible ones of using direct messaging inside Adobe to discuss
Sling issues.

Looks a lot like https://en.wikipedia.org/wiki/Ad_hominem . If you
disagree with the arguments that were brought up, please do so. But
let's keep the people out of this.


> 3. There was no vote. Why don’t we use the decision making process
> for Apache Software Foundation projects [2]?
> 
> Let’s put it to a vote and let the Sling Users have a say. Respond
> with +1 if you want a Slack Workspace for the Sling Community. Of
> course use of Slack is optional, so there is no need to vote against.
> Don’t join unless you want to!

I'm not sure putting it to a vote is the best way of doing that. There
were arguments against the Slack channel that were not discussed
further. The decision-making-process from your link indicates that

   This process is called "consensus gathering" and we consider it a
   very important indication of a healthy community.

Note that consensus != majority != unanimity.

That being said, if you think that a Slack channel is a good asset for
the Sling community, feel free to start one and make use of it. It
would be interesting to see how this evolves in the long run.

Just be aware that - as the thread on dev@sling indicates - that a
significant amount of Sling contributors prefer asychronous
communication and will likely not be great contributors to a Slack
channel.

Thanks,
Robert

> 
> Cris Rockwell
> Applications Architect Sr  
> College of Literature, Science, and the Arts | University of
> Michigan 
> LSA Technology Services | 301 E Liberty Suite 500 | Ann Arbor, MI
> 48104
> Desk: 734.763.6818 | Email: cmroc...@umich.edu  cmroc...@umich.edu>
> 
> [2]:  
> https://www.apache.org/foundation/how-it-works.html#decision-making <
> https://www.apache.org/foundation/how-it-works.html#decision-making>
> 
> 
> 
> 
> > On Apr 20, 2020, at 4:04 AM, Robert Munteanu  > <mailto:romb...@apache.org>> wrote:
> > 
> > Hi Cris,
> > 
> > On Sat, 2020-04-18 at 11:03 -0400, Cris Rockwell wrote:
> > > Hi Sling Users
> > > 
> > > Is there a community chat platform like Slack or gitter for Sling
> > > users and developers?
> > 
> > Not at the moment. See also [1] where we had this discussion and
> > eventually abandoned the idea.
> > 
> > Thanks,
> > Robert
> > 
> > [1]: 
> > https://lists.apache.org/thread.html/r19665a94cb17d9b7607eb9c5fe4c91cfa1df8eed55219f2db9b53f05%40%3Cdev.sling.apache.org%3E
> > <
> > https://lists.apache.org/thread.html/r19665a94cb17d9b7607eb9c5fe4c91cfa1df8eed55219f2db9b53f05%40%3Cdev.sling.apache.org%3E
> > >
> > 
> > > Cris 
> > > 

Re: Sling Slack Channel

[Robert Munteanu]

Hi Cris,

On Sat, 2020-04-18 at 11:03 -0400, Cris Rockwell wrote:
> Hi Sling Users
> 
> Is there a community chat platform like Slack or gitter for Sling
> users and developers?

Not at the moment. See also [1] where we had this discussion and
eventually abandoned the idea.

Thanks,
Robert

[1]: 
https://lists.apache.org/thread.html/r19665a94cb17d9b7607eb9c5fe4c91cfa1df8eed55219f2db9b53f05%40%3Cdev.sling.apache.org%3E

> 
> Cris 
> 

Re: Cannot build bundle in Sling IDE

[Robert Munteanu]

On Thu, 2020-03-26 at 09:09 +0100, JCR wrote:
> 
> On 24.03.2020 17:37, JCR wrote:
> > On 24.03.20 12:11, Robert Munteanu wrote:
> > > On Mon, 2020-03-23 at 21:47 +0100, JCR wrote:
> > > > > No, no error log entries present and I cannot find a 
> > > > > $HOME/.m2
> > > > > directory at all. What is $HOME referfing to? Workspace root?
> > > > > There
> > > > > are settings.xml only in the file vaults.
> > > > > Perhaps additional info: both, the Sling11 and the Eclipse
> > > > > installation run on Ubuntu V18.04. May be an installation
> > > > > issue?
> > > Sorry, I mean to ask for the location of the Maven settings file
> > > [1].
> > > The user file should be under /home/$YOURUSER/.m2/settings.xml .
> > > If not
> > > present, the default is used. Do you have a custom maven settings
> > > file?
> > > 
> > > > I found something suspicious when starting up Eclipse (before I
> > > > checked
> > > > errors from the wizard only):
> > > > 
> > > > !ENTRY org.eclipse.equinox.p2.metadata.repository 4 1000 2020-
> > > > 03-23
> > > > 19:33:09.453
> > > > !MESSAGE No repository found at
> > > > jar:file:/home/juerg/Downloads/sling-maven-plugin-2.4.2.jar!/.
> > > > 
> > > > !ENTRY org.eclipse.equinox.p2.repository 2 0 2020-03-23
> > > > 19:34:00.220
> > > > !MESSAGE Server returned lastModified <= 0 for
> > > > http://pirbot.com/mirrors/apache/sling/eclipse/1.2.2/content.jar
> > > > 
> > > > !ENTRY org.eclipse.equinox.p2.metadata.repository 4 1002 2020-
> > > > 03-23
> > > > 19:34:01.859
> > > > !MESSAGE Unable to read repository at
> > > > http://pirbot.com/mirrors/apache/sling/eclipse/1.2.2/.
> > > > !STACK 0
> > > > java.io.IOException:
> > > > http://pirbot.com/mirrors/apache/sling/eclipse/1.2.2/ is not a
> > > > valid
> > > That seems a bit off, but it's p2 - the Eclipse plugin management
> > > system, and not Maven.
> > > 
> > > Can you try running the following command from the CLI?
> > > 
> > >mvn archetype:generate -Dfilter=org.apache.sling:sling-bundle-
> > > archetype
> > > 
> > > It should print an entry for the sling-bundle-archetype, such as
> > > 
> > > 1: remote -> org.apache.sling:sling-bundle-archetype (Maven
> > > archetype
> > > for a generic OSGi bundle.)
> > > 
> > > Thanks,
> > > Robert
> > > 
> > I don't have a  /home/$YOURUSER/p2/settings.xml directory (if it's
> > that what you meant (neither a .p2)).
> > 
> > I did not manage to execute above command through CLI, what would I
> > need to do exactly? But I get the expected result 
> > when executing in the Linux shell.
> > Additionally, for the Maven preferences,  I can't find anything
> > "slingy" at all, including under archetypes, don't 
> > know if that's okay? The path in the user settings to $HOME/.m2
> > seems okay.
> > 
> > Thanks,
> > Juerg
> > 
> Resolved: I completely re-installed eclipse and the Sling plugin, and
> it's working miraculously. Sometimes the last exit 
> works.
> Thanks to Robert anyway!

Happy to hear that!

Have fun :-)

Robert

Re: Cannot build bundle in Sling IDE

[Robert Munteanu]

On Mon, 2020-03-23 at 21:47 +0100, JCR wrote:
> > No, no error log entries present and I cannot find a  $HOME/.m2 
> > directory at all. What is $HOME referfing to? Workspace root?
> > There 
> > are settings.xml only in the file vaults.
> > Perhaps additional info: both, the Sling11 and the Eclipse 
> > installation run on Ubuntu V18.04. May be an installation issue?

Sorry, I mean to ask for the location of the Maven settings file [1].
The user file should be under /home/$YOURUSER/.m2/settings.xml . If not
present, the default is used. Do you have a custom maven settings file?

> I found something suspicious when starting up Eclipse (before I
> checked 
> errors from the wizard only):
> 
> !ENTRY org.eclipse.equinox.p2.metadata.repository 4 1000 2020-03-23 
> 19:33:09.453
> !MESSAGE No repository found at 
> jar:file:/home/juerg/Downloads/sling-maven-plugin-2.4.2.jar!/.
> 
> !ENTRY org.eclipse.equinox.p2.repository 2 0 2020-03-23 19:34:00.220
> !MESSAGE Server returned lastModified <= 0 for 
> http://pirbot.com/mirrors/apache/sling/eclipse/1.2.2/content.jar
> 
> !ENTRY org.eclipse.equinox.p2.metadata.repository 4 1002 2020-03-23 
> 19:34:01.859
> !MESSAGE Unable to read repository at 
> http://pirbot.com/mirrors/apache/sling/eclipse/1.2.2/.
> !STACK 0
> java.io.IOException: 
> http://pirbot.com/mirrors/apache/sling/eclipse/1.2.2/ is not a valid 

That seems a bit off, but it's p2 - the Eclipse plugin management
system, and not Maven.

Can you try running the following command from the CLI?

  mvn archetype:generate -Dfilter=org.apache.sling:sling-bundle-archetype

It should print an entry for the sling-bundle-archetype, such as

1: remote -> org.apache.sling:sling-bundle-archetype (Maven archetype
for a generic OSGi bundle.)

Thanks,
Robert

Re: Cannot build bundle in Sling IDE

[Robert Munteanu]

Hello Juerg,

On Mon, 2020-03-23 at 16:16 +0100, JCR wrote:
> Hello
> 
> I installed the Sling IDE Tools V. 1.2.2 on Eclipse build 2019-03.
> 
> Trying to create a new bundle, I did --> File--> New --> Other -->
> Sling --> Sling Bundle Project
> 
> In the wizard, I press Next> and the next page comes up with message
> "No suitable archetypes found. Please make sure 
> that the proper maven repositories are configured and indexes are up
> to date." The respective Archetype dropdown in the 
> wizard is empty.

Do you have any custom settings in $HOME/.m2/settings.xml? 

Do you have anything that stands out in the Eclipse Error Log view?

Thanks,
Robert

Re: Composum 1.7 Packaging: JcrPackageManager acquired w/o service!

[Robert Munteanu]

Hi Cris,

On Mon, 2020-03-16 at 15:47 -0400, Cris Rockwell wrote:
> Hi all
> 
> Peregrine CMS uses the Sling 9 launchpad and adds
> org.apache.jackrabbit.vault version 3.2.0. When I try using Composum
> Packaging (1.7) (http://localhost:8080/bin/packages.html <
> http://localhost:8080/bin/packages.html>;) there are log messages
> similar to what is discussed here
> https://issues.apache.org/jira/browse/JCRVLT-285 <
> https://issues.apache.org/jira/browse/JCRVLT-285>  and here 
> https://helpx.adobe.com/experience-manager/kb/error-message--jcrpackagemanager-acquired-w-o-service--alternate.html
> <
> https://helpx.adobe.com/experience-manager/kb/error-message--jcrpackagemanager-acquired-w-o-service--alternate.html
> >
> 
> 
> 16.03.2020 14:13:53.764 *INFO* [0:0:0:0:0:0:0:1 [1584382433759] GET
> /bin/packages.header.html/lsa/lsa-full-package-2.1.zip HTTP/1.1]
> org.apache.jackrabbit.vault.packaging.PackagingService
> JcrPackageManager acquired w/o service! Alternate package roots will
> not be respected.

I would recommend checking if the latest version of composum fixes
this. If it does not, please file a bug report with them.

Thanks,
Robert

Re: OIDC or SAML2 for Sling

[Robert Munteanu]

Hi Cris,

I am away until 9/3, I'll only be able to look into this then. Thanks!
Robert

Sent from Nine

From: Cris Rockwell 
Sent: Monday, 24 February 2020 19:07
To: users@sling.apache.org
Subject: Re: OIDC or SAML2 for Sling

Hi Robert 

I sent an email to d...@sling.apache.org <mailto:d...@sling.apache.org> on 
2/20/2020, but I can’t find my message in the Dev Sling Mail Archive 
<http://apache-sling.73963.n3.nabble.com/template/NamlServlet.jtp?macro=search_page=73966=SAML2=0>….
 Maybe this email group only allows messages from certain approved people. 
Whatever the reason, I’m responding to you again over Sling Users. 

