From 63567d0096c4f29e2243cdf2c8890b9e506d72f9 Mon Sep 17 00:00:00 2001 From: Konrad Windszus Date: Wed, 10 Jul 2024 17:07:19 +0200 Subject: [PATCH] Adjust license headers --- .../src/main/META-INF/vault/filter.xml | 39 +- .../src/main/jcr_root/apps/cq/.content.xml | 13 + .../apps/cq/core/content/.content.xml | 13 + .../apps/cq/core/content/nav/.content.xml | 13 + .../cq/core/content/nav/tools/.content.xml | 13 + .../content/nav/tools/security/.content.xml | 13 + .../nav/tools/security/actool/.content.xml | 13 + .../nav/tools/security/actool/_rep_policy.xml | 13 + .../actool/clientlibs/overview/.content.xml | 13 + .../netcentric/actool/content/.content.xml | 13 + .../actool/content/overview/.content.xml | 13 + .../actool/content/overview/_rep_policy.xml | 13 + .../actool/aceinstaller/AceBeanInstaller.java | 15 +- .../aceinstaller/AceBeanInstallerClassic.java | 501 +++++----- .../AceBeanInstallerIncremental.java | 883 +++++++++--------- .../aceinstaller/BaseAceBeanInstaller.java | 421 ++++----- .../cq/tools/actool/aem/AcToolCqActions.java | 15 +- .../aem/AemCryptoDecryptionService.java | 99 +- .../actool/api/AcInstallationService.java | 13 +- .../cq/tools/actool/api/HistoryEntry.java | 13 +- .../cq/tools/actool/api/InstallationLog.java | 15 +- .../tools/actool/api/InstallationResult.java | 13 + .../cq/tools/actool/api/package-info.java | 15 +- .../AuthorizableCreatorException.java | 13 +- .../AuthorizableInstallerService.java | 13 +- .../impl/AuthInstallerUserManager.java | 13 + ...thInstallerUserManagerPrefetchingImpl.java | 13 + .../AuthorizableInstallerServiceImpl.java | 13 +- .../ExternalGroupInstallerServiceImpl.java | 14 +- .../ImpersonationInstallerServiceImpl.java | 14 +- .../actool/comparators/AcePathComparator.java | 13 +- .../comparators/AcePermissionComparator.java | 13 +- .../AuthorizableBeanIDComparator.java | 13 +- .../comparators/HistoryEntryComparator.java | 13 +- .../comparators/JcrCreatedComparator.java | 13 +- .../comparators/NodeCreatedComparator.java | 13 +- .../TimestampPropertyComparator.java | 13 +- .../actool/configmodel/AcConfiguration.java | 13 +- .../cq/tools/actool/configmodel/AceBean.java | 13 +- .../tools/actool/configmodel/AcesConfig.java | 14 +- .../configmodel/AuthorizableConfigBean.java | 13 +- .../configmodel/AuthorizablesConfig.java | 14 +- .../AutoCreateTestUsersConfig.java | 13 +- .../configmodel/GlobalConfiguration.java | 13 +- .../tools/actool/configmodel/Restriction.java | 13 + ...stlePkcs8EncryptedPrivateKeyDecryptor.java | 13 + .../actool/configmodel/pkcs/DerData.java | 13 + .../actool/configmodel/pkcs/DerType.java | 13 + .../JcaPkcs8EncryptedPrivateKeyDecryptor.java | 13 + .../cq/tools/actool/configmodel/pkcs/Key.java | 13 + .../configmodel/pkcs/PrivateKeyDecryptor.java | 13 + .../configmodel/pkcs/RandomPassword.java | 13 + .../configreader/ConfigFilesRetriever.java | 13 + .../ConfigFilesRetrieverImpl.java | 13 + .../actool/configreader/ConfigReader.java | 93 +- .../configreader/ConfigurationMerger.java | 81 +- .../configreader/TestUserConfigsCreator.java | 288 +++--- .../configreader/VirtualGroupProcessor.java | 340 +++---- .../actool/configreader/YamlConfigReader.java | 13 +- ...igurationAdminPluginScalarConstructor.java | 13 + .../configreader/YamlConfigurationMerger.java | 587 ++++++------ .../YamlMacroChildNodeObjectsProvider.java | 15 +- ...YamlMacroChildNodeObjectsProviderImpl.java | 297 +++--- .../configreader/YamlMacroElEvaluator.java | 529 +++++------ .../configreader/YamlMacroProcessor.java | 15 +- .../configreader/YamlMacroProcessorImpl.java | 653 ++++++------- .../UploadListenerService.java | 13 +- .../impl/UploadListenerServiceImpl.java | 13 +- .../actool/crypto/DecryptionService.java | 47 +- .../crypto/SimpleDecryptionService.java | 13 + .../actool/dumpservice/AcDumpElement.java | 13 +- .../dumpservice/AcDumpElementVisitor.java | 13 +- .../dumpservice/AcDumpElementYamlVisitor.java | 13 +- .../tools/actool/dumpservice/AceDumpData.java | 13 +- .../dumpservice/CommentingDumpElement.java | 13 +- .../actool/dumpservice/CompleteAcDump.java | 13 +- .../actool/dumpservice/ConfigDumpService.java | 13 +- .../tools/actool/dumpservice/DumpComment.java | 13 +- .../dumpservice/DumpSectionElement.java | 13 +- .../cq/tools/actool/dumpservice/MapKey.java | 13 +- .../dumpservice/StructuralDumpElement.java | 13 +- .../dumpservice/impl/DumpServiceImpl.java | 13 +- .../ExternalGroupManagement.java | 13 + .../LastRunSuccessHealthCheck.java | 13 +- .../cq/tools/actool/helper/AcHelper.java | 377 ++++---- .../actool/helper/AccessControlUtils.java | 13 +- .../cq/tools/actool/helper/AceWrapper.java | 13 +- .../cq/tools/actool/helper/AclBean.java | 13 +- .../cq/tools/actool/helper/Constants.java | 13 +- .../cq/tools/actool/helper/ContentHelper.java | 623 ++++++------ .../cq/tools/actool/helper/PurgeHelper.java | 13 +- .../cq/tools/actool/helper/QueryHelper.java | 13 +- .../actool/helper/RestrictionsHolder.java | 13 + .../helper/UncheckedRepositoryException.java | 13 + .../actool/helper/runtime/RuntimeHelper.java | 13 + .../actool/history/AcHistoryService.java | 13 +- .../tools/actool/history/AcToolExecution.java | 13 + .../actool/history/InstallationListener.java | 14 +- .../actool/history/InstallationLogger.java | 13 + .../history/impl/AcHistoryServiceImpl.java | 13 +- .../history/impl/AcToolExecutionImpl.java | 13 + .../actool/history/impl/HistoryUtils.java | 13 +- .../actool/history/impl/HtmlConstants.java | 13 +- .../impl/PersistableInstallationLogger.java | 14 +- ...ressTrackerListenerInstallationLogger.java | 13 + .../actool/impl/AcConfigChangeTracker.java | 13 + .../impl/AcInstallationServiceImpl.java | 13 +- .../impl/AcInstallationServiceInternal.java | 13 +- .../cq/tools/actool/impl/Activator.java | 13 + .../actool/impl/JcrInstallUrlHandler.java | 13 + .../tools/actool/ims/IMSUserManagement.java | 13 + .../actool/ims/request/ActionCommand.java | 13 + .../actool/ims/request/AddMembershipStep.java | 13 + .../actool/ims/request/CreateGroupStep.java | 13 + .../cq/tools/actool/ims/request/Step.java | 13 + .../ims/request/UserGroupActionCommand.java | 13 + .../actool/ims/response/AccessToken.java | 13 + .../ims/response/ActionCommandError.java | 13 + .../ims/response/ActionCommandIssue.java | 13 + .../ims/response/ActionCommandResponse.java | 13 + .../ims/response/ActionCommandWarning.java | 15 +- .../actool/installhook/AcToolInstallHook.java | 13 +- .../installhook/AcToolInstallHookService.java | 15 +- .../installhook/OsgiAwareInstallHook.java | 13 +- .../impl/AcToolInstallHookServiceImpl.java | 13 +- .../actool/installhook/package-info.java | 16 +- .../cq/tools/actool/jmx/AceServiceMBean.java | 13 +- .../tools/actool/jmx/AceServiceMBeanImpl.java | 13 +- .../ExtendedSlingSettingsService.java | 13 + .../ExtendedSlingSettingsServiceImpl.java | 13 + .../tools/actool/ui/AcToolTouchUiServlet.java | 13 + .../cq/tools/actool/ui/AcToolUiService.java | 13 + .../actool/ui/AcToolWebconsolePlugin.java | 13 + .../cq/tools/actool/ui/HtmlWriter.java | 15 +- .../actool/ui/WebConsoleConfigTracker.java | 13 + .../cq/tools/actool/user/UserProcessor.java | 13 + .../actool/user/impl/UserProcessorImpl.java | 13 + .../actool/validators/AceBeanValidator.java | 45 +- .../validators/AuthorizableValidator.java | 45 +- .../validators/ConfigurationsValidator.java | 113 +-- .../ExternalGroupsInIsMemberOfValidator.java | 13 +- .../GlobalConfigurationValidator.java | 13 +- .../ObsoleteAuthorizablesValidator.java | 13 +- ...ngedExternalMemberRelationshipChecker.java | 13 +- .../tools/actool/validators/Validators.java | 13 +- .../YamlConfigurationsValidator.java | 265 +++--- .../AcConfigBeanValidationException.java | 43 +- .../DoubledDefinedActionException.java | 41 +- .../DoubledDefinedJcrPrivilegeException.java | 41 +- .../exceptions/InvalidActionException.java | 35 +- .../InvalidAuthorizableException.java | 45 +- ...ExternalGroupUsageValidationException.java | 43 +- .../exceptions/InvalidGroupNameException.java | 39 +- .../InvalidIntermediatePathException.java | 13 + .../InvalidJcrPrivilegeException.java | 41 +- .../exceptions/InvalidPathException.java | 39 +- .../InvalidPermissionException.java | 39 +- .../exceptions/InvalidRepGlobException.java | 39 +- .../InvalidRestrictionsException.java | 13 + .../exceptions/InvalidYamlException.java | 13 + .../NoActionOrPrivilegeDefinedException.java | 41 +- .../exceptions/NoGroupDefinedException.java | 39 +- .../exceptions/NoListOnTopLevelException.java | 13 + .../exceptions/TooManyActionsException.java | 35 +- .../validators/impl/AceBeanValidatorImpl.java | 627 +++++++------ .../impl/AuthorizableValidatorImpl.java | 399 ++++---- .../ObsoleteAuthorizablesValidatorImpl.java | 13 +- .../AceBeanInstallerIncrementalTest.java | 14 +- ...stallerUserManagerPrefetchingImplTest.java | 13 + .../AuthorizableInstallerServiceImplTest.java | 14 +- ...ImpersonationInstallerServiceImplTest.java | 13 + .../AcePermissionComparatorTest.java | 14 +- .../configmodel/AuthorizablesConfigTest.java | 13 + .../configmodel/TestDecryptionService.java | 15 +- .../actool/configmodel/pkcs/DerDataTest.java | 13 + .../actool/configmodel/pkcs/KeyTest.java | 13 + .../ConfigFilesRetrieverImplTest.java | 14 +- .../actool/configreader/TestAceBean.java | 14 +- .../TestAuthorizableConfigBean.java | 14 +- .../TestUserConfigsCreatorTest.java | 13 + .../configreader/TestYamlConfigReader.java | 14 +- .../VirtualGroupProcessorTest.java | 13 + .../configreader/YamlConfigReaderTest.java | 13 +- .../YamlConfigurationMergerTest.java | 13 +- .../YamlMacroElEvaluatorTest.java | 13 + .../configreader/YamlMacroProcessorTest.java | 13 +- .../actool/extensions/OakRepository.java | 13 + .../cq/tools/actool/helper/AcHelperTest.java | 13 +- .../tools/actool/helper/AceWrapperTest.java | 14 +- .../tools/actool/helper/ContentHelperIT.java | 13 + .../actool/helper/ContentHelperTest.java | 14 +- .../cq/tools/actool/helper/QueryHelperIT.java | 13 + .../tools/actool/helper/QueryHelperTest.java | 13 + .../tools/actool/helper/ValidatorsTest.java | 171 ++-- .../impl/AcInstallationServiceImplTest.java | 13 + .../tools/actool/impl/AceServiceImplTest.java | 14 +- .../tools/actool/ims/IMSUserManagementIT.java | 13 + .../ExtendedSlingSettingsServiceImplTest.java | 13 + .../actool/validators/BeanValidatorsTest.java | 243 ++--- ...ternalGroupsInIsMemberOfValidatorTest.java | 13 + .../GlobalConfigurationValidatorTest.java | 13 +- .../validators/RestrictionValidationTest.java | 14 +- ...ExternalMemberRelationshipCheckerTest.java | 13 + .../validators/ValidatorTestHelper.java | 14 +- .../src/main/META-INF/vault/filter.xml | 25 +- .../src/main/jcr_root/_rep_policy.xml | 13 + .../src/main/jcr_root/_rep_repoPolicy.xml | 13 + .../home/users/system/actool/.content.xml | 15 +- .../system/actool/actool-service/.content.xml | 15 +- .../src/main/META-INF/vault/config.xml | 12 + .../src/main/META-INF/vault/filter.xml | 21 +- .../src/main/META-INF/vault/settings.xml | 23 +- .../src/main/META-INF/vault/filter.xml | 23 +- .../jcr_root/_oak_index/repACL-custom-1.xml | 13 + .../src/main/META-INF/vault/filter.xml | 35 +- .../impl/AcToolStartupHookServiceImpl.java | 13 +- .../impl/StartupBundleActivator.java | 13 +- pom.xml | 1 - 218 files changed, 6300 insertions(+), 4460 deletions(-) diff --git a/accesscontroltool-apps-package/src/main/META-INF/vault/filter.xml b/accesscontroltool-apps-package/src/main/META-INF/vault/filter.xml index 835cae651..f17c697fb 100644 --- a/accesscontroltool-apps-package/src/main/META-INF/vault/filter.xml +++ b/accesscontroltool-apps-package/src/main/META-INF/vault/filter.xml @@ -1,13 +1,26 @@ - - - - - - - - - - - - - + + + + + + + + + + + + + + + diff --git a/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/.content.xml b/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/.content.xml index 160edce61..4decfe490 100644 --- a/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/.content.xml +++ b/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/.content.xml @@ -1,3 +1,16 @@ + + diff --git a/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/.content.xml b/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/.content.xml index 160edce61..4decfe490 100644 --- a/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/.content.xml +++ b/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/.content.xml @@ -1,3 +1,16 @@ + + diff --git a/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/nav/.content.xml b/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/nav/.content.xml index 160edce61..4decfe490 100644 --- a/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/nav/.content.xml +++ b/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/nav/.content.xml @@ -1,3 +1,16 @@ + + diff --git a/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/nav/tools/.content.xml b/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/nav/tools/.content.xml index 160edce61..4decfe490 100644 --- a/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/nav/tools/.content.xml +++ b/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/nav/tools/.content.xml @@ -1,3 +1,16 @@ + + diff --git a/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/nav/tools/security/.content.xml b/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/nav/tools/security/.content.xml index 22f3a0d46..3f902c0c9 100644 --- a/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/nav/tools/security/.content.xml +++ b/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/nav/tools/security/.content.xml @@ -1,4 +1,17 @@ + + diff --git a/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/nav/tools/security/actool/.content.xml b/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/nav/tools/security/actool/.content.xml index 9e9bc1a1d..b927c352c 100644 --- a/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/nav/tools/security/actool/.content.xml +++ b/accesscontroltool-apps-package/src/main/jcr_root/apps/cq/core/content/nav/tools/security/actool/.content.xml @@ -1,4 +1,17 @@ + + + + + + diff --git a/accesscontroltool-apps-package/src/main/jcr_root/apps/netcentric/actool/content/.content.xml b/accesscontroltool-apps-package/src/main/jcr_root/apps/netcentric/actool/content/.content.xml index 1727fb27c..8aefd45ed 100644 --- a/accesscontroltool-apps-package/src/main/jcr_root/apps/netcentric/actool/content/.content.xml +++ b/accesscontroltool-apps-package/src/main/jcr_root/apps/netcentric/actool/content/.content.xml @@ -1,4 +1,17 @@ + + diff --git a/accesscontroltool-apps-package/src/main/jcr_root/apps/netcentric/actool/content/overview/.content.xml b/accesscontroltool-apps-package/src/main/jcr_root/apps/netcentric/actool/content/overview/.content.xml index ba44ac573..5f52d1c13 100644 --- a/accesscontroltool-apps-package/src/main/jcr_root/apps/netcentric/actool/content/overview/.content.xml +++ b/accesscontroltool-apps-package/src/main/jcr_root/apps/netcentric/actool/content/overview/.content.xml @@ -1,4 +1,17 @@ + + + + > pathBasedAceMapFromConfig, final AcConfiguration acConfiguration, final Session session, final InstallationLogger installationLog, Set authorizablesToRemoveAcesFor) throws Exception; -} \ No newline at end of file +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aceinstaller/AceBeanInstallerClassic.