I continue my work on to donate 'SAML2 Authentication Handler for Apache Sling’ 
to the Apache Sling Whiteboard. The project is  is located at... 
https://github.com/cmrockwell/sling-whiteboard-saml/tree/sling-saml2-service-provider/saml-handler
 
<https://github.com/cmrockwell/sling-whiteboard-saml/tree/sling-saml2-service-provider/saml-handler>
 

1. the implementation of the sample project 
<https://bitbucket.org/srasmusson/webprofile-ref-project-v3/src/master/> from A 
Guide to OpenSAML V3 eBook <https://payhip.com/b/41Tw> is added and functional 
as an AuthenticationHandler within Apache Sling, I will open a PR. I can 
recommend this book to anyone looking for a useful and concise primer for the 
OpenSAML V3 Java library. 
2. next I will try to make use of the Default Sync Handler 
<https://jackrabbit.apache.org/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DefaultSyncHandler.html>
 to manage group membership and user attributes 
3. also on the todo list, the HTTP POST binding vs SOAP Binding. The 
implementation in step 1 uses SOAP bindings 

It would be an honor if any you experienced Sling developers and security 
professionals would review and contribute your thoughts. 

Best regards 
Cris Rockwell 
Applications Architect Sr  
College of Literature, Science, and the Arts | University of Michigan 
LSA Technology Services | 6503 Haven Hall | 505 S. State Street | Ann Arbor, MI 
I 48109 
Desk: 734.763.6818 | Email: cmroc...@umich.edu 



> On Feb 17, 2020, at 5:32 AM, Robert Munteanu  wrote: 
> 
> Hi Cris, 
> 
> (Feel free to send back to dev@sling as well, replying privately as you 
> wrote privately). 
> 
> The POM looks good to me. I would suggest moving to the latest parent 
> bundle ( sling-bundle-parent 37 I think ) as it gives you Java 11 
> support and better tooling. 
> 
> Also, we should not introduce new Maven repositories as part of our 
> bundles, since that does not work for every setup. For instance, 
> building behind a 'catch-all' Maven mirror that does not have the 
> custom repository set up will fail. I see that the artifacts you 
> referenced are already on Maven Central, so it's probably just a 
> leftover. 
> 
> As to your choice of library, I think that is fine. I am not very much 
> aware of the current landscape anyway, but as long as the license is 
> fine, it does what we need and has a reasonable community behind it, 
> all is well. 
> 
> What I think would also be helpful is a high-level diagram/explanation 
> of the goals of the bundle, e.g. 
> 
> - will allow Sling applications to authenticate users against Oauth2 
> servers such as  
> - will allow sync of user attributes from OIDC providers such as ... 
> 
> (I may have gotten these totally wrong due to my lack of knowledge: -) 
> ) 
> 
> Thanks! 
> 
> Robert 
> 
> 
> On Fri, 2020-02-14 at 16:33 -0500, Cris Rockwell wrote: 
>> Hi Robert 
>> 
>> I’ve just started the project. Perhaps you can advise about the 
>> project setup. 
>> 
>> The pom.xml 
>> https://github.com/cmrockwell/sling-whiteboard/blob/sling-saml2-service-provider/saml-handler/pom.xml
>>  
>> <https://github.com/cmrockwell/sling-whiteboard/blob/sling-saml2- 
>> service-provider/saml-handler/pom.xml> 
>> 
>> One test 
>> https://github.com/cmrockwell/sling-whiteboard/blob/sling-saml2-service-provider/saml-handler/src/test/java/org/apache/sling/auth/saml2/JCETest.java
>>  
>> <https://github.com/cmrockwell/sling-whiteboard/blob/sling-saml2- 
>> service-provider/saml- 
>> handler/src/test/java/org/apache/sling/auth/saml2/JCETest.java> 
>> 
>> Regards 
>> Cris Rockwell 
>> Application Architect Senior 
>> College of Literature, Science, and the Arts | University of 
>> Michigan 
>> LSA Technology Services | 6503 Haven Hall, 505 S. State Street, Ann 
>> Arbor MI 48109 
>> p: 734.763.6818 
>> 
>> 
>> 
>> 
>>> On Feb 13, 2020, at 1:16 PM, Cris Rockwell  
>>> wrote: 
>>> 
>>> Tha

Re: OIDC or SAML2 for Sling

[Robert Munteanu]

Hi Cris,

I would be very happy to see OIDC/SAML2 support in Sling. As mentioned,
there were a couple of initiatives, but none of them completed.

If anyone decides to give the implementation a shot, it would be
important to:

- use vetted libraries that do the bulk of the work. I think this was a
problem with some of the earlier approaches
- develop as much in the open as possible. The sling whiteboard is a
good option, also a personal repo is ok if the intention is to
contribute to Sling
- make the module easy to test and incorporate in the Sling starter

I am available to review and incorporate this contribution, and
definitely there are others around.

Thanks,
Robert

On Wed, 2020-02-12 at 16:27 -0500, Cris Rockwell wrote:
> Hi Robert
> 
> I would like to follow up with you about adding SAML2 SP (Service
> Provider) support to Apache Sling.
> 
> Our team reviewed security requirements with the leading identity
> provider (IDP) administrator at the University. His suggestion was to
> use SAML2 (or OIDC) and skip the LDAP authentication idea. We have
> been using SAML2 for many years with other applications. It seems
> SAML2 for open and closed source Java Enterprise applications is very
> common, so I feel good about requesting SAML2 SP support for Apache
> Sling. 
> 
> To start, I am studying the eBook OpenSAML V3 mentioned on the
> Shibboleth website <
> https://wiki.shibboleth.net/confluence/display/OS30/Home>;. The eBook
> discusses a sample project <
> https://bitbucket.org/srasmusson/webprofile-ref-project-v3/src/master/
> > and covers various aspects of using OpenSaml3 Java library.
> 
> * Authentication request using HTTP Redirect Binding 
> * Assertion transported using HTTP Artifact Binding 
> * SAML Artifact transported using HTTP Redirect Binding
> 
> If you or others have thoughts or recommendations for me about how to
> make this happen, please let me know. 
> 
> Thanks
> Cris Rockwell, App Sys Analyst/Programmer Sr  
> College of Literature, Science, and the Arts | University of
> Michigan 
> LSA Technology Services | 6503 Haven Hall | 505 S. State Street | Ann
> Arbor, MI I 48109
> Desk: 734.763.6818 | Email: cmroc...@umich.edu
> 
> 
> 
> 
> 
> 
> 
> > On Dec 19, 2019, at 12:00 PM, Robert Munteanu 
> > wrote:
> > 
> > Hi Cris,
> > 
> > Hopefully the LDAP authentication will fulfill your requirements.
> > Once
> > you're done, it would be interesting to discuss (privately, if you
> > prefer) what gaps you identified in the authentication support we
> > offer.
> > 
> > Thanks,
> > Robert
> > 
> > On Thu, 2019-12-12 at 09:45 -0500, Cris Rockwell wrote:
> > > Hi Robert
> > > 
> > > Thank you for your offer to guide an OIDC and/or SAML2 Sling
> > > Authentication Handler implementation. Long term, I could also
> > > see
> > > contributing to a peer reviewed initiative to securely add the
> > > features to Sling applications. After some thought, I might
> > > follow up
> > > with you about this out of band.
> > > 
> > > In the short run, perhaps Oak’s LDAP authentication will support
> > > the
> > > features we need. 
> > > https://jackrabbit.apache.org/oak/docs/security/authentication/ldap.html
> > > <https://jackrabbit.apache.org/oak/docs/security/authentication/
> > > ldap.html>
> > > <
> > > https://jackrabbit.apache.org/oak/docs/security/authentication/ldap
> > > <
> > > https://jackrabbit.apache.org/oak/docs/security/authentication/ldap
> > > >
> > > .html>
> > > https://jackrabbit.apache.org/oak/docs/security/authentication/externalloginmodule.html
> > > <https://jackrabbit.apache.org/oak/docs/security/authentication/
> > > externalloginmodule.html>
> > > <
> > > https://jackrabbit.apache.org/oak/docs/security/authentication/exte
> > > rnalloginmodule.html>
> > > 
> > > Thanks all.
> > > Cris R
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > 
> > > > On Dec 11, 2019, at 11:58 AM, Robert Munteanu <
> > > > romb...@apache.org>
> > > > wrote:
> > > > 
> > > > On Wed, 2019-12-11 at 11:38 -0500, Cris Rockwell wrote:
> > > > > "What exactly would you need to manage JCR-based controls? I
> > > > > would
> > > > > imagine that mapping users to JCR groups based on whatever
> > > > > data
> > > > > your
> > > > > ide

Dynamic Include - proposal to remove all package exports

[Robert Munteanu]

Hi,

While moving the Sling Dynamic Include module to use the new OSGi
annotations, I noticed that the annotation caused breaking changes,
since almost all packages are exported.

That looked suspicious to me, as I think the SDI bundle it intended to
be dropped in and configured, not reused programatically.

I propopsed dropping all package exports in [1], so that from the next
version it will not be possible to access the code at all.

If you are using the SDI bundle _and_ import code from it, please join
the conversation at [1]. There is also an open PR with the proposed
changes at [2].

I'll wait until 20/1 to merge the changes.

Thanks!
Robert


[1]: https://issues.apache.org/jira/browse/SLING-8987

Re: OIDC or SAML2 for Sling

[Robert Munteanu]

Hi Cris,

Hopefully the LDAP authentication will fulfill your requirements. Once
you're done, it would be interesting to discuss (privately, if you
prefer) what gaps you identified in the authentication support we
offer.

Thanks,
Robert

On Thu, 2019-12-12 at 09:45 -0500, Cris Rockwell wrote:
> Hi Robert
> 
> Thank you for your offer to guide an OIDC and/or SAML2 Sling
> Authentication Handler implementation. Long term, I could also see
> contributing to a peer reviewed initiative to securely add the
> features to Sling applications. After some thought, I might follow up
> with you about this out of band.
> 
> In the short run, perhaps Oak’s LDAP authentication will support the
> features we need. 
> https://jackrabbit.apache.org/oak/docs/security/authentication/ldap.html
> <https://jackrabbit.apache.org/oak/docs/security/authentication/ldap
> .html>
> https://jackrabbit.apache.org/oak/docs/security/authentication/externalloginmodule.html
> <https://jackrabbit.apache.org/oak/docs/security/authentication/exte
> rnalloginmodule.html>
> 
> Thanks all.
> Cris R
> 
> 
> 
> 
> 
> 
> 
> 
> 
> > On Dec 11, 2019, at 11:58 AM, Robert Munteanu 
> > wrote:
> > 
> > On Wed, 2019-12-11 at 11:38 -0500, Cris Rockwell wrote:
> > > "What exactly would you need to manage JCR-based controls? I
> > > would
> > > imagine that mapping users to JCR groups based on whatever data
> > > your
> > > identity solution provides and then creating access based on ACLs
> > > only
> > > would satisfy your request."
> > > 
> > > 
> > > We need to manage a few things at the identity provider:
> > > 1. User attributes: username, name, email, phone, maybe a few
> > > other
> > > pieces of data about the user.
> > > 2. Group membership
> > > 
> > > When the user signs in, with SAML2 there is encrypted metadata
> > > which
> > > contains that information. Upon sign in, Sling users should be
> > > created, their user attributes updated and the user should be
> > > added
> > > or removed from Sling group membership. Once the user has signed
> > > in,
> > > then access is granted as usual using JCR-based ACL’s applied for
> > > the
> > > groups.
> > 
> > Right, I see that there is no support for that in the keycloak
> > handler,
> > as it was presented [1].
> > 
> > I don't think there is any out-of-the-box support for what you're
> > looking for.
> > 
> > I would be happy to guide anyone willing to implement such
> > functionality though.
> > 
> > Thanks,
> > Robert
> > 
> > 
> > [1]: 
> > https://github.com/netdava/adapt-to-2018-keycloak-sling-presentation/tree/master/adapt-to-2018-sling-keycloak/org-apache-sling-auth-keycloak
> > <
> > https://github.com/netdava/adapt-to-2018-keycloak-sling-presentation/tree/master/adapt-to-2018-sling-keycloak/org-apache-sling-auth-keycloak
> > >

Re: OIDC or SAML2 for Sling

[Robert Munteanu]

On Wed, 2019-12-11 at 11:38 -0500, Cris Rockwell wrote:
> "What exactly would you need to manage JCR-based controls? I would
> imagine that mapping users to JCR groups based on whatever data your
> identity solution provides and then creating access based on ACLs
> only
> would satisfy your request."
> 
> 
> We need to manage a few things at the identity provider:
> 1. User attributes: username, name, email, phone, maybe a few other
> pieces of data about the user.
> 2. Group membership
> 
> When the user signs in, with SAML2 there is encrypted metadata which
> contains that information. Upon sign in, Sling users should be
> created, their user attributes updated and the user should be added
> or removed from Sling group membership. Once the user has signed in,
> then access is granted as usual using JCR-based ACL’s applied for the
> groups.

Right, I see that there is no support for that in the keycloak handler,
as it was presented [1].

I don't think there is any out-of-the-box support for what you're
looking for.

I would be happy to guide anyone willing to implement such
functionality though.

Thanks,
Robert


[1]: 
https://github.com/netdava/adapt-to-2018-keycloak-sling-presentation/tree/master/adapt-to-2018-sling-keycloak/org-apache-sling-auth-keycloak

Re: OIDC or SAML2 for Sling

[Robert Munteanu]

Hi Cris,

On Tue, 2019-12-10 at 17:33 -0500, Cris Rockwell wrote:
> Hello Sling Users
>  
> Does anyone know of a solution for SSO for Apache Sling using OIDC,
> OAuth2 or SAML2 using JCR-based access controls, user creation and
> attribute synchronization, and group membership?
> 
> This one looks interesting, but is it dead?
> https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/openid-authenticationhandler.html
>  engine/authentication/authentication-authenticationhandler/openid-
> authenticationhandler.html>

This was was OpenID, not OpenID connect, so not applicable to your
scenario. Also dead.

> 
> This student project looks interesting, so is our best resource?
> https://github.com/apache/sling-whiteboard/pull/14 <
> https://github.com/apache/sling-whiteboard/pull/14>
> https://medium.com/@hasiniwitharana/gsoc-2018-openid-connect-relying-party-implementation-for-apache-sling-635ea1e9b45e
>  relying-party-implementation-for-apache-sling-635ea1e9b45e>
> https://cwiki.apache.org/confluence/display/SLING/Instructions+to+setup+the+OIDC+flow
>  etup+the+OIDC+flow>
> https://github.com/apache/sling-whiteboard/tree/master/oidc-handler <
> https://github.com/apache/sling-whiteboard/tree/master/oidc-handler>
> 

This one is incomplete and not reviewed for security, so I would advise
against using it.

> There is this presentation about Keycloak, but as stated I’m looking
> to manage access controls on the content. 
> https://adapt.to/2018/en/schedule/modern-authentication-in-sling-with-openid-connect-and-keycloak.html
>  with-openid-connect-and-keycloak.html>


What exactly would you need to manage JCR-based controls? I would
imagine that mapping users to JCR groups based on whatever data your
identity solution provides and then creating access based on ACLs only
would satisfy your request.

Thanks,
Robert

2020 ASF Community Survey

[Robert Munteanu]

Hello everyone, 

If you have an apache.org email, you should have received an email with
an invitation to take the 2020 ASF Community Survey. Please take 15
minutes to complete it.
 
If you do not have an apache.org email address or you didn’t receive a
link, please follow this link to the survey:

  https://communitysurvey.limequery.org/454363

This survey is important because it will provide us with scientific
information about our community, and shed some light on how we can
collaborate better and become more diverse. Our last survey of this
kind was implemented in 2016, which means that our existing data about
Apache communities is outdated. The deadline to complete the survey is
January 4th, 2020. You can find information about privacy on the
survey’s Confluence page [1].

Your participation is paramount to the success of this project! Please
consider filling out the survey, and share this news with your fellow
Apache contributors. As individuals form the Apache community, your
opinion matters: we want to hear your voice. 

If you have any questions about the survey or otherwise, please reach
out to us!

Kindly, 
ASF Diversity & Inclusion
https://diversity.apache.org/


[1] 
https://cwiki.apache.org/confluence/display/EDI/Launch+Plan+-+The+2020+ASF+Community+Survey
 

Re: [osgi] models as adapters

[Robert Munteanu]

Hi Nicolas,

On Mon, 2019-11-18 at 16:15 +0100, Nicolas Peltier wrote:
> Hi,
> 
> i have the following use case:
> - my bundle has a model A, and a long running thread, using
> .adaptTo(A.class) from a resource,
> - when upgrading my bundle with thread still running there is a
> period when
> above adaptTo will return null
> 
> if it is "okay", and i should detect bundle status in my thread, my
> question is how best should i do that?
> If not, i guess, i'll dive deeper in models implementation :)

If you're waiting for a certain adaptTo call to become valid you can
use the Adaption service [1].

Robert

[1]: 
https://github.com/apache/sling-org-apache-sling-adapter/blob/master/src/main/java/org/apache/sling/adapter/Adaption.java

Re: Request to become contributor

[Robert Munteanu]

Hi Saurabh,

On Wed, 2019-08-21 at 10:52 +0530, Saurabh Tiwari wrote:
> Hello team,
> I would like to contribute to Apache Sling.
> Kindly provide me access to Sling Confluence wiki, and Jira.
> 
> I have signed my ICLA, can be found here
> https://people.apache.org/unlistedclas.html

It's great that you are looking to contribute to Sling, we are always
happy to see new contributors :-)

> Here are my details -
> Name -Saurabh Tiwari
> Confluence ID - tsaurabh
> Jira ID - tsaurabh
> 
> Please let me know if any additional information is required.

It's good that you're registered for Jira and Confluence. Additionally,
I suggest that you also register on GitHub (although you probably
already did).

To contribute you actually need nothing more :-) See [1] for some
details regarding Jira/Github/etc. I'd encourage you to:

- create Jira issues for bugs/feature requests
- create pull requests for code contributions or documentation
- post back on the users mailing list for support questions

And if there's anything that we can do to make your contributions
simpler, do let us know :-)

Thanks,

Robert


[1]: https://sling.apache.org/contributing.html

Re: Use S3 Bucket with Sling

[Robert Munteanu]

Hi Saurabh,

On Mon, 2019-08-12 at 12:48 +0530, Saurabh Tiwari wrote:
> Kindly advise me if I am missing anything.
> After completion of this work, I am also planning to contribute back
> all
> this information in the form of documentation to the project. :-)

Looks like you're heading down the right path, something is broken :-)

I would suggest that you run 

$ mvn clean package

And then launch the jar file using

$ java -jar target/org.apache.sling.starter-12-SNAPSHOT.jar

This will allow you to inspect the instance by accessing the web
console at 

  http://localhost:8080/system/console

and also to get a clear view of the logs at sling/logs/error.log .

Hope this helps,

Robert

Re: Use S3 Bucket with Sling

[Robert Munteanu]

On Mon, 2019-08-05 at 17:35 +, J Logan wrote:
>  Hi Saurabh,
> This might help you get started when working with the Sling starter
> JAR.  Robert, it'd be great if you could sanity check this but I
> think this is more or less correct.

Hi John,

Yes, that looks correct to me. A couple of notes:

a) You could add the required bundles and configs to the provisioning
model files ( src/main/resources/oak.txt ) directly.
b) Besides the oak-blob-cloud bundle you probably also need some
dependenies like the AWS SDK.

Thanks,

Robert

> 
> 1.) Start up the JAR once to get your repository initialized.  Go to
> the OSGi bundle console and make note of two things:a.) Whether the
> "org.apache.jackrabbit:oak-blob-cloud" OSGi bundle is presentb.) The
> version of Oak that is deployed
> 2.) Stop Sling.  This might not be strictly necessary, but it can't
> hurt to do this while you're getting started.
> 
> 3.) If the oak-blob-cloud isn't present in your bundle config, you
> need to download the "org.apache.jackrabbit:oak-blob-
> cloud:{oak_version}" JAR and copy it into your deployment.  The
> "oak_version" value should match the Oak version you saw above.
> 4.) Add a configuration file
> "org.apache.jackrabbit.oak.segment.SegmentNodeStoreService.config"
> that defines
> customBlobStore=B"true"
> 5.) Add a configuration file "" that defines
> accessKey="your_s3_access_key"
> secretKey="your_s3_secret_key"
> s3Bucket="your_s3_bucket"
> s3Region="your_s3_region"
> s3EndPoint="your_s3_endpoint"
> connectionTimeout="12"
> socketTimeout="12"
> maxConnections="40"
> writeThreads="30"
> maxErrorRetry="10"
> 
> If you're using and EC2 instance for Sling, you can use instance
> profiles to define an access role, and you can leave accessKey and
> secretKey blank.
> 
> 5.) Restart Sling.  At this point your setup should be working, or
> close to working.  Check the Sling logs and S3 console to
> troubleshoot any issues.
> Google "Configuring node stores and data stores in AEM 6" for more
> info on configuration.
> Regards, John
> 
> 
> On Monday, August 5, 2019, 5:44:17 AM PDT, Robert Munteanu <
> romb...@apache.org> wrote:  
>  
>  Hi Saurabh,
> 
> On Tue, 2019-07-30 at 11:48 +0530, Saurabh Tiwari wrote:
> > Hello team,
> > 
> > Hope you are doing well.
> > 
> > Just to give you my background, I am beginner in Sling, Felix and
> > Jackrabbit technologies and in the process of exploring it.
> 
> Welcome :-)
> 
> > I am planning to use S3 bucket for storage in Sling.
> > As per my knowledge, the NoSQL storage under the sling is Apache
> > Jackrabbit
> > Oak,  and Oak supports larger assets storage in S3.
> > 
> > I found these document on Jackrabbit [1],  but unable to get it
> > (may
> > be due
> > to my limited knowledge of OSGi)
> > 
> > Kindly help me with the steps to be followed to use S3 bucket with
> > sling
> > and please let me know if I misunderstood anything.
> > 
> > [1] 
> > https://jackrabbit.apache.org/oak/docs/osgi_config.html#config-sling
> 
> We do not have an explicit configuration set for Amazon S3 support in
> the Sling starter.
> 
> I think that you would need at least:
> 
> - to deploy the AWS SDK Jar
> - to add a configuration that enables the use of the
> org.apache.jackrabbit.oak.plugins.blob.datastore.S3DataStore
> component
> 
> What have you tried so far?
> 
> Thanks,
> 
> Robert
> 
>   

Re: Use S3 Bucket with Sling

[Robert Munteanu]

Hi Saurabh,

On Tue, 2019-07-30 at 11:48 +0530, Saurabh Tiwari wrote:
> Hello team,
> 
> Hope you are doing well.
> 
> Just to give you my background, I am beginner in Sling, Felix and
> Jackrabbit technologies and in the process of exploring it.

Welcome :-)

> 
> I am planning to use S3 bucket for storage in Sling.
> As per my knowledge, the NoSQL storage under the sling is Apache
> Jackrabbit
> Oak,  and Oak supports larger assets storage in S3.
> 
> I found these document on Jackrabbit [1],  but unable to get it (may
> be due
> to my limited knowledge of OSGi)
> 
> Kindly help me with the steps to be followed to use S3 bucket with
> sling
> and please let me know if I misunderstood anything.
> 
> [1] 
> https://jackrabbit.apache.org/oak/docs/osgi_config.html#config-sling

We do not have an explicit configuration set for Amazon S3 support in
the Sling starter.

I think that you would need at least:

- to deploy the AWS SDK Jar
- to add a configuration that enables the use of the
org.apache.jackrabbit.oak.plugins.blob.datastore.S3DataStore component

What have you tried so far?

Thanks,

Robert

Re: Configuring LDAP in sling

[Robert Munteanu]

Hi Sergiu,

Glad to hear you got it figured out!

Thanks,

Robert

On Mon, 2019-05-27 at 11:51 -0400, Sergiu Dumitriu wrote:
> Hi Robert,
> 
> We figured it out in the end. For reference, here's the configuration
> needed: https://github.com/ccmbioinfo/lfs/pull/10/files
> 
> I think the problem was that after reading
> https://jackrabbit.apache.org/oak/docs/security/authentication/ldap.html#LDAP_Configuration
> we were misled into thinking that the configuration was supposed to
> be
> written for
> org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapProvi
> derConfig
>  instead of
> org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdent
> ityProvider
> 
> On 5/27/19 4:25 AM, Robert Munteanu wrote:
> > On Thu, 2019-05-16 at 21:23 +, Zi Ming He wrote:
> > > There does not appear to anything suspcious in error.log. I'm
> > > relatively new to this though, so if you want to examine my
> > > error.log
> > > my judgement may not be correct. If you want to examine my
> > > error.log,
> > > I can send you a copy of it.
> > 
> > I don't have any experience with Sling + LDAP, but feel free to
> > send
> > the error.log file to me off-list if you think it contains
> > sensitive
> > data.
> > 
> > Thanks,
> > Robert
> > 
> 
> 

Re: Configuring LDAP in sling

[Robert Munteanu]

On Thu, 2019-05-16 at 21:23 +, Zi Ming He wrote:
> There does not appear to anything suspcious in error.log. I'm
> relatively new to this though, so if you want to examine my error.log
> my judgement may not be correct. If you want to examine my error.log,
> I can send you a copy of it.