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aceinstaller/AceBeanInstallerClassic.java index 1c7a8d9f8..e52f5b954 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aceinstaller/AceBeanInstallerClassic.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aceinstaller/AceBeanInstallerClassic.java @@ -1,248 +1,253 @@ -/* - * (C) Copyright 2016 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.aceinstaller; - -import java.security.Principal; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; - -import javax.jcr.RepositoryException; -import javax.jcr.Session; -import javax.jcr.UnsupportedRepositoryOperationException; -import javax.jcr.security.AccessControlEntry; -import javax.jcr.security.AccessControlException; -import javax.jcr.security.AccessControlManager; -import javax.jcr.security.Privilege; - -import org.apache.commons.collections4.CollectionUtils; -import org.apache.commons.lang3.StringUtils; -import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry; -import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; -import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl; -import org.osgi.service.component.annotations.Component; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import biz.netcentric.cq.tools.actool.aem.AcToolCqActions; -import biz.netcentric.cq.tools.actool.configmodel.AceBean; -import biz.netcentric.cq.tools.actool.helper.AccessControlUtils; -import biz.netcentric.cq.tools.actool.helper.RestrictionsHolder; -import biz.netcentric.cq.tools.actool.history.InstallationLogger; - -/** The way ACEs were installed in version one is still available and can be configured in "global_config" section by setting - * "installAclsIncrementally=false". */ -@Component() -public class AceBeanInstallerClassic extends BaseAceBeanInstaller implements AceBeanInstaller { - - private static final Logger LOG = LoggerFactory.getLogger(AceBeanInstallerClassic.class); - - - /** Installs a full set of ACE beans that form an ACL for the path - * - * @throws RepositoryException */ - protected void installAcl(Set aceBeanSetFromConfig, String path, Set principalsToRemoveAcesFor, Session session, - InstallationLogger installLog) throws RepositoryException { - - // Remove all config contained authorizables from ACL of this path - int countRemoved = AccessControlUtils.deleteAllEntriesForPrincipalsFromACL(session, - path, principalsToRemoveAcesFor.toArray(new String[principalsToRemoveAcesFor.size()])); - - installLog.addVerboseMessage(LOG, "Deleted " + countRemoved + " ACEs for configured principals from path " + path); - - // Set ACL in repo with permissions from merged config - for (final AceBean bean : aceBeanSetFromConfig) { - - LOG.debug("Writing bean to repository {}", bean); - - Principal currentPrincipal = new PrincipalImpl(bean.getPrincipalName()); - installAce(bean, session, currentPrincipal, installLog); - - } - - installLog.incCountAclsChanged(); - - } - - /** Installs the AccessControlEntry being represented by this bean in the repository - * - * @throws NoSuchMethodException */ - private void installAce(AceBean aceBean, final Session session, Principal principal, - InstallationLogger installLog) throws RepositoryException { - - if (aceBean.isInitialContentOnlyConfig()) { - return; - } - - final AccessControlManager acMgr = session.getAccessControlManager(); - - JackrabbitAccessControlList acl = AccessControlUtils.getModifiableAcl(acMgr, aceBean.getJcrPathForPolicyApi()); - if (acl == null) { - installLog.addMessage(LOG, "Skipped installing privileges/actions for non existing path: " + aceBean.getJcrPath()); - return; - } - - // first install actions - final JackrabbitAccessControlList newAcl = installActions(aceBean, principal, acl, session, acMgr, installLog); - if (acl != newAcl) { - installLog.addVerboseMessage(LOG, "Added action(s) for path: " + aceBean.getJcrPath() - + ", principal: " + principal.getName() + ", actions: " - + aceBean.getActionsString() + ", allow: " + aceBean.isAllow()); - removeRedundantPrivileges(aceBean, session); - acl = newAcl; - } - - // then install (remaining) privileges - if (installPrivileges(aceBean, principal, acl, session, acMgr)) { - installLog.addVerboseMessage(LOG, "Added privilege(s) for path: " + aceBean.getJcrPath() - + ", principal: " + principal.getName() + ", privileges: " - + aceBean.getPrivilegesString() + ", allow: " + aceBean.isAllow()); - } - - if (!acl.isEmpty()) { - acMgr.setPolicy(aceBean.getJcrPathForPolicyApi(), acl); - } else { - acMgr.removePolicy(aceBean.getJcrPathForPolicyApi(), acl); - } - - } - - - /** Installs the CQ actions in the repository. - * - * @return either the same acl as given in the parameter {@code acl} if no actions have been installed otherwise the new - * AccessControlList (comprising the entres being installed for the actions). - * @throws RepositoryException */ - private JackrabbitAccessControlList installActions(AceBean aceBean, Principal principal, JackrabbitAccessControlList acl, - Session session, AccessControlManager acMgr, InstallationLogger installLog) throws RepositoryException { - final Map actionMap = aceBean.getActionMap(); - if (actionMap.isEmpty()) { - return acl; - } - - AcToolCqActions cqActions = new AcToolCqActions(session); - Collection inheritedAllows = cqActions.getAllowedActions( - aceBean.getJcrPathForPolicyApi(), Collections.singleton(principal)); - // this does always install new entries - cqActions.installActions(aceBean.getJcrPathForPolicyApi(), principal, actionMap, inheritedAllows); - - // since the aclist has been modified, retrieve it again - final JackrabbitAccessControlList newAcl = AccessControlUtils.getAccessControlList(session, aceBean.getJcrPath()); - final RestrictionsHolder restrictions = getRestrictions(aceBean, session, acl); - - if (!aceBean.getRestrictions().isEmpty()) { - // additionally set restrictions on the installed actions (this is not supported by CQ Security API) - addAdditionalRestriction(aceBean, acl, newAcl, restrictions); - } - return newAcl; - } - - private void addAdditionalRestriction(AceBean aceBean, JackrabbitAccessControlList oldAcl, JackrabbitAccessControlList newAcl, - RestrictionsHolder restrictions) - throws RepositoryException { - final List changedAces = getModifiedAces(oldAcl, newAcl); - if (!changedAces.isEmpty()) { - for (final AccessControlEntry newAce : changedAces) { - addRestrictionIfNotSet(newAcl, restrictions, newAce); - } - } else { - // check cornercase: yaml file contains 2 ACEs with same action same principal same path but one with additional restriction - // (e.g. read and repGlob: '') - // in that case old and new acl contain the same elements (equals == true) and in both lists the last ace contains the action - // without restriction - // for that group - final AccessControlEntry lastOldAce = oldAcl.getAccessControlEntries()[oldAcl.getAccessControlEntries().length - 1]; - final AccessControlEntry lastNewAce = newAcl.getAccessControlEntries()[newAcl.getAccessControlEntries().length - 1]; - - if (lastOldAce.equals(lastNewAce) && lastNewAce.getPrincipal().getName().equals(aceBean.getPrincipalName())) { - addRestrictionIfNotSet(newAcl, restrictions, lastNewAce); - - } else { - throw new IllegalStateException("No new entries have been set for AccessControlList at " + aceBean.getJcrPath()); - } - } - } - - private void addRestrictionIfNotSet(JackrabbitAccessControlList newAcl, RestrictionsHolder restrictions, - AccessControlEntry newAce) - throws RepositoryException, AccessControlException, UnsupportedRepositoryOperationException, SecurityException { - if (!