I don't have any experience with Sling + LDAP, but feel free to send
the error.log file to me off-list if you think it contains sensitive
data.

Thanks,
Robert

Re: Configuring LDAP in sling

[Robert Munteanu]

Him

On Wed, 2019-05-15 at 17:09 +, Zi Ming He wrote:
> I would like to configure LDAP in sling. Currently I have:
> 
(snip)

I have not tried configuring LDAP for Sling yet. But, as a first
question, are there any suspicious entries in the error.log?

Thanks,

Robert

Re: Different Login Landing Page

[Robert Munteanu]

Hi Andy,

On Thu, 2019-04-18 at 10:36 -0700, Andreas Schaefer wrote:
> Hi
> 
> I am wondering how an application would set a different landing page
> than the Sling Starter Page?
> 
> I tried to change the sling:target through a package deployment and
> it works for /content but not for the root (/).

Have you tried changing the form.login.form property of the
org.apache.sling.formauth.FormAuthenticationHandler component , as
described at [1]?

Thanks,

Robert


[1]: 
https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/form-based-authenticationhandler.html#configuration

Re: Can Suffix be used in the Sling Filter Pattern?

[Robert Munteanu]

On Fri, 2019-03-29 at 14:27 -0400, Cris Rockwell wrote:
> Ok. Thanks. It must be a version thing, because
> org.apache.sling.engine.EngineConstants.SLING_FILTER_SUFFIX_PATTERN
> is not found in my local maven repository or IDE.

Maybe it is not found due to the java compiler inlining constants?

> It’s odd because the bundle (org.apache.sling.engine) says is 2.6.16
> (using /system/console/bundles). When I expand the bundle details, I
> see lower versions.
> 
> Bundle Location   launchpad:resources/install/0/org.apache.sling.
> engine-2.6.6.jar
> Exported Packages org.apache.sling.engine,version=2.3.0

You are most likely using 2.6.16. The bundle location is (IIRC) set to
the first version of the bundle _or_ the first version of the bundle
present when a configuration is defined for a component belonging to
that bundle.

Robert

> 
> 
> 
> 
> 
> 
> 
> > On Mar 29, 2019, at 12:07 PM, Robert Munteanu 
> > wrote:
> > 
> > On Fri, 2019-03-29 at 10:47 -0400, Cris Rockwell wrote:
> > > Hi all
> > > 
> > > I want to follow up with a question I sent the group last year
> > > about
> > > using a suffix patterns when defining Sling Filters. 
> > > http://apache-sling.73963.n3.nabble.com/Can-Suffix-be-used-in-the-Sling-Filter-Pattern-td4084561.html
> > > <
> > > http://apache-sling.73963.n3.nabble.com/Can-Suffix-be-used-in-the
> > > -
> > > Sling-Filter-Pattern-td4084561.html>
> > > 
> > > The email response at the time was that Suffix patterns cannot be
> > > used to define a filter, and the advice was to check the suffix
> > > within the filter itself. If this is the case, then why does the
> > > documentation describe sling.filter.suffix.pattern as "Restrict
> > > the
> > > filter to requests with suffix that match the supplied regular
> > > expression. Requires Sling Engine 2.6.14.”
> > > 
> > > https://sling.apache.org/documentation/the-sling-engine/filters.html
> > > <https://sling.apache.org/documentation/the-sling-
> > > engine/filters.html>
> > > Using org.apache.sling.engine 2.6.16, I have not had any luck
> > > configuring sling.filter.suffix.pattern. If this feature is not
> > > available or not working, I would recommend updating docs and
> > > removing it. Also, I would like to review the source code to see
> > > how
> > > the sling.filter.suffix.pattern was intended to be used, but I
> > > cannot
> > > find it. Please send a link if you can.
> > 
> > Hi Cris,
> > 
> > I think this is used at
> > 
> >  
> > https://github.com/apache/sling-org-apache-sling-engine/blob/f2ddb41a68551e6d27a143bca00fb267d7af2230/src/main/java/org/apache/sling/engine/impl/filter/FilterPredicate.java#L67
> > 
> > Robert
> > 

Re: Can Suffix be used in the Sling Filter Pattern?

[Robert Munteanu]

On Fri, 2019-03-29 at 10:47 -0400, Cris Rockwell wrote:
> Hi all
> 
> I want to follow up with a question I sent the group last year about
> using a suffix patterns when defining Sling Filters. 
> http://apache-sling.73963.n3.nabble.com/Can-Suffix-be-used-in-the-Sling-Filter-Pattern-td4084561.html
>  Sling-Filter-Pattern-td4084561.html>
> 
> The email response at the time was that Suffix patterns cannot be
> used to define a filter, and the advice was to check the suffix
> within the filter itself. If this is the case, then why does the
> documentation describe sling.filter.suffix.pattern as "Restrict the
> filter to requests with suffix that match the supplied regular
> expression. Requires Sling Engine 2.6.14.”
> 
> https://sling.apache.org/documentation/the-sling-engine/filters.html
>  engine/filters.html>
> Using org.apache.sling.engine 2.6.16, I have not had any luck
> configuring sling.filter.suffix.pattern. If this feature is not
> available or not working, I would recommend updating docs and
> removing it. Also, I would like to review the source code to see how
> the sling.filter.suffix.pattern was intended to be used, but I cannot
> find it. Please send a link if you can.

Hi Cris,

I think this is used at

  
https://github.com/apache/sling-org-apache-sling-engine/blob/f2ddb41a68551e6d27a143bca00fb267d7af2230/src/main/java/org/apache/sling/engine/impl/filter/FilterPredicate.java#L67

Robert

Re: Upgrading to Oak 1.10.0 for Sling10

[Robert Munteanu]

On Mon, 2019-02-25 at 18:53 -0500, marc.davenp...@oracle.com wrote:
> I've been trying to rationalize the hit or miss nature of this
> problem. 
> In my mind,  I'm looking for a race condition. I'm going to bet that 
> this is a configuration issue on our end, but I'm not sure how this 
> would happen or where to look. Perhaps we are have some bundles out
> of 
> order.  While I had mentioned in a previous email that we had our
> own 
> supplier of SlingRepository, I temporarily removed it trying to
> debug 
> this issue.  I can see that two different instances of 
> OakSlingRepositoryManager (which implement SlingRepository) are
> created 
> on the first server startup. I saw this by setting a break point in 
> start(BundleContext, Config) of AbstractSlingRepositoryManager.

This reminds me of SLING-7811 [1]. While we did not get to a definitive
solution, it might be worth upgrading the o.a.s.jcr.base bundle to
3.0.6 ( Sling 10 has 3.0.4 ) and see if the situation is improved.

Thanks,

Robert

[1]: https://issues.apache.org/jira/browse/SLING-7811

Re: sling starter maven plugin - placing files to WEB-INF/lib

[Robert Munteanu]

Hi Marc,

On Sat, 2019-03-02 at 13:58 -0800, Marc Davenport wrote:
> Hello all,
> In our previous application  based on Sling6 we used a maven assembly
> to build our application war.  In the assembly we placed some classes
> into WEB-INF/lib and made felix provide these.  I'm trying to shift
> us to use the sling start plugin so we can keep our features held
> together better by way of the model.txt files. We'd still like to
> include those files in WEB-INF/lib but I can not figure out how to
> put them there with the plugin, so I'm still using an assembly to
> unpack the war from SlingStart plugin and add our files.  We are
> using a property that we set in boot.txt to made felix provide the
> classes we want.  Just can't figure out how to get the libraries into
> the right place without taking two steps.
> 
> Any suggestions on how to do this?

I took a quick look at the slingstart-maven-plugin source code and it
does not look like this is possible right now.

It may be possible to update the plugin to do that, so feel free to
file a Jira issue. I suspect that with all the attention that the
feature model is getting this maybe not be at the top of anyone's list,
so a pull request would go a long way towards making it happen.

I would also suggest that you try and stop relying in jar files in WEB-
INF/lib, but I guess you already tried that and it's not trivial.

Robert

Re: Replacing jackrabbit oak with other JCR implementation in Sling 10

[Robert Munteanu]

Hi Manoj,

On Fri, 2019-02-22 at 08:40 -0700, Manoj wrote:
> Hi, 
> 
> We are trying to migrate from sling 6 to sling 10. I wanted to know
> is it
> possible to use sling 10 dependecies without oak or is there a strong
> interdependence between sling 10 and oak. 
> Please suggest what are the possible issues which may come up.

The key component here is the Sling/JCR repository integration bundle.
For oak this is org.apache.sling.jcr.oak-server . To go back to
Jackrabbit you would at least need to replace this bundle with
org.apache.sling.jcr.jackrabbit.server .

Note however that:

- the jcr.jackrabbit.server bundle has been moved to the attic, which
means that we plan to do no development with it in the future
- Sling is exclusively tested with Oak, we cannot say how well current
versions will work with Oak (although they should)

May I ask why you want to keep using Jackrabbit with recent Sling
versions?

Thanks,

Robert

Re: Upgrading to Oak 1.10.0 for Sling10

[Robert Munteanu]

On Thu, 2019-02-14 at 16:02 -0500, marc.davenp...@oracle.com wrote:
> 14.02.2019 12:28:29.190 *WARN*[CM Event Dispatcher (Fire 
> ConfigurationEvent: 
> pid=org.apache.jackrabbit.oak.segment.SegmentNodeStoreService)] 
> org.apache.sling.commons.scheduler.impl.QuartzScheduler Scheduler
> job 
> requested thread pool with name oak but this thread pool is not in
> the 
> list of allowed pools.

There's also this warning, I overlooked it. I don't see it the latest
Sling starter. Can you adjust the configuration of the QuartzScheduler
to include 'oak' in the allowed pool names?

Robert

Re: Upgrading to Oak 1.10.0 for Sling10

[Robert Munteanu]

Hi Marc,

On Thu, 2019-02-21 at 18:18 -0500, marc.davenp...@oracle.com wrote:
> Hello Robert et all,
> 
> Thank you for your reply.  I have not been able to pair down to a
> sample 
> project that isolates this issue. I'm currently deploying my
> application 
> over and over until I hit the failure mode. I haven't identified the 
> code that would have created the missing primary types.  I could use 
> some ideas on where to look next, even if it is just a best guess.
> 
> In the failed state I can see that the component 
> org.apache.sling.jcr.oak.server.internal.OakSlingRepositoryManager
> is 
> active according the Felix Webconsole. But there is no corresponding 
> service of the type org.apache.sling.jcr.api.SlingRepository.   This
> may 
> another version of the information the logs are telling me. But it
> is 
> something I noticed trying to compare working and not working
> instances.
> 
> Any ideas would be helpful at this point. I was kind of hoping that
> the 
> log messages might trigger an "oh yeah, I've seen this before in X"
> kind 
> of moment, since I currently have no purchase on the problem.

Unfortunately I haven't seen this problem so far. Could you maybe try
the same setup with the old Oak version that was working? If you
encounter the same problem it's probably not Oak, so at least we can
rule that out.

Also, do you have any custom code that plugs into the repository
initialisation? 

The index you referenced is created by ExtraSlingContent [1] and is
added _after_ Oak's InitialContent [2][3]. So the question is - has the
InitialContent been installed successfully? Are you able to inspect the
repository after in the scenario where this fails? 

Thanks,

Robert

[1]: 
https://github.com/apache/sling-org-apache-sling-jcr-oak-server/blob/6aa041d47fe5a8df834b83170bc0f5df460ed94d/src/main/java/org/apache/sling/jcr/oak/server/internal/OakSlingRepositoryManager.java#L212
[2]: 
https://github.com/apache/sling-org-apache-sling-jcr-oak-server/blob/6aa041d47fe5a8df834b83170bc0f5df460ed94d/src/main/java/org/apache/sling/jcr/oak/server/internal/OakSlingRepositoryManager.java#L127-L128
[3]: 
https://github.com/apache/jackrabbit-oak/blob/jackrabbit-oak-1.10.0/oak-core/src/main/java/org/apache/jackrabbit/oak/InitialContent.java

Re: A maven archetype for apache sling cms

[Robert Munteanu]

Hi Mahsum,

On Thu, 2019-02-07 at 12:19 +, Mahsum Demir wrote:
> Hi,
> 
> I think having a Maven archetype which generates a simple sling cms
> app will be useful. The generated project will include a simple page
> and a component. The archetype will lessen the time needed to get up
> and working with the cms and increase the popularity of the cms.
> 
> So, what do you think about that?
> If you think that is beneficial for the cms too than I would like to
> implement it.

Do you propose that we:

- create an archetype for Sling that results in a basic application OR
- create an archetype for the Sling CMS [1]

?

> Also, what is the process of having that project under the Apache
> name?

Are you asking about contributing this back to Sling? If yes, we are
more than happy to accept your contributions. If this will be a new
module you can send a pull request against the sling whiteboard [2] or
build it in a separate GitHub repository.

Thanks,

Robert


[1]: https://github.com/apache/sling-org-apache-sling-app-cms
[2]: https://github.com/apache/sling-whiteboard/

Re: Upgrading to Oak 1.10.0 for Sling10

[Robert Munteanu]

Hi Marc,

On Thu, 2019-02-14 at 16:02 -0500, marc.davenp...@oracle.com wrote:
> I've been moderately successful. However, about 
> 1/2 the time, our application will fail to deploy. I can not parse
> if 
> this is a Oak failure or a sling10 failure, or a configuration
> between 
> the two issue. I'm looking for any insight as to what this might be.

A sample project reproducing the issue would be very helpful.

Thanks,

Robert

Re: Is Sling Jackrabbit Persistence Manager support Oracle12

[Robert Munteanu]

Hi Yanice,

Then I guess the problem is in your JDBC driver ... would you be able
to share a sample project which would help us reproduce the issue? I
think it should be posted at 

  https://issues.apache.org/jira/browse/SLING

Thanks!

Robert

On Thu, 2019-01-31 at 11:56 +0100, Yanice Youbi wrote:
> Hi, thank you for your help.
> 
> I get this following result
> 
> 
> Yanice
> 
> 
> On 2019/01/30 21:52:46, Robert Munteanu  wrote: 
> > Hi Yanice,> 
> > 
> > On Tue, 2019-01-29 at 12:01 +0100, Yanice Youbi wrote:> 
> > > Caused by: java.lang.ClassNotFoundException:> 
> > > javax.crypto.interfaces.PBEKey not found by
> Oracle_JDBC_7_bundle> 
> > > [187]> 
> > > at> 
> > >
> org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDele
> > 
> > > gation(BundleWiringImpl.java:1556)> 
> > > at> 
> > >
> org.apache.felix.framework.BundleWiringImpl.access$400(BundleWiringIm
> > 
> > > pl.java:77)> 
> > > at> 
> > >
> org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadCla
> > 
> > > ss(BundleWiringImpl.java:1993)> 
> > > at
> java.lang.ClassLoader.loadClass(ClassLoader.java:357)> 
> > > ... 76 common frames omitted> 
> > 
> > Looks like you're missing an export for the
> javax.crypto.interfaces> 
> > package. In my Sling starter setup if I go to > 
> > 
> > http://localhost:8080/system/console/depfinder> 
> > 
> > and search for that package I see that it's exported by the> 
> > org.apache.felix.framework bundle. What results do you get?> 
> > 
> > Thanks,> 
> > 
> > Robert> 
> > 
> > 

Re: Is Sling Jackrabbit Persistence Manager support Oracle12

[Robert Munteanu]

Hi Yanice,

On Tue, 2019-01-29 at 12:01 +0100, Yanice Youbi wrote:
> Caused by: java.lang.ClassNotFoundException:
> javax.crypto.interfaces.PBEKey not found by Oracle_JDBC_7_bundle
> [187]
> at
> org.apache.felix.framework.BundleWiringImpl.findClassOrResourceByDele
> gation(BundleWiringImpl.java:1556)
> at
> org.apache.felix.framework.BundleWiringImpl.access$400(BundleWiringIm
> pl.java:77)
> at
> org.apache.felix.framework.BundleWiringImpl$BundleClassLoader.loadCla
> ss(BundleWiringImpl.java:1993)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
> ... 76 common frames omitted

Looks like you're missing an export for the javax.crypto.interfaces
package. In my Sling starter setup if I go to 

http://localhost:8080/system/console/depfinder

and search for that package I see that it's exported by the
org.apache.felix.framework bundle. What results do you get?

Thanks,

Robert

Re: Configuring Sling 10 to use RDBDocumentStore with OracleDB

[Robert Munteanu]

On Tue, 2018-12-04 at 14:30 -0700, mkcons wrote:
> Hi Robert,
> 
> I don't know how your answer worked for the OP but it worked quite
> nicely
> for me.
> 
> Just one detail, I had to add the "datasource.name" in the
> DataSourceFactory
> configuration.
> 
> [configurations runModes=oak_db2]
>   org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService
> documentStoreType="RDB"
> 
>   org.apache.sling.datasource.DataSourceFactory
>   url="jdbc:db2://192.168.2.3:5/sling"
>   driverClassName="com.ibm.db2.jcc.DB2Driver"
>   username=""
>   password=""
>   datasource.name="oak"

Nice, thanks for confirming that!

Robert

Re: Configuring Sling 10 to use RDBDocumentStore with OracleDB

[Robert Munteanu]

Hi Mohammad,

On Fri, 2018-11-09 at 14:02 -0500, Mohammad wrote:
> Hi,
> 
> (Sorry I originally sent this on the d...@sling.apache.org list by
> accident.)
> 
> The documentation for RDBDocumentStore (here: 
> https://jackrabbit.apache.org/oak/docs/apidocs/org/apache/jackrabbit/oak/plugins/document/rdb/RDBDocumentStore.html)
>  
> mentions Oracle as a supported database so I've been trying to
> figure 
> out how to configure Sling to use it.
> 
> The first question I have is, what versions of Oracle DB are 
> supported/tested against?

That question is more for the Jackrabbit/Oak team. We do not have any
specific tests for the RDB part. Actually, it's not even included in
the Slingstart.

> 
> The second question is, how do I configure a modified sling webapp
> war 
> file to use Jackrabbit Oak with an Oracle DB backend?

I would start by modifying the current Sling starter, seems easier :-)

First of all, check out the code from

  https://github.com/apache/sling-org-apache-sling-starter

Then need to add another run mode which configures the Oracle DB for
persistence. I have not tried this at all, so it might simply blow up,
but I hope it's at least a step in the right direction

diff --git a/src/main/provisioning/boot.txt b/src/main/provisioning/boot.txt
index fc31337..1253c17 100644
--- a/src/main/provisioning/boot.txt
+++ b/src/main/provisioning/boot.txt
@@ -25,7 +25,7 @@
 # oak_tar and oak_mongo run modes are mutually exclusive,
 # and cannot be changed after the first startup
 [settings]
-sling.run.mode.install.options=oak_tar,oak_mongo
+sling.run.mode.install.options=oak_tar,oak_mongo,oak_rdb_oracle
 repository.home=${sling.home}/repository
 localIndexDir=${sling.home}/repository/index
 
diff --git a/src/main/provisioning/oak.txt b/src/main/provisioning/oak.txt
index 4621efc..a2f7a7d 100644
--- a/src/main/provisioning/oak.txt
+++ b/src/main/provisioning/oak.txt
@@ -50,6 +50,11 @@
 org.mongodb/mongo-java-driver/3.6.4
 com.h2database/h2-mvstore/1.4.194
 
+[artifacts startLevel=15 runModes=oak_rdb_oracle]
+# Note - add oracle JDBC driver here
+   org.apache.sling/org.apache.sling.datasource/1.0.2
+
+
 # start the Oak server instance after all components have been configured
 # and started to avoid restarting that component ( see SLING-4556 )
 [artifacts startLevel=16]
@@ -99,3 +104,14 @@
   org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService
 mongouri="mongodb://localhost:27017"
 db="sling"
+
+[configurations runModes=oak_rdb_oracle]
+  org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService
+documentStoreType="RDB"
+
+  # Note - adjust connection data in url, username, password
+  org.apache.sling.datasource.DataSourceFactory-oak.config
+url="jdbc:oracle:thin:localhost:port:SID"
+driverClassName="oracle.jdbc.OracleDriver"
+username="test"
+password="test"


After that you can rebuild sling

$ mvn clean package

And run with 

$ java -jar ... -Dsling.run.modes=oak_rdb_oracle

Let me know how that works, would be good to know :-)

Thanks,

Robert

Re: Segment Tar based Sling clustering

[Robert Munteanu]

Ah, yes, that does makes sense.

Thanks,

Robert

On Tue, 2018-11-20 at 09:31 +, Nicolas Peltier wrote:
> No i haven't tried that and I would not bet on it. 
> I was referring to 2+ separate segment tar based instance that are
> written on with "broadcast" means like distribution.
> 
> On 20/11/2018 10:11, "Robert Munteanu"  wrote:
> 
> Hi,
> 
> On Mon, 2018-11-19 at 16:11 +, Nicolas Peltier wrote:
> > Note that option 2 is the easiest option in case you are
> clustering
> > for read only (high availability scenario)
> 
> If by 2 you mean " Segment Tar based deployment ( where two
> instances
> of Sling will use the same, mounted repository folder)" that was
> not
> possible last time I tried.
> 
> The SegmentStore does not work on a read-only file-system as it
> eagerly
> aquires the journal lock and starts writing (IIRC) and also can't
> work
> with multiple processes sharing the same filesystem location.
> 
> Did you manage to get this working at some point?
> 
> Thanks,
> 
> Robert
> 
> 
> 

Re: Segment Tar based Sling clustering

[Robert Munteanu]

Hi,

On Mon, 2018-11-19 at 16:11 +, Nicolas Peltier wrote:
> Note that option 2 is the easiest option in case you are clustering
> for read only (high availability scenario)

If by 2 you mean " Segment Tar based deployment ( where two instances
of Sling will use the same, mounted repository folder)" that was not
possible last time I tried.

The SegmentStore does not work on a read-only file-system as it eagerly
aquires the journal lock and starts writing (IIRC) and also can't work
with multiple processes sharing the same filesystem location.

Did you manage to get this working at some point?

Thanks,

Robert

Re: JcrResourceResolver#findResources seems to eat exceptions while iterating but not during initialization

[Robert Munteanu]

Hi Vikas,

On Wed, 2018-10-31 at 17:39 +0530, Vikas Saurabh wrote:
> Hi,
> 
> Recently, while working on a separate issue, I landed on a seemingly
> different behavior while finding resources via jcr resource resolver.
> 
> It seems that while finding resources JcrNodeResourceIterator [1]
> eats
> exceptions while iterating over underlying result set. It logs and
> ERROR though. Otoh, if some error occurs while creating the iterator
> (say while doing getNodes [2]) then the exception gets thrown back to
> caller (without any log message). While throw-or-log-error strategy,
> I
> think, seems right, but the different in behavior for caller of
> findResource seems incorrect to me. I think it should be consistent
> one way or another.
> 
> That said, imo, I think the iterator is wrong here to assume that
> it's
> ok to just log and error and continue with iteration without
> notifying
> the caller - but I don't think I'm able enough to make such a call.
> 
> I'd love to hear inputs from this list (didn't open the issue because
> I didn't really know if my feeling is really considered an issue or
> not).

I don't have extra knowledge about this unforunately, but here's some
information I found by looking thorugh the commit history.

1. There was an addition for SLING-2408 [1] which refined this by
adding a new catch block handling missing nodes with commit [2].

2. That block was removed for SLING-3848 [3] with commit [4], which
might not have been intentional.

In the end, I can't really say what this catch block is guarding
against. Can you add more details regarding which kind of error is
being logged?

Thanks,
Robert

[1]: https://issues.apache.org/jira/browse/SLING-2408
[2]: 
https://github.com/apache/sling-org-apache-sling-jcr-resource/commit/478bc4e6
[3]: https://issues.apache.org/jira/browse/SLING-3848
[4]: 
https://github.com/apache/sling-org-apache-sling-jcr-resource/commit/a9d91b2d

[ANN] Apache Sling 11 Released

[Robert Munteanu]

The Apache Sling team is pleased to announce the release of Apache
Sling version 11. The release is available for download at

https://sling.apache.org/downloads.cgi

About Apache Sling
--
Apache Sling™ is a framework for RESTful web-applications based on an
extensible content tree.