(newAce instanceof JackrabbitAccessControlEntry)) { - throw new IllegalStateException( - "Can not deal with non JackrabbitAccessControlEntrys, but entry is of type " + newAce.getClass().getName()); - } - final JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) newAce; - // only extend those AccessControlEntries which do not yet have a restriction - - if (ace.getRestrictionNames().length == 0) { - // modify this AccessControlEntry by adding the restriction - extendExistingAceWithRestrictions(newAcl, ace, restrictions); - } - } - - private List getModifiedAces(final JackrabbitAccessControlList oldAcl, JackrabbitAccessControlList newAcl) - throws RepositoryException { - final List oldAces = Arrays.asList(oldAcl.getAccessControlEntries()); - final List newAces = Arrays.asList(newAcl.getAccessControlEntries()); - return (List) CollectionUtils.subtract(newAces, oldAces); - - } - - - private void removeRedundantPrivileges(AceBean aceBean, Session session) throws RepositoryException { - final Set cleanedPrivileges = removeRedundantPrivileges(session, aceBean.getPrivileges(), aceBean.getActions()); - aceBean.setPrivilegesString(StringUtils.join(cleanedPrivileges, ",")); - } - - /** Modifies the privileges so that privileges already covered by actions are removed. This is only a best effort operation as one - * action can lead to privileges on multiple nodes. - * - * @throws RepositoryException */ - private Set removeRedundantPrivileges(Session session, String[] privileges, String[] actions) - throws RepositoryException { - AcToolCqActions cqActions = new AcToolCqActions(session); - Set cleanedPrivileges = new HashSet(); - if (privileges == null) { - return cleanedPrivileges; - } - cleanedPrivileges.addAll(Arrays.asList(privileges)); - if (actions == null) { - return cleanedPrivileges; - } - for (final String action : actions) { - final Set coveredPrivileges = cqActions.getPrivileges(action); - for (final Privilege coveredPrivilege : coveredPrivileges) { - cleanedPrivileges.remove(coveredPrivilege.getName()); - } - } - return cleanedPrivileges; - } - - - private void extendExistingAceWithRestrictions(JackrabbitAccessControlList accessControlList, - JackrabbitAccessControlEntry accessControlEntry, RestrictionsHolder restrictions) - throws SecurityException, UnsupportedRepositoryOperationException, RepositoryException { - - // 1. add new entry - if (!accessControlList.addEntry(accessControlEntry.getPrincipal(), accessControlEntry.getPrivileges(), accessControlEntry.isAllow(), - restrictions.getSingleValuedRestrictionsMap(), restrictions.getMultiValuedRestrictionsMap())) { - throw new IllegalStateException("Could not add entry, probably because it was already there!"); - } - // we assume the entry being added is the last one - final AccessControlEntry newAccessControlEntry = accessControlList.getAccessControlEntries()[accessControlList.size() - 1]; - // 2. put it to the right position now! - accessControlList.orderBefore(newAccessControlEntry, accessControlEntry); - // 3. remove old entry - accessControlList.removeAccessControlEntry(accessControlEntry); - } - -} +package biz.netcentric.cq.tools.actool.aceinstaller; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import java.security.Principal; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import javax.jcr.RepositoryException; +import javax.jcr.Session; +import javax.jcr.UnsupportedRepositoryOperationException; +import javax.jcr.security.AccessControlEntry; +import javax.jcr.security.AccessControlException; +import javax.jcr.security.AccessControlManager; +import javax.jcr.security.Privilege; + +import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.lang3.StringUtils; +import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry; +import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; +import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl; +import org.osgi.service.component.annotations.Component; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import biz.netcentric.cq.tools.actool.aem.AcToolCqActions; +import biz.netcentric.cq.tools.actool.configmodel.AceBean; +import biz.netcentric.cq.tools.actool.helper.AccessControlUtils; +import biz.netcentric.cq.tools.actool.helper.RestrictionsHolder; +import biz.netcentric.cq.tools.actool.history.InstallationLogger; + +/** The way ACEs were installed in version one is still available and can be configured in "global_config" section by setting + * "installAclsIncrementally=false". */ +@Component() +public class AceBeanInstallerClassic extends BaseAceBeanInstaller implements AceBeanInstaller { + + private static final Logger LOG = LoggerFactory.getLogger(AceBeanInstallerClassic.class); + + + /** Installs a full set of ACE beans that form an ACL for the path + * + * @throws RepositoryException */ + protected void installAcl(Set aceBeanSetFromConfig, String path, Set principalsToRemoveAcesFor, Session session, + InstallationLogger installLog) throws RepositoryException { + + // Remove all config contained authorizables from ACL of this path + int countRemoved = AccessControlUtils.deleteAllEntriesForPrincipalsFromACL(session, + path, principalsToRemoveAcesFor.toArray(new String[principalsToRemoveAcesFor.size()])); + + installLog.addVerboseMessage(LOG, "Deleted " + countRemoved + " ACEs for configured principals from path " + path); + + // Set ACL in repo with permissions from merged config + for (final AceBean bean : aceBeanSetFromConfig) { + + LOG.debug("Writing bean to repository {}", bean); + + Principal currentPrincipal = new PrincipalImpl(bean.getPrincipalName()); + installAce(bean, session, currentPrincipal, installLog); + + } + + installLog.incCountAclsChanged(); + + } + + /** Installs the AccessControlEntry being represented by this bean in the repository + * + * @throws NoSuchMethodException */ + private void installAce(AceBean aceBean, final Session session, Principal principal, + InstallationLogger installLog) throws RepositoryException { + + if (aceBean.isInitialContentOnlyConfig()) { + return; + } + + final AccessControlManager acMgr = session.getAccessControlManager(); + + JackrabbitAccessControlList acl = AccessControlUtils.getModifiableAcl(acMgr, aceBean.getJcrPathForPolicyApi()); + if (acl == null) { + installLog.addMessage(LOG, "Skipped installing privileges/actions for non existing path: " + aceBean.getJcrPath()); + return; + } + + // first install actions + final JackrabbitAccessControlList newAcl = installActions(aceBean, principal, acl, session, acMgr, installLog); + if (acl != newAcl) { + installLog.addVerboseMessage(LOG, "Added action(s) for path: " + aceBean.getJcrPath() + + ", principal: " + principal.getName() + ", actions: " + + aceBean.getActionsString() + ", allow: " + aceBean.isAllow()); + removeRedundantPrivileges(aceBean, session); + acl = newAcl; + } + + // then install (remaining) privileges + if (installPrivileges(aceBean, principal, acl, session, acMgr)) { + installLog.addVerboseMessage(LOG, "Added privilege(s) for path: " + aceBean.getJcrPath() + + ", principal: " + principal.getName() + ", privileges: " + + aceBean.getPrivilegesString() + ", allow: " + aceBean.isAllow()); + } + + if (!acl.isEmpty()) { + acMgr.setPolicy(aceBean.getJcrPathForPolicyApi(), acl); + } else { + acMgr.removePolicy(aceBean.getJcrPathForPolicyApi(), acl); + } + + } + + + /** Installs the CQ actions in the repository. + * + * @return either the same acl as given in the parameter {@code acl} if