In a nutshell, Sling maps HTTP request URLs to content resources based
on the request's path, extension and selectors. Using convention over
configuration, requests are processed by scripts and servlets,
dynamically selected based on the current resource. This fosters
meaningful URLs and resource driven request processing, while the
modular nature of Sling allows for specialized server instances that
include only what is needed.

Sling serves as basis for a variety of applications ranging from
blogging engines all the way to enterprise content management systems.

Release notes
-

The major points of interest for this release are:

* Removed the need to use '--add-modules'
* Update to Oak 1.8.8
* Update to OSGi R7 implementations
* Update to HTL 1.4
* Starter content moved to /content
* Anonymous access restricted to /content
* Repoinit enhancements
* Form-based login for Web Console

The full release notes are available online at

https://sling.apache.org/news/sling-11-released.html

Enjoy!

On behalf of the the Apache Sling PMC,
Robert Munteanu 

Re: Fw: Re: Fw: Re: Getting started but where is the promiseed fun ?

[Robert Munteanu]

Hi Michael,

On Sun, 2018-09-09 at 09:35 +0200, Michael Erdmann wrote:
> -- Forwarded Message 
> From: Michael Erdmann 
> Date: 09/09/2018 09:34:52
> Subject: Re: Fw: Re: Getting started but where is the promiseed fun ?
> To: users@sling.apache.org
> 
> " The "-j" argument defines the control port, see [1]. Please
> leave it
> unset for a default value and the actual Sling content will be served
> on port 0808.
> 
> this start up line seems to work at: http://localhost:8080/index.html
>  (using chrome)
>  java --add-modules java.se.ee -jar  org.apache.sling.starter-10.jar
> 
> http://localhost:8080/index.html. Is some one going to update the
> documentation ?
> 
> Thank you very much

Glad to hear it worked out!

I've updated the documentation at 

  http://sling.apache.org/documentation/getting-started.html

Hope that is enough.

Robert

Re: Fw: Re: Getting started but where is the promiseed fun ?

[Robert Munteanu]

Hi Michael,



On Sat, 2018-09-08 at 19:41 +0200, Michael Erdmann wrote:
> Log files attached
> 
> -- Forwarded Message 
> From: Michael Erdmann 
> Date: 08/09/2018 18:44:40
> Subject: Re: Getting started but where is the promiseed fun ?
> To: users@sling.apache.org
> 
> Forget  to attache the log files.
> On 08/09/2018 18:32:10, Michael Erdmann 
> wrote:
> 
> Hallo,
> 
> i am trying to do the first steps  in sling. I followed the
> instructions given in the "getting started" 
> (https://sling.apache.org/documentation/getting-started.html);
> downloading the jar file  org.apache.sling.starter-10.jar
> from https://sling.apache.org/project-information.html and starting
> it using java -jar org.apache.sling.starter-10.jar.
> 
> Doing is such a way, the port localhost:8080 will not be opended. The
> only way  get a port 8080 listening is add
> a few options to the command line.
> 
> $ java -jar  org.apache.sling.starter-10.jar -j localhost:8080 start

The "-j" argument defines the control port, see [1]. Please leave it
unset for a default value and the actual Sling content will be served
on port 0808.

> 
> Then i have been trying a few basic things from  
> https://sling.apache.org/documentation/getting-started/discover-sling-in-15-minutes.html
> sopecially crating some contents like but sling complains permanently
> about a wrong key!
> 
> curl -u admin:admin -F"sling:resourceType=foo/bar" -F"title=some
> title" http://localhost:8080/content/mynode
> 
> michaelerdmann@DESKTOP-6ST7TKK MINGW64 ~/develop/Desktop (master) $
> curl -u admin:admin -F"sling:resourceType=foo/bar" -F"title=some
> title" http://localhost:8080/content/mynode % Total % Received %
> Xferd Average Speed Time Time Time Current Dload Upload Total Spent
> Left Speed 100 280 0 16 100 264 73 1205 --:--:-- --:--:-- --:--:--
> 1278ERR: wrong key

See above, this indicates that the control port is being accessed.

> 
> I am wondering; but i think i am missing something basic; or i am
> using the wrong documentation or something is
> wrong with the jar file. Pls. could give me some advise what i need
> to do in order to get it the installment working?!
> 
> Some basic information about the setup:
> michaelerdmann@DESKTOP-6ST7TKK MINGW64 ~/develop (master) $ java
> -version java version "10.0.2" 2018-07-17 Java(TM) SE Runtime
> Environment 18.3 (build 10.0.2+13) Java HotSpot(TM) 64-Bit Server VM
> 18.3 (build 10.0.2+13, mixed mode)

Also, for now please add --add-modules java.se.ee to the java
invocation. The next release will remove the requirement, but for now
it's needed. I've also updated [2] to reflect that.

Hopefully that works better and generates a bit of fun ;-)

Best,

Robert

> 
> $ uname -a MINGW64_NT-10.0 DESKTOP-6ST7TKK 2.10.0(0.325/5/3) 2018-06-
> 13 23:34 x86_64 Msys
> /Regards
> Michael
> 

[1]: 
http://sling.apache.org/documentation/the-sling-engine/the-sling-launchpad.html
[2]: http://sling.apache.org/documentation/getting-started.html

Re: Pre-authenticated login from Sling to Oak

[Robert Munteanu]

Hi Dmitry,

On Tue, 2018-08-14 at 03:59 +0300, Dmitry Telegin wrote:
> Hi,
> 
> As per the document [1], to pre-authenticate a user in the Sling
> tier,  one needs to do the following:
> 
> > 1. verify the identity in the layer on top of the JCR repository
> > (e.g. in a custom Sling Authentication Handler)
> > 2. pass a custom, non-public Credentials implementation to the
> > repository login
> 
> The 1st step is clear, I was able to create a custom
> AuthenticationHandler and verify the identity. But how exactly do I
> pass custom Credentials implementation to the repository login?

My reading of the Oak page is that you should do that in step 3.
"create a custom login module that only supports these dedicated
credentials". If you look at the code example on that page, it does
exactly that

sharedState.put(SHARED_KEY_PRE_AUTH_LOGIN, new 
PreAuthenticatedLogin(userId));
sharedState.put(SHARED_KEY_CREDENTIALS, new SimpleCredentials(userId, 
new char[0]));
sharedState.put(SHARED_KEY_LOGIN_NAME, userId);

And the credential implementation seems to the SimpleCredentials with an empty 
password.

Does that work for you?

Robert

Re: Sling10 WEB-INF\resources\bundles\ vs WEB-INF\resources\install\

[Robert Munteanu]

Hi Manikanta,

On Mon, 2018-08-13 at 17:21 +0530, Manikanta Thumu wrote:
> Hi All,
> 
> 
> 
> In org.apache.sling.starter-10-webapp.war, We have two separate
> folders
> containing bundles i.e.  WEB-INF\resources\bundles\ and
> WEB-INF\resources\install.
> 
> What is the idea behind or the advantages of using these two separate
> folders and not a single folder say WEB-INF\resources\bundles\?

My understanding is that this is an internal implementation detail of
the feature launcher.

In the 'bundles' directory you find resources that are part of the
'boot' feature, which is the minimum set of bundles need to boostrap
Sling.

Once the initial bootstrap is done, Sling's OSGi installer will pick up
bundles in the 'install' folder, and also folders named
'installer.XXX', where 'XXX' is an active run mode and install them
based on the start level.

Hope this helps, and if not clear let me know and I'll dig some more.

Robert

Re: sling + oak mongo - error during logout

[Robert Munteanu]

Hi Eugen,

On Mon, 2018-08-13 at 05:39 +0300, Eugen Stan wrote:
> Hello again,
> 
> So it seems I was wrong and I can authenticate and write to the
> repository.
> 
> However the error still appears and I think the issue is a
> performance one.
> 
> I get "Error during logout" messages. I'm still not sure what is
> causing
> this since we just started investigating this behavior.
> 
> This seems more Oak than Sling related but I am a bit confused.
> 
> It seems the issue appears when multiple nodes are created at once
> but
> I'm not sure on the number. I think it is somewhere in the range of
> 20-50+ nodes / single session. 

Does this error only appear on logout and not on login? I would anyway
suggest that you apply debugging using the JAAS mechanisms ( which can
be a bit opaque - I remember for trying the last time ).

If you can get a reproducible test case it might be worth asking on the
oak-dev list.

Hope this helps,

Robert

> 
> Any insight is appreciated.
> 
> Regards,
> 
> 
> ```
> 
>| 84 - org.apache.jackrabbit.oak-core - 1.8.6 | Error during
> logout.
> javax.security.auth.login.LoginException: Login Failure: all modules
> ignored
> at
> javax.security.auth.login.LoginContext.invoke(LoginContext.java:906)
> ~[?:?]
> at
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:1
> 95)
> ~[?:?]
> at
> javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
> ~[?:?]
> at
> javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
> ~[?:?]
> at java.security.AccessController.doPrivileged(Native Method)
> ~[?:?]
> at
> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:6
> 80)
> ~[?:?]
> at
> javax.security.auth.login.LoginContext.logout(LoginContext.java:628)
> ~[?:?]
> at
> org.apache.jackrabbit.oak.core.ContentSessionImpl.close(ContentSessio
> nImpl.java:114)
> ~[?:?]
> at
> org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.logout(Session
> Delegate.java:402)
> ~[?:?]
> at
> org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl$1.logout(Repo
> sitoryImpl.java:322)
> ~[?:?]
> at
> org.apache.jackrabbit.oak.jcr.session.SessionImpl$10.performVoid(Sess
> ionImpl.java:466)
> ~[?:?]
> at
> org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate.performVoid(Se
> ssionDelegate.java:274)
> ~[?:?]
> at
> org.apache.jackrabbit.oak.jcr.session.SessionImpl.logout(SessionImpl.
> java:462)
> ~[?:?]
> at
> org.apache.sling.jcr.oak.server.internal.TcclWrappingJackrabbitSessio
> n.logout(TcclWrappingJackrabbitSession.java:304)
> ~[?:?]
> at
> gr8pi.itembank.jcr.repo.JcrTemplateImpl.doInSession(JcrTemplateImpl.j
> ava:67)
> ~[?:?]
> at
> gr8pi.itembank.migrate.AssessmentToJcrMigrator.migrateAssessmentItems
> (AssessmentToJcrMigrator.java:250)
> ~[?:?]
> at
> gr8pi.itembank.migrate.AssessmentToJcrMigrator.migrateAssessmentDimen
> sion(AssessmentToJcrMigrator.java:418)
> ~[?:?]
> at
> gr8pi.itembank.migrate.AssessmentToJcrMigrator.lambda$migrateAssessme
> ntDimensions$29(AssessmentToJcrMigrator.java:505)
> ~[?:?]
> at java.util.ArrayList.forEach(ArrayList.java:1257) [?:?]
> at
> gr8pi.itembank.migrate.AssessmentToJcrMigrator.migrateAssessmentDimen
> sions(AssessmentToJcrMigrator.java:505)
> [393:itembank-emf-jcr:1.22.0.SNAPSHOT]
> at
> gr8pi.itembank.migrate.AssessmentToJcrMigrator.migrate(AssessmentToJc
> rMigrator.java:620)
> [393:itembank-emf-jcr:1.22.0.SNAPSHOT]
> at
> gr8pi.itembank.migrate.EmfToJcrMigrator.migrate(EmfToJcrMigrator.java
> :44)
> [393:itembank-emf-jcr:1.22.0.SNAPSHOT]
> at
> gr8pi.itembank.jcr.karaf.commands.EmfToJcrCommand.execute(EmfToJcrCom
> mand.java:52)
> [392:itembank-commands:1.22.0.SNAPSHOT]
> at
> org.apache.karaf.shell.impl.action.command.ActionCommand.execute(Acti
> onCommand.java:84)
> [33:org.apache.karaf.shell.core:4.2.0]
> at
> org.apache.karaf.shell.impl.console.osgi.secured.SecuredCommand.execu
> te(SecuredCommand.java:68)
> [33:org.apache.karaf.shell.core:4.2.0]
> at
> org.apache.karaf.shell.impl.console.osgi.secured.SecuredCommand.execu
> te(SecuredCommand.java:86)
> [33:org.apache.karaf.shell.core:4.2.0]
> at
> org.apache.felix.gogo.runtime.Closure.executeCmd(Closure.java:571)
> [33:org.apache.karaf.shell.core:4.2.0]
> at
> org.apache.felix.gogo.runtime.Closure.executeStatement(Closure.java:4
> 97)
> [33:org.apache.karaf.shell.core:4.2.0]
> at
> org.apache.felix.gogo.runtime.Closure.execute(Closure.java:386)
> [33:org.apache.karaf.shell.core:4.2.0]
> at org.apache.felix.gogo.runtime.Pipe.doCall(Pipe.java:417)
> [33:org.apache.karaf.shell.core:4.2.0]
> at org.apache.felix.gogo.runtime.Pipe.call(Pipe.java:229)
> [33:org.apache.karaf.shell.core:4.2.0]
> at org.apache.felix.gogo.runtime.Pipe.call(Pipe.java:59)
> [33:org.apache.karaf.shell.core:4.2.0]
> at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:?]
> at
> 

Re: Detecting whether job has been stopped by the user but JobExecutor hasn't terminated yet?

[Robert Munteanu]

Hi John,

You replied to Eugen's previous email which caused the email to appear
in the same thread, and likely ignored by at least some subscribers.

I don't have a good answer for your email, but maybe resending without
replying to an existing email might help :-)

Best,

Robert

On Fri, 2018-08-10 at 22:24 +, John Logan wrote:
> Hi,
> 
> 
> In essence I'm trying to detect the in-progress state of a job being
> stopped.
> 
> 
> I see in the sling-event implementation that calling
> jobHandler.stopJobById() eventually works its way down to calling
> jobHandler.stop(), setting a flag in the JobHandler.
> 
> 
> The JobExecutor is responsible for calling
> jobExecutionContext.isStopped(), and if it returns true, the
> JobExecutor should clean up, call  and exit.
> 
> 
> There might be some time elapsed between the request to stop and the
> JobExecutor returning the JobExecutionResult that updates job
> state.  Is there a way to detect this interim condition via sling-
> event-api?  I had a look at the code and didn't see anything obvious.
> 
> 
> What I'm trying to do is indicate in my UI that a job is being
> cancelled, but cancellation isn't complete yet.
> 
> 
> Thanks!  John

Re: [DISCUSSION] markdown support for Sling CMS

[Robert Munteanu]

Hi Dan,

On Thu, 2018-08-09 at 14:06 -0400, Daniel Klco wrote:
> Unfortunately, I'm not going to be at adapt.to :-( wrong side of the
> pond.
> 
> So for commonmark, I'm assuming you're referring to this one here:
> 
> https://github.com/atlassian/commonmark-java
> 
> We could embed the JAR into a bundle to provide markdown support and
> the
> implementation of the Sling Models and any other services. Let me
> take a
> look at it in my copious free time ;-)

Have you seen [1]? It's definitely buggy and missing features, but it
might work for your use case. In that scenario, we could graduate it
from the whiteboard.

I'm still waiting for a little time to also allow usage as a
ResourceDecorator, and that would allow a lot more flexibility in
usage.

Robert

[1]: https://github.com/apache/sling-whiteboard/tree/master/mdresourceprovider
> 
> On Thu, Aug 9, 2018 at 12:05 PM Ioan Eugen Stan <
> stan.ieu...@gmail.com>
> wrote:
> 
> > Hello Daniel,
> > 
> > I'm very happy to hear you have a use case for it and I hope we can
> > get it
> > included soon.
> > 
> > Are you coming to Adapt.to? We might do some work there.
> > 
> > I'm swamped with other work and can't work on this until then. If
> > you need
> > it sooner, I can't help you much.
> > 
> > Regarding markdown support, I failed to convince commonmark
> > developer to
> > merge my osgi PR's. Maybe you can push a bit and make it happen. If
> > not we
> > could try to push for flexmark. The developer might be more open to
> > contributions. This is for longer term.
> > 
> > Short term you can use the versions I published.
> > 
> > I saw another discussion about sling and markdown and I saw nice
> > features
> > being eiscussed (copy front matter properties to jcr properties,
> > caching,
> > etc) .
> > 
> > https://github.com/vsch/flexmark-java
> > 
> > 
> > *De la:* dk...@apache.org
> > *Trimis:* 9 august 2018 17:59
> > *Către:* ieu...@apache.org
> > *Cc:* users@sling.apache.org
> > *Subiect:* Re: [DISCUSSION] markdown support for Sling CMS
> > 
> > Hey Eugen,
> > 
> > Now that Sling CMS 0.9.0 is out I was thinking adding markdown
> > support to
> > Sling CMS would be a great addition (in part because I have a use
> > case for
> > it for filtered user generated content)
> > 
> > I've created an issue for it:
> > 
> > https://issues.apache.org/jira/browse/SLING-7819
> > 
> > Do you want to create a PR for integrating this? How can I help?
> > 
> > Thanks,
> > Dan
> > 
> > On Wed, Jun 20, 2018 at 10:16 PM Daniel Klco 
> > wrote:
> > 
> > > 
> > > 
> > > On Sun, Jun 17, 2018, 9:26 PM Eugen Stan 
> > > wrote:
> > > 
> > > > Hello Daniel and all,
> > > > 
> > > > I've been working to deliver a piece of functionality that
> > > > leverages
> > > > Markdown support and I think it can be a great addition for
> > > > managing
> > > > content inside a Sling, more specifically Sling CMS.
> > > > 
> > > > My work is by no means ready to be released into the open but I
> > > > would
> > > > like to share some ideas and get some feedback. I think it
> > > > could make a
> > > > great adition to Sling CMS.
> > > > 
> > > > I've started from commonsmark-java [1] and I have made some
> > > > PR's to add
> > > > proper osgi support and Karaf features. Until they are
> > > > upstreamed, I've
> > > > published them to my public repository on bintray so you can
> > > > test it out
> > > > [2].
> > > > 
> > > > I'm currenlty using this functionality to manage terms of use
> > > > and
> > > > privacy policy files for our web platform. We have a
> > > > requirement that
> > > > they need to be translated and I believe that a text based
> > > > format has
> > > > many advantages in this situation than an office document. Most
> > > > of them
> > > > are related to the that:
> > > > 
> > > > - content can be easily version controlled
> > > > 
> > > > - content can be transformed easily into multiple output
> > > > formats: html,
> > > > text, pdf
> > > > 
> > > > - content is easy to view/edit
> > > > 
> > > > - rich text editors exist for markdown that can be added
> > > > 
> > > > 
> > > > The way I am using it in my application is to register a Sling
> > > > Model
> > > > that allows me to convert from Markdown content to html on the
> > > > fly
> > > > (caching can be added).
> > > 
> > > 
> > > > I've also defined a script "page/markdown" via
> > > > sling:resourceType so I
> > > > can leverage that functionality. My implementation is based on
> > > > fling
> > > > sample and uses thymeleaf.
> > > > 
> > > > Bellow are some code snippets that I use. My implementation
> > > > needs to
> > > > handle content into multiple languages and we use a fallback
> > > > mechanism:
> > > > If requested language is not available, then we fallback to the
> > > > default
> > > > version - which is English version for most cases.
> > > > 
> > > > 
> > > > 
> > > > @Model(adaptables = {Resource.class,
> > > > SlingHttpServletRequest.class})
> > > > @FieldDefaults(level = 

Re: Runmode property for Filter

[Robert Munteanu]

Hi Cris,

On Thu, 2018-05-10 at 15:48 -0400, Cris Rockwell wrote:
> Hi folks
> 
> If I have a filter like the one shown below and in the link, is it
> possible to set a property so it only takes effect on a certain
> Runmode? I would like my filter to only run on instances having the
> publish run mode. 

(snip)

The way this is usually achieved is by:

- making the component require a configuration ( configurationPolicy =
REQUIRE )
- deploying the configuration only in the publish runmode, for instance
by adding it to a `/apps/myapp/config.publish` folder.

Robert

Re: Impersonation via ServiceResourceResolver

[Robert Munteanu]

On Wed, 2018-01-10 at 14:12 +0100, Johan Ruttens wrote:
> Hi Robert,
> 
> We would like to use the impersonation via a service user in the
> following
> scenario:
> an event handler takes care of saving an 'incoming' page and we would
> to
> have props like 'lastModifiedBy' having the correct user (hence the
> impersonation).

(Sorry for the late reply, this slipped)

If the lastModifiedBy property is not protected, you can set it
manually to the right value.

Robert

> 
> Regarding your remark
> "- the impersonator must be declared in a rep:impersonators property
> on"
> We would like to avoid this, as the involved users can be created ad
> hoc
> and maintainability would be become cumbersome.
> 
> 
> 
> 
> Thanks,
> 
> Johan
> 
> 
> 
> 
> 
> 2018-01-10 13:21 GMT+01:00 Robert Munteanu <romb...@apache.org>:
> 
> > Hi Johan,
> > 
> > On Fri, 2018-01-05 at 23:46 +0100, Johan Ruttens wrote:
> > > Hi,
> > > 
> > > We have to following piece of functionality:
> > > 
> > > ...
> > > final Session adminSession =
> > > adminResourceResolver.adaptTo(Session.class);
> > > Session userSession = adminSession.impersonate(new
> > > SimpleCredentials(userID, "".toCharArray()));
> > > ...
> > > 
> > > Where the adminResourceResolver used to be retrieved
> > > via getAdministrativeResourceResolver, but as this method is
> > > deprecated, we
> > > wanted to use the getServiceResourceResolver method.
> > > The problem is that the impersonate line, now throws an
> > > exception: "javax.jcr.LoginException: Impersonation not allowed".
> > > The documentation states that it is possible to add
> > > USER_IMPERSONATION to
> > > the authenticationInfo map parameter of the method.  But also
> > > "The
> > > property
> > > is obeyed but requires that the actual user has permission to
> > > impersonate
> > > as the requested user. If such permission is missing, a
> > > LoginException is
> > > thrown."
> > > 
> > > So my question to you guys is: do we need to add
> > > USER_IMPERSONATION
> > > to the
> > > authinfo map and which extra -minimal- permissions does the user
> > > need
> > > to
> > > able to make the impersonation work?
> > > 
> > 
> > I am not familiar with that area of the Oak code, but what I could
> > gather is that either:
> > 
> > - the impersonator is an admin user
> > - the impersonator must be declared in a rep:impersonators property
> > on
> > the user node ( see [1] for details )
> > 
> > From an API call point of view this should be fine.
> > 
> > But OTOH I am not sure that you should be impersonating from a
> > service
> > user. Sure, technically this works, but a service user should be
> > able
> > to do all the required work by itself. Can you share a bit more
> > info
> > about why you need impersonation to work via a service user?
> > 
> > Thanks,
> > 
> > Robert
> > 
> > [1]: https://jackrabbit.apache.org/oak/docs/security/user/default.h
> > tml#
> > Representation_in_the_Repository
> > 

Re: Sling POST servlet and empty arrays?

[Robert Munteanu]

On Thu, 2018-03-22 at 17:30 +, John Logan wrote:
> Hi Robert,
> 
> 
> I created a patch and made it available via:
> 
> 
> https://issues.apache.org/jira/browse/SLING-7553

Thanks, let's take it from there.

Robert

Re: Unlocking a resource

[Robert Munteanu]

Hi Roy,

On Wed, 2018-03-14 at 13:01 +0100, Roy Teeuwen wrote:
> Hey all,
> 
> I am trying to unlock a resource in a job that needs to modify the
> resource or subresources, but since upgrading to service resource
> resolvers this doesn't seem to be supported anymore. When doing the
> following code, I get the exception "Not an owner of the lock
> /content/my-site/nl/my-page/jcr:content". 
> 
> ```
> LockManager lockManager =
> resourceResolver.adaptTo(Session.class).getWorkspace().getLockManager
> ();
> lockManager.unlock(lockedResource.getPath());
> ```
> 
> 
> I tried to use the impersonate from service and then doing the unlock
> with a lockmanager from that session but it still is not possible to
> do it.
> 
> ```
> def session = slingRepository.impersonateFromService("my-service",
> new SimpleCredentials("my-user", "".toCharArray()), (String)null); 
> ```
> 
> The only solution I have is to not use service resource resolvers,
> but this would be the first case where I would have to allow the
> login admin for a specific bundle so I would like to avoid it
> 
> Anyone has a solution for this?