no actions have been installed otherwise the new + * AccessControlList (comprising the entres being installed for the actions). + * @throws RepositoryException */ + private JackrabbitAccessControlList installActions(AceBean aceBean, Principal principal, JackrabbitAccessControlList acl, + Session session, AccessControlManager acMgr, InstallationLogger installLog) throws RepositoryException { + final Map actionMap = aceBean.getActionMap(); + if (actionMap.isEmpty()) { + return acl; + } + + AcToolCqActions cqActions = new AcToolCqActions(session); + Collection inheritedAllows = cqActions.getAllowedActions( + aceBean.getJcrPathForPolicyApi(), Collections.singleton(principal)); + // this does always install new entries + cqActions.installActions(aceBean.getJcrPathForPolicyApi(), principal, actionMap, inheritedAllows); + + // since the aclist has been modified, retrieve it again + final JackrabbitAccessControlList newAcl = AccessControlUtils.getAccessControlList(session, aceBean.getJcrPath()); + final RestrictionsHolder restrictions = getRestrictions(aceBean, session, acl); + + if (!aceBean.getRestrictions().isEmpty()) { + // additionally set restrictions on the installed actions (this is not supported by CQ Security API) + addAdditionalRestriction(aceBean, acl, newAcl, restrictions); + } + return newAcl; + } + + private void addAdditionalRestriction(AceBean aceBean, JackrabbitAccessControlList oldAcl, JackrabbitAccessControlList newAcl, + RestrictionsHolder restrictions) + throws RepositoryException { + final List changedAces = getModifiedAces(oldAcl, newAcl); + if (!changedAces.isEmpty()) { + for (final AccessControlEntry newAce : changedAces) { + addRestrictionIfNotSet(newAcl, restrictions, newAce); + } + } else { + // check cornercase: yaml file contains 2 ACEs with same action same principal same path but one with additional restriction + // (e.g. read and repGlob: '') + // in that case old and new acl contain the same elements (equals == true) and in both lists the last ace contains the action + // without restriction + // for that group + final AccessControlEntry lastOldAce = oldAcl.getAccessControlEntries()[oldAcl.getAccessControlEntries().length - 1]; + final AccessControlEntry lastNewAce = newAcl.getAccessControlEntries()[newAcl.getAccessControlEntries().length - 1]; + + if (lastOldAce.equals(lastNewAce) && lastNewAce.getPrincipal().getName().equals(aceBean.getPrincipalName())) { + addRestrictionIfNotSet(newAcl, restrictions, lastNewAce); + + } else { + throw new IllegalStateException("No new entries have been set for AccessControlList at " + aceBean.getJcrPath()); + } + } + } + + private void addRestrictionIfNotSet(JackrabbitAccessControlList newAcl, RestrictionsHolder restrictions, + AccessControlEntry newAce) + throws RepositoryException, AccessControlException, UnsupportedRepositoryOperationException, SecurityException { + if (!(newAce instanceof JackrabbitAccessControlEntry)) { + throw new IllegalStateException( + "Can not deal with non JackrabbitAccessControlEntrys, but entry is of type " + newAce.getClass().getName()); + } + final JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry) newAce; + // only extend those AccessControlEntries which do not yet have a restriction + + if (ace.getRestrictionNames().length == 0) { + // modify this AccessControlEntry by adding the restriction + extendExistingAceWithRestrictions(newAcl, ace, restrictions); + } + } + + private List getModifiedAces(final JackrabbitAccessControlList oldAcl, JackrabbitAccessControlList newAcl) + throws RepositoryException { + final List oldAces = Arrays.asList(oldAcl.getAccessControlEntries()); + final List newAces = Arrays.asList(newAcl.getAccessControlEntries()); + return (List) CollectionUtils.subtract(newAces, oldAces); + + } + + + private void removeRedundantPrivileges(AceBean aceBean, Session session) throws RepositoryException { + final Set cleanedPrivileges = removeRedundantPrivileges(session, aceBean.getPrivileges(), aceBean.getActions()); + aceBean.setPrivilegesString(StringUtils.join(cleanedPrivileges, ",")); + } + + /** Modifies the privileges so that privileges already covered by actions are removed. This is only a best effort operation as one + * action can lead to privileges on multiple nodes. + * + * @throws RepositoryException */ + private Set removeRedundantPrivileges(Session session, String[] privileges, String[] actions) + throws RepositoryException { + AcToolCqActions cqActions = new AcToolCqActions(session); + Set cleanedPrivileges = new HashSet(); + if (privileges == null) { + return cleanedPrivileges; + } + cleanedPrivileges.addAll(Arrays.asList(privileges)); + if (actions == null) { + return cleanedPrivileges; + } + for (final String action : actions) { + final Set coveredPrivileges = cqActions.getPrivileges(action); + for (final Privilege coveredPrivilege : coveredPrivileges) { + cleanedPrivileges.remove(coveredPrivilege.getName()); + } + } + return cleanedPrivileges; + } + + + private void extendExistingAceWithRestrictions(JackrabbitAccessControlList accessControlList, + JackrabbitAccessControlEntry accessControlEntry, RestrictionsHolder restrictions) + throws SecurityException, UnsupportedRepositoryOperationException, RepositoryException { + + // 1. add new entry + if (!accessControlList.addEntry(accessControlEntry.getPrincipal(), accessControlEntry.getPrivileges(), accessControlEntry.isAllow(), + restrictions.getSingleValuedRestrictionsMap(), restrictions.getMultiValuedRestrictionsMap())) { + throw new IllegalStateException("Could not add entry, probably because it was already there!"); + } + // we assume the entry being added is the last one + final AccessControlEntry newAccessControlEntry = accessControlList.getAccessControlEntries()[accessControlList.size() - 1]; + // 2. put it to the right position now! + accessControlList.orderBefore(newAccessControlEntry, accessControlEntry); + // 3. remove old entry + accessControlList.removeAccessControlEntry(accessControlEntry); + } + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aceinstaller/AceBeanInstallerIncremental.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aceinstaller/AceBeanInstallerIncremental.java index 19d5be9a2..8ace16749 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aceinstaller/AceBeanInstallerIncremental.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aceinstaller/AceBeanInstallerIncremental.java @@ -1,439 +1,444 @@ -/* - * (C) Copyright 2016 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.aceinstaller; - -import java.security.Principal; -import java.text.Collator; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.Comparator; -import java.util.HashSet; -import java.util.Iterator; -import java.util.LinkedHashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.TreeSet; -import java.util.concurrent.ConcurrentHashMap; - -import javax.jcr.PathNotFoundException; -import javax.jcr.RepositoryException; -import javax.jcr.Session; -import javax.jcr.UnsupportedRepositoryOperationException; -import javax.jcr.security.AccessControlEntry; -import javax.jcr.security.AccessControlManager; -import javax.jcr.security.Privilege; - -import org.apache.commons.lang3.StringUtils; -import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; -import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl; -import org.apache.sling.jcr.api.SlingRepository; -import org.osgi.service.component.annotations.Component; -import org.osgi.service.component.annotations.Reference; -import org.osgi.service.component.annotations.ReferencePolicyOption; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import