My reading of the Oak code at [1] is that you either need to be an
admin user or the lock owner to unlock.

Also note [2], which means that this area is unlikely to see
improvements in the future.

Robert


[1]: https://github.com/apache/jackrabbit-oak/blob/8f7bc6578cc2b5e8ecb2
dd1544d771951678d011/oak-
jcr/src/main/java/org/apache/jackrabbit/oak/jcr/lock/LockManagerImpl.ja
va#L196-L207
[2]: https://issues.apache.org/jira/browse/OAK-6421

Re: Sling POST servlet and empty arrays?

[Robert Munteanu]

Hi John,

On Mon, 2018-03-05 at 17:51 +, John Logan wrote:
> Thanks, Bertrand, for the clarification.  I'm glad you mentioned that
> this behavior may not be strictly defined.
> 
> 
> I don't think I ever turned in my contributor paperwork for Apache
> and/or Sling but when I can find a little extra time I'll tackle that
> and add a test.

That would be great! Note that you don't have to sign a CLA for
submitting individual patches, although it does not hurt to have one on
file.

Robert

> 
> 
> John
> 
> 
> 
> 
> From: Bertrand Delacretaz 
> Sent: Monday, March 5, 2018 5:37:22 AM
> To: users
> Subject: Re: Sling POST servlet and empty arrays?
> 
> Hi,
> 
> On Thu, Mar 1, 2018 at 5:07 AM, John Logan 
> wrote:
> > Hi, I'm trying to create node with an empty String[] property via
> > the Sling POST servlet...
> 
> ...
> > Is there a more succinct and accepted way?...
> 
> I don't think so, in general the convention is that empty property
> values cause the properties to be removed.
> 
> If you rely on that behavior (which I suppose is undocumented and
> just
> happened) it might be wise to contribute an automated test that
> clarifies this behavior and prevents it from going away in the
> future.
> 
> -Bertrand

Re: Resource overlay for static resources

[Robert Munteanu]

Hi Ivo,

On Sun, 2018-03-04 at 16:15 -0700, ivoleitao wrote:
> Then I would like that a customer uses my definition as base but only
> with a
> customization on the css and on the logo
> 
> /apps/acme/img/logo.png
> /apps/acme/css/acme.css
> 
> and on content
> 
> /content/clientacme

The simplest way I see this happening is via a component. Define a
'layout' or 'logo' component at /libs/my/component and allow the
customer to overlay it at /apps/my/component .

Alternatively, you can write another component and lookup the design
resources using `ResourceResolver.getResource` and a relative path,
e.g.

  resolver.getResource("acme/img/logo.png");

which would first look under /apps and then under /libs.

Thanks,

Robert

Re: sling content distribution without Sling (just jackrabbit oak)?

[Robert Munteanu]

On Tue, 2018-02-27 at 20:02 +0200, Ioan Eugen Stan wrote:
> So far I like how things have progressed and the JCR API is ok to
> work
> with (It could use an upgrade, Java has evolved, it would be great
> for
> JCR to evolve as well :D).

Glad to hear you'll be putting this to good use :-) . Yes, the JCR API
has not changed in some time, but that's the issue with backwards
compatibility. There's also the Sling Resource API, but if you're not
using OSGi for now that's out of the question.

Robert

Re: sling content distribution without Sling (just jackrabbit oak)?

[Robert Munteanu]

Hi Eugen,

On Wed, 2018-02-21 at 16:10 +0200, Ioan Eugen Stan wrote:
> Hello,
> 
> I'm designing a distributed micro-service architecture around Sling
> and
> Oak. We need to be able to synchronize some parts of the repository
> across multiple services. I think that Sling Content Distribution
> bundles are a very good fit, however the applications that we have
> are
> not OSGI and I don't plan to use Sling with them.
> 
> Does Sling Content Delivery work outside OSGI ? If it does it's a
> bummer
> since IMO there is potential for use cases where plain old Oak/JCR
> apps
> need to sync content between them. 

(snip)

No, I don't think it works without OSGi. Maybe your scenario would work
with the vault rcp command.

  http://jackrabbit.apache.org/filevault/usage.html

Robert

Re: sling with sso - with oauth2 / openid connect

[Robert Munteanu]

Hi Eugen,

On Tue, 2018-02-13 at 19:46 +0200, Ioan Eugen Stan wrote:
> Hello,
> 
> I have started evaluating Sling some time now and I've reached a
> point
> where the blocker is whether we can integrate it with Keycloak to
> provide single sign on.
> 
> A more generic question is: can Sling delegate
> authentication/authorization to another system like Keycloak?
> Keycloak
> uses Openid Connect protocol for authentication and implements Oauth2
> grant types. I imagine it should be possible and I'm willing to
> contribute some code and document this process.

It definitely is possible. We had some old code which implemented
openid authentication [1], but it's now retired. You should be able to
infer how to do this, but feel free to ask.

> 
> 
> How Keycloak integrates with other applications is that it acts like
> a
> filter/proxy in front of the app. I believe that the flow would be
> like
> this:
> 
> - User access protected Sling resources
> 
> - Sling checks if user is authenticated by reading cookie (or maybe
> token)
> 
> - If user is not authenticated, it is redirected to the Keycloak
> server
> 
> - Keycloak handles auth. After successful authentication, it is
> redirected back to the Sling with an authorization code (in
> authorization code grant flow).
> 
> - Sling will have to call Keycloak API to exchange that code with an
> access token (Oauth2) and an identity token (OpenID Connect).
> 
> - Sling can use those tokens to determine access rights (reading from
> token in case of JWT or calling Keycloak API)
> 
> Now I know that Sling needs to authenticate to Oak repository. My
> question is: should the integration with Keycloak (or any OpenID
> Connect
> / Oauth2 provider) happen just in Sling, just in Oak or in both?

I have tried neither so far :-) but my understanding is that Oak-level
authentication should be done when you need to reuse the user/group
information transparently - e.g. LDAP auth. If you need a SSO scenario
you should work at the Sling level, as this is too high in the stack
for Oak.

Hope this gives you a little something to start with.

Robert

> 
> Could someone point out the places (modules, classes) where these
> integrations could be made? I've looked at Sling authentication [4]
> and 
> [5] but I'm still a bit confused as to how Sling relates to
> authentication and authorization. From my understanding, Oak manages
> access and permissions (much like PostgreSQL and other RDBMS have
> support for these features). I will wait some answers here and based
> on
> that continue on Oak mailing list.  
> 
> 
> [1] https://auth0.com/docs/api-auth/tutorials/authorization-code-gran
> t
> 
> [2] http://www.keycloak.org/docs/latest/securing_apps/index.html
> 
> [3]
> http://jackrabbit.apache.org/oak/docs/security/authentication/preauth
> entication.html
> 
> [4]
> https://sling.apache.org/documentation/the-sling-engine/authenticatio
> n.html 
> 
> [5]
> https://sling.apache.org/documentation/the-sling-engine/authenticatio
> n/authentication-framework.html
> 
> 
> 

[ANN] Apache Sling 10 Released

[Robert Munteanu]

On Tue, 2018-02-06 at 16:09 +0200, Robert Munteanu wrote:
> The full release notes are available online at

Correction: the release notes are at

  https://sling.apache.org/news/sling-10-released

Thanks,

Robert

[ANN] Apache Sling 10 Released

[Robert Munteanu]

The Apache Sling team is pleased to announce the release of Apache
Sling version 10. The release is available for download at

https://sling.apache.org/downloads.cgi

About Apache Sling
--
Apache Sling™ is a framework for RESTful web-applications based on an
extensible content tree.

In a nutshell, Sling maps HTTP request URLs to content resources based
on the request's path, extension and selectors. Using convention over
configuration, requests are processed by scripts and servlets,
dynamically selected based on the current resource. This fosters
meaningful URLs and resource driven request processing, while the
modular nature of Sling allows for specialized server instances that
include only what is needed.

Sling serves as basis for a variety of applications ranging from
blogging engines all the way to enterprise content management systems.

Release notes
-

The major points of interest for this release are:

* Java 9 and 10 support
* Migrated from tika-bundle to tika-parsers
* Direct access to a DataStore binary when the repository allows it
* Exception stack traces now contain the originating bundle
* Update to Oak 1.6.8
* Service user web console page added
* Service user privilege declaration based on principal names
* Enhancements to the repoinit language
* Support for mounting JSON files in the bundle resource provider

The full release notes are available online at

https://sling.apache.org/news/sling-launchpad-9-released.html

Enjoy!

On behalf of the the Apache Sling PMC,
Robert Munteanu 

Re: Bundle Resource Provider not working?

[Robert Munteanu]

Hi Andres,

On Sat, 2018-01-27 at 18:19 +0100, Andres Bott wrote:
> Hello all,  
> 
> I was looking into bundle resource provider on sling 9
> "/system/console/bundleresources" but when trying to navigate to the
> path i.e : view the content of /libs/sling/sightly/js this will only
> show one level but not sub levels. (see attached)  
> 
> I also get a nice exception in the error.log 
> 
> I guess this is not expected 

I tried on 10-SNAPSHOT and it works on composum. Can you try updating
composum on Sling 9 to version 1.8.2 and see if this solves your
problem?

Thanks,

Robert

Re: Impersonation via ServiceResourceResolver

[Robert Munteanu]

Hi Johan,

On Fri, 2018-01-05 at 23:46 +0100, Johan Ruttens wrote:
> Hi,
> 
> We have to following piece of functionality:
> 
> ...
> final Session adminSession =
> adminResourceResolver.adaptTo(Session.class);
> Session userSession = adminSession.impersonate(new
> SimpleCredentials(userID, "".toCharArray()));
> ...
> 
> Where the adminResourceResolver used to be retrieved
> via getAdministrativeResourceResolver, but as this method is
> deprecated, we
> wanted to use the getServiceResourceResolver method.
> The problem is that the impersonate line, now throws an
> exception: "javax.jcr.LoginException: Impersonation not allowed".
> The documentation states that it is possible to add
> USER_IMPERSONATION to
> the authenticationInfo map parameter of the method.  But also "The
> property
> is obeyed but requires that the actual user has permission to
> impersonate
> as the requested user. If such permission is missing, a
> LoginException is
> thrown."
> 
> So my question to you guys is: do we need to add USER_IMPERSONATION
> to the
> authinfo map and which extra -minimal- permissions does the user need
> to
> able to make the impersonation work?
> 

I am not familiar with that area of the Oak code, but what I could
gather is that either:

- the impersonator is an admin user
- the impersonator must be declared in a rep:impersonators property on
the user node ( see [1] for details )

>From an API call point of view this should be fine.

But OTOH I am not sure that you should be impersonating from a service
user. Sure, technically this works, but a service user should be able
to do all the required work by itself. Can you share a bit more info
about why you need impersonation to work via a service user?

Thanks,

Robert

[1]: https://jackrabbit.apache.org/oak/docs/security/user/default.html#
Representation_in_the_Repository

Re: github samples w/ Sling 9

[Robert Munteanu]

On Wed, 2017-12-13 at 15:40 -0700, Chris Millar wrote:
> Mike / Robert
> This was a result of HTLBlog's initial content overwriting nodes in
> the
> apps folder and breaking most resource rendering.
> 
> I'm not sure how initial content loading changed, but this was not an
> issue
> with Sling 8.
> 
> I have raised a PR that fixes the issue, makes content loading more
> specific, and updated the sample to now reflect that it works with
> Sling 9.
> 
> Let me know if you have any other issues.
> 
> https://github.com/apache/sling-samples/pull/1

That works for me, thanks!

Robert

Re: Principal "everyone" is not clear

[Robert Munteanu]

Hi Evgeniy,

On Sun, 2017-11-26 at 15:57 +0300, drf...@drfits.com wrote:
> Can you please explain the purpose of the "everyone" ACL within
> repoinit.txt?

The 'everyone' principal is a 'virtual' ( for lack of a better term )
principal that matches, well, everyone. You can think of it as a group
in which every other principal is container.

By allowing jcr:read access to everyone on '/', we allow every
principal jcr:read rights for the whole repository.

Thanks,

Robert