biz.netcentric.cq.tools.actool.aem.AcToolCqActions; -import biz.netcentric.cq.tools.actool.configmodel.AceBean; -import biz.netcentric.cq.tools.actool.configmodel.Restriction; -import biz.netcentric.cq.tools.actool.helper.AcHelper; -import biz.netcentric.cq.tools.actool.helper.AccessControlUtils; -import biz.netcentric.cq.tools.actool.history.InstallationLogger; - -@Component -public class AceBeanInstallerIncremental extends BaseAceBeanInstaller implements AceBeanInstaller { - - @Reference(policyOption=ReferencePolicyOption.GREEDY) - private SlingRepository slingRepository; - - private static final Logger LOG = LoggerFactory.getLogger(AceBeanInstallerIncremental.class); - - private Map> actionsToPrivilegesMapping = new ConcurrentHashMap>(); - - /** Installs a full set of ACE beans that form an ACL for the path - * - * @throws RepositoryException */ - protected void installAcl(Set aceBeanSetFromConfig, String path, Set principalsInConfiguration, Session session, - InstallationLogger installLog) throws RepositoryException { - - boolean hadPendingChanges = session.hasPendingChanges(); - - int countDeleted = 0; - int countAdded = 0; - int countNoChange = 0; - int countOutsideConfig = 0; - - StringBuilder diffLog = new StringBuilder(); - - aceBeanSetFromConfig = transformActionsIntoPrivileges(aceBeanSetFromConfig, session, installLog); - aceBeanSetFromConfig = filterInitialContentOnlyNodes(aceBeanSetFromConfig); - aceBeanSetFromConfig = filterDuplicates(aceBeanSetFromConfig, session); - - List configuredAceEntries = new ArrayList(aceBeanSetFromConfig); - int currentPositionConfig = 0; - - boolean changeHasBeenFound = false; - - AccessControlManager acMgr = session.getAccessControlManager(); - - JackrabbitAccessControlList acl = getAccessControlList(acMgr, path); - Iterator aceIt = Arrays.asList(acl.getAccessControlEntries()).iterator(); - while (aceIt.hasNext()) { - AccessControlEntry ace = aceIt.next(); - AceBean actualAceBean = AcHelper.getAceBean(ace, acl); - - String acePrincipalName = actualAceBean.getPrincipalName(); - String actualAceBeanCompareStr = toAceCompareString(actualAceBean, acMgr); - - if (!principalsInConfiguration.contains(acePrincipalName)) { - countOutsideConfig++; - diffLog.append(" OUTSIDE (not in Config) " + actualAceBeanCompareStr + "\n"); - continue; - } - - AceBean configuredAceAtThisLocation; - if (currentPositionConfig < configuredAceEntries.size()) { - configuredAceAtThisLocation = configuredAceEntries.get(currentPositionConfig); - } else { - // LOG.info("There are now fewer ACEs configured at path " + path + " than there was before"); - changeHasBeenFound = true; - configuredAceAtThisLocation = null; // setting explicitly to null - } - - String configuredAceAtThisLocationCompareStr = toAceCompareString(configuredAceAtThisLocation, acMgr); - boolean dumpEqualToConfig = StringUtils.equals(actualAceBeanCompareStr, configuredAceAtThisLocationCompareStr); - - if (!changeHasBeenFound && !dumpEqualToConfig) { - String configBeanStr = configuredAceAtThisLocationCompareStr; - diffLog.append("<<< CHANGE (Repo Version) " + actualAceBeanCompareStr - + "\n>>> CHANGE (Config Version) " + configBeanStr + "\n"); - } - - if (changeHasBeenFound || !dumpEqualToConfig) { - changeHasBeenFound = true; // first difference means we delete the rest of the acl and recreate it in the following loop - acl.removeAccessControlEntry(ace); - countDeleted++; - - diffLog.append(" DELETED (from Repo) " + actualAceBeanCompareStr + "\n"); - - continue; // we do not touch currentPositionConfig anymore, we'll have to recreate from there - } - - currentPositionConfig++; // found equal ACE, compare next pair - countNoChange++; - diffLog.append(" UNCHANGED " + actualAceBeanCompareStr + "\n"); - - } - - // install missing - this can be either because not all configured ACEs were found (append) or because a change was detected and old - // aces have been deleted - - for (int i = currentPositionConfig; i < configuredAceEntries.size(); i++) { - AceBean aceBeanToAppend = configuredAceEntries.get(i); - - installPrivileges(aceBeanToAppend, new PrincipalImpl(aceBeanToAppend.getPrincipalName()), acl, session, acMgr); - diffLog.append(" APPENDED (from Config) " + toAceCompareString(aceBeanToAppend, acMgr) + "\n"); - - countAdded++; - } - - if (countAdded > 0 || countDeleted > 0) { - acMgr.setPolicy(StringUtils.isNotBlank(path) ? path : /* repo level permission */null, acl); - - installLog.incCountAclsChanged(); - - installLog.addVerboseMessage(LOG, "Update result at path " + path + ": O=" + countOutsideConfig + " N=" - + countNoChange + " D=" + countDeleted + " A=" + countAdded - + (LOG.isDebugEnabled() ? "\nDIFF at " + path + "\n" + diffLog : "")); - - } else { - installLog.incCountAclsNoChange(); - } - - if (!hadPendingChanges) { - if (session.hasPendingChanges()) { - hadPendingChanges = true; - installLog.addMessage(LOG, "Path " + path + " introduced pending changes to the session"); - } - } - - } - - // When using actions, it often happens that the second entry produced (with the rep:glob '*/jcr:content*') is a duplicate - // Also without this, a potential effective duplicate in config would be detected as change of incremental run when it is - // really not since jackrabbit ignores adding a duplicate entry to ACL - private Set filterDuplicates(Set aceBeanSetFromConfig, Session session) - throws UnsupportedRepositoryOperationException, RepositoryException { - - LinkedHashSet filteredAceBeans = new LinkedHashSet(aceBeanSetFromConfig); - Iterator aceBeansIt = filteredAceBeans.iterator(); - Set aceCompareKeysToAvoidDuplicates = new HashSet(); - while (aceBeansIt.hasNext()) { - String aceCompareKey = toAceCompareString(aceBeansIt.next(), session.getAccessControlManager()); - if (aceCompareKeysToAvoidDuplicates.contains(aceCompareKey)) { - aceBeansIt.remove(); - } else { - aceCompareKeysToAvoidDuplicates.add(aceCompareKey); - } - - } - return filteredAceBeans; - } - - private Set filterInitialContentOnlyNodes(Set aceBeanSetFromConfig) { - Set aceBeanSetNoInitialContentOnlyNodes = new LinkedHashSet(); - for (AceBean aceBean : aceBeanSetFromConfig) { - if (!aceBean.isInitialContentOnlyConfig()) { - aceBeanSetNoInitialContentOnlyNodes.add(aceBean); - } - - } - return aceBeanSetNoInitialContentOnlyNodes; - } - - // to be overwritten in JUnit Test - protected JackrabbitAccessControlList getAccessControlList(AccessControlManager acMgr, String path) throws RepositoryException { - JackrabbitAccessControlList acl = AccessControlUtils.getModifiableAcl(acMgr, path); - return acl; - } - - private Set transformActionsIntoPrivileges(Set aceBeanSetFromConfig, Session session, - InstallationLogger installLog) throws RepositoryException { - - - Set aceBeanSetWithPrivilegesOnly = new LinkedHashSet(); - for (AceBean origAceBean : aceBeanSetFromConfig) { - if (origAceBean.getActionMap().isEmpty()) { - aceBeanSetWithPrivilegesOnly.add(origAceBean); - continue; - } - - Set aceBeansForActionEntry = getPrincipalAceBeansForActionAceBeanCached(origAceBean, session, installLog); - for (AceBean aceBeanResolvedFromAction : aceBeansForActionEntry) { - aceBeanSetWithPrivilegesOnly.add(aceBeanResolvedFromAction); - } - } - - return aceBeanSetWithPrivilegesOnly; - } - - private Set getPrincipalAceBeansForActionAceBeanCached(AceBean origAceBean, Session session, - InstallationLogger installLog) throws RepositoryException { - - String cacheKey = (definesContent(origAceBean.getJcrPathForPolicyApi(), session) ? "definesContent" : "simple") - + "-" + origAceBean.getPermission() + "-" + getRestrictionsComparable(origAceBean.getRestrictions()) + "-" - + Arrays.toString(origAceBean.getActions()); - - if (actionsToPrivilegesMapping.containsKey(cacheKey)) { - installLog.incCountActionCacheHit(); - LOG.trace("Cache hit for key " + cacheKey); - Set cachedAceBeansForActions = actionsToPrivilegesMapping.get(cacheKey); - Set principalCorrectedAceBeansForActions = new LinkedHashSet(); - for (AceBean aceBean : cachedAceBeansForActions) { - AceBean clone = aceBean.clone(); - clone.setPrincipalName(origAceBean.getPrincipalName()); - principalCorrectedAceBeansForActions.add(clone); - } - return principalCorrectedAceBeansForActions; - } else { - installLog.incCountActionCacheMiss(); - - Set aceBeansForActionEntry = null; - Session newSession = slingRepository.loginService(null, null); - try { - Session relevantSessionToUse; - if (newSession.nodeExists(origAceBean.getJcrPath())) { - // a new session is needed to ensure no pending changes are introduced (even if there would not be real pending changes - // since we add and remove, but session.hasPendingChanges() is true then). - // The new session is not saved(), its only function is to produce the action->privileges mapping with the ootb class - // CqActions - relevantSessionToUse = newSession; - } else { - // if the path was just only created in this session via initialContent - relevantSessionToUse = session; - LOG.warn("Reusing main session for path {} since the node was only just created in that session via 'initialContent'", - origAceBean.getJcrPath()); - } - aceBeansForActionEntry = getPrincipalAceBeansForActionAceBean(origAceBean, relevantSessionToUse); - } finally { - newSession.logout(); - } - - LOG.debug("Adding to cache: {}={}", cacheKey, aceBeansForActionEntry); - actionsToPrivilegesMapping.put(cacheKey, aceBeansForActionEntry); - - - return aceBeansForActionEntry; - } - - } - - Set getPrincipalAceBeansForActionAceBean(AceBean origAceBean, Session session) throws RepositoryException { - - Set aceBeansForActionEntry = new LinkedHashSet(); - - Principal testActionMapperPrincipal = getTestActionMapperPrincipal(); - applyCqActions(origAceBean, session, testActionMapperPrincipal); - - JackrabbitAccessControlList newAcl = getAccessControlList(session.getAccessControlManager(), origAceBean.getJcrPathForPolicyApi()); - - boolean isFirst = true; - for (AccessControlEntry newAce : newAcl.getAccessControlEntries()) { - if (!newAce.getPrincipal().equals(testActionMapperPrincipal)) { - continue; - } - - AceBean privilegesAceBeanForAction = AcHelper.getAceBean(newAce, newAcl); - privilegesAceBeanForAction.setPrincipalName(origAceBean.getPrincipalName()); - - // handle restrictions - if (isFirst) { - if (origAceBean.containsRestriction(AceBean.RESTRICTION_NAME_GLOB) - && privilegesAceBeanForAction.containsRestriction(AceBean.RESTRICTION_NAME_GLOB)) { - throw new IllegalArgumentException( - "When using actions that produce rep:glob restrictions (e.g. for page paths), rep:glob cannot be configured (origAceBean=" - + origAceBean.getRestrictions() + ", privilegesAceBeanForAction=" - + privilegesAceBeanForAction.getRestrictions() + "), check configuration for " - + origAceBean); - } else { - // other restrictions are just taken over - privilegesAceBeanForAction.getRestrictions().addAll(origAceBean.getRestrictions()); - } - } - - aceBeansForActionEntry.add(privilegesAceBeanForAction); - - // remove the fake entry again - newAcl.removeAccessControlEntry(newAce); - isFirst = false; - } - AccessControlManager acMgr = session.getAccessControlManager(); - acMgr.setPolicy(origAceBean.getJcrPath(), newAcl); - - // handle privileges - AceBean firstMappedBean = aceBeansForActionEntry.iterator().next(); // apply additional privileges only to first bean - Set newPrivilegesFirstMappedBean = new LinkedHashSet(); - // first add regular privileges - if (firstMappedBean.getPrivileges() != null) { - newPrivilegesFirstMappedBean.addAll(Arrays.asList(firstMappedBean.getPrivileges())); - } - Set flatSetPrincipalsOfFirstMappedBean = flatSetResolvedAggregates(firstMappedBean.getPrivileges(), acMgr, true); - if (origAceBean.getPrivileges() != null) { - for (String origBeanPrivString : origAceBean.getPrivileges()) { - if (!flatSetPrincipalsOfFirstMappedBean.contains(origBeanPrivString)) { - newPrivilegesFirstMappedBean.add(origBeanPrivString); - } - } - } - firstMappedBean.setPrivilegesString(StringUtils.join(newPrivilegesFirstMappedBean, ",")); - - if (LOG.isDebugEnabled()) { - StringBuilder buf = new StringBuilder(); - buf.append("CqActions at path " + origAceBean.getJcrPath() - + " with authorizableId=" + origAceBean.getAuthorizableId() + "/" + testActionMapperPrincipal.getName() + " produced \n"); - for (AceBean aceBean : aceBeansForActionEntry) { - buf.append(" " + toAceCompareString(aceBean, acMgr) + "\n"); - } - LOG.debug(buf.toString()); - } - - return aceBeansForActionEntry; - - } - - Principal getTestActionMapperPrincipal() { - String groupPrincipalId = "actool-tester-action-mapper"; // does not have to exist since the ACEs for it are not saved - Principal principal = new PrincipalImpl(groupPrincipalId); - return principal; - } - - void applyCqActions(AceBean origAceBean, Session session, Principal principal) throws RepositoryException { - - if (origAceBean.getActionMap().isEmpty()) { - return; - } - - AcToolCqActions cqActions = new AcToolCqActions(session); - Collection inheritedAllows = cqActions.getAllowedActions(origAceBean.getJcrPathForPolicyApi(), - Collections.singleton(principal)); - // this does always install new entries - cqActions.installActions(origAceBean.getJcrPath(), principal, origAceBean.getActionMap(), inheritedAllows); - - } - - private Set flatSetResolvedAggregates(String[] privNames, AccessControlManager acMgr, boolean includeAggregates) - throws RepositoryException { - if (privNames == null) { - return Collections.emptySet(); - } - final Set privileges = new HashSet(); - for (final String name : privNames) { - final Privilege p = acMgr.privilegeFromName(name); - if (!p.isAggregate() || includeAggregates) { - privileges.add(p.getName()); - } - if (p.isAggregate()) { // add "sub privileges" as well - for (Privilege subPriv : p.getDeclaredAggregatePrivileges()) { - Set subPrivileges = flatSetResolvedAggregates(new String[] { subPriv.getName() }, acMgr, includeAggregates); - privileges.addAll(subPrivileges); - } - } - } - return privileges; - } - - boolean definesContent(String pagePath, Session session) throws RepositoryException { - if (pagePath == null || pagePath.equals("/")) { - return false; - } - try { - return AcToolCqActions.definesContent(session.getNode(pagePath)); - } catch (PathNotFoundException e) { - return false; - } - - } - - private String toAceCompareString(AceBean aceBean, AccessControlManager acMgr) throws RepositoryException { - if (aceBean == null) { - return "null"; - } - - List restrictionsSorted = getRestrictionsComparable(aceBean.getRestrictions()); - - String nonAggregatePrivsNormalized = privilegesToComparableSet(aceBean.getPrivileges(), acMgr); - - String aceCompareStr = aceBean.getPrincipalName() + " " + aceBean.getPermission() + " " + nonAggregatePrivsNormalized - + Arrays.toString(restrictionsSorted.toArray()); - return aceCompareStr; - } - - private List getRestrictionsComparable(List restrictions) { - List restrictionsSorted = new ArrayList(restrictions); - Collections.sort(restrictionsSorted, new Comparator() { - - @Override - public int compare(Restriction r1, Restriction r2) { - return Collator.getInstance().compare(r1.getName(), r2.getName()); - } - }); - return restrictionsSorted; - } - - String privilegesToComparableSet(String[] privileges, AccessControlManager acMgr) throws RepositoryException { - return new TreeSet(flatSetResolvedAggregates(privileges, acMgr, false)).toString(); - } - - - - -} +package biz.netcentric.cq.tools.actool.aceinstaller; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import java.security.Principal; +import java.text.Collator; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Comparator; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedHashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.TreeSet; +import java.util.concurrent.ConcurrentHashMap; + +import javax.jcr.PathNotFoundException; +import javax.jcr.RepositoryException; +import javax.jcr.Session; +import javax.jcr.UnsupportedRepositoryOperationException; +import javax.jcr.security.AccessControlEntry; +import javax.jcr.security.AccessControlManager; +import javax.jcr.security.Privilege; + +import org.apache.commons.lang3.StringUtils; +import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; +import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl; +import org.apache.sling.jcr.api.SlingRepository; +import org.osgi.service.component.annotations.Component; +import org.osgi.service.component.annotations.Reference; +import org.osgi.service.component.annotations.ReferencePolicyOption; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import biz.netcentric.cq.tools.actool.aem.AcToolCqActions; +import biz.netcentric.cq.tools.actool.configmodel.AceBean; +import biz.netcentric.cq.tools.actool.configmodel.Restriction; +import biz.netcentric.cq.tools.actool.helper.AcHelper; +import biz.netcentric.cq.tools.actool.helper.AccessControlUtils; +import biz.netcentric.cq.tools.actool.history.InstallationLogger; + +@Component +public class AceBeanInstallerIncremental extends BaseAceBeanInstaller implements AceBeanInstaller { + + @Reference(policyOption=ReferencePolicyOption.GREEDY) + private SlingRepository slingRepository; + + private static final Logger LOG = LoggerFactory.getLogger(AceBeanInstallerIncremental.class); + + private Map> actionsToPrivilegesMapping = new ConcurrentHashMap>(); + + /** Installs a full set of ACE beans that form an ACL for the path + * + * @throws RepositoryException */ + protected void installAcl(Set aceBeanSetFromConfig, String path, Set principalsInConfiguration, Session session, + InstallationLogger installLog) throws RepositoryException { + + boolean hadPendingChanges = session.hasPendingChanges(); + + int countDeleted = 0; + int countAdded = 0; + int countNoChange = 0; + int countOutsideConfig = 0; + + StringBuilder diffLog = new StringBuilder(); + + aceBeanSetFromConfig = transformActionsIntoPrivileges(aceBeanSetFromConfig, session, installLog); + aceBeanSetFromConfig = filterInitialContentOnlyNodes(aceBeanSetFromConfig); + aceBeanSetFromConfig = filterDuplicates(aceBeanSetFromConfig, session); + + List configuredAceEntries = new ArrayList(aceBeanSetFromConfig); + int currentPositionConfig = 0; + + boolean changeHasBeenFound = false; + + AccessControlManager acMgr = session.getAccessControlManager(); + + JackrabbitAccessControlList acl = getAccessControlList(acMgr, path); + Iterator aceIt = Arrays.asList(acl.getAccessControlEntries()).iterator(); + while (aceIt.hasNext()) { + AccessControlEntry ace = aceIt.next(); + AceBean actualAceBean = AcHelper.getAceBean(ace, acl); + + String acePrincipalName = actualAceBean.getPrincipalName(); + String actualAceBeanCompareStr = toAceCompareString(actualAceBean, acMgr); + + if (!principalsInConfiguration.contains(acePrincipalName)) { + countOutsideConfig++; + diffLog.append(" OUTSIDE (not in Config) " + actualAceBeanCompareStr + "\n"); + continue; + } + + AceBean configuredAceAtThisLocation; + if (currentPositionConfig < configuredAceEntries.size()) { + configuredAceAtThisLocation = configuredAceEntries.get(currentPositionConfig); + } else { + // LOG.info("There are now fewer ACEs configured at path " + path + " than there was before"); + changeHasBeenFound = true; + configuredAceAtThisLocation = null; // setting explicitly to null + } + + String configuredAceAtThisLocationCompareStr = toAceCompareString(configuredAceAtThisLocation, acMgr); + boolean dumpEqualToConfig = StringUtils.equals(actualAceBeanCompareStr, configuredAceAtThisLocationCompareStr); + + if (!changeHasBeenFound && !dumpEqualToConfig) { + String configBeanStr = configuredAceAtThisLocationCompareStr; + diffLog.append("<<< CHANGE (Repo Version) " + actualAceBeanCompareStr + + "\n>>> CHANGE (Config Version) " + configBeanStr + "\n"); + } + + if (changeHasBeenFound || !dumpEqualToConfig) { + changeHasBeenFound = true; // first difference means we delete the rest of the acl and recreate it in the following loop + acl.removeAccessControlEntry(ace); + countDeleted++; + + diffLog.append(" DELETED (from Repo) " + actualAceBeanCompareStr + "\n"); + + continue; // we do not touch currentPositionConfig anymore, we'll have to recreate from there + } + + currentPositionConfig++; // found equal ACE, compare next pair + countNoChange++; + diffLog.append(" UNCHANGED " + actualAceBeanCompareStr + "\n"); + + } + + // install missing - this can be either because not all configured ACEs were found (append) or because a change was detected and old + // aces have been deleted + + for (int i = currentPositionConfig; i < configuredAceEntries.size(); i++) { + AceBean aceBeanToAppend = configuredAceEntries.get(i); + + installPrivileges(aceBeanToAppend, new PrincipalImpl(aceBeanToAppend.getPrincipalName()), acl, session, acMgr); + diffLog.append(" APPENDED (from Config) " + toAceCompareString(aceBeanToAppend, acMgr) + "\n"); + + countAdded++; + } + + if (countAdded > 0 || countDeleted > 0) { + acMgr.setPolicy(StringUtils.isNotBlank(path) ? path : /* repo level permission */null, acl); + + installLog.incCountAclsChanged(); + + installLog.addVerboseMessage(LOG, "Update result at path " + path + ": O=" + countOutsideConfig + " N=" + + countNoChange + " D=" + countDeleted + " A=" + countAdded + + (LOG.isDebugEnabled() ? "\nDIFF at " + path + "\n" + diffLog : "")); + + } else { + installLog.incCountAclsNoChange(); + } + + if (!hadPendingChanges) { + if (session.hasPendingChanges()) { + hadPendingChanges = true; + installLog.addMessage(LOG, "Path " + path + " introduced pending changes to the session"); + } + } + + } + + // When using actions, it often happens that the second entry produced (with the rep:glob '*/jcr:content*') is a duplicate + // Also without this, a potential effective duplicate in config would be detected as change of incremental run when it is + // really not since jackrabbit ignores adding a duplicate entry to ACL + private Set filterDuplicates(Set aceBeanSetFromConfig, Session session) + throws UnsupportedRepositoryOperationException, RepositoryException { + + LinkedHashSet filteredAceBeans = new LinkedHashSet(aceBeanSetFromConfig); + Iterator aceBeansIt = filteredAceBeans.iterator(); + Set aceCompareKeysToAvoidDuplicates = new HashSet(); + while (aceBeansIt.hasNext()) { + String aceCompareKey = toAceCompareString(aceBeansIt.next(), session.getAccessControlManager()); + if (aceCompareKeysToAvoidDuplicates.contains(aceCompareKey)) { + aceBeansIt.remove(); + } else { + aceCompareKeysToAvoidDuplicates.add(aceCompareKey); + } + + } + return filteredAceBeans; + } + + private Set filterInitialContentOnlyNodes(Set aceBeanSetFromConfig) { + Set aceBeanSetNoInitialContentOnlyNodes = new LinkedHashSet(); + for (AceBean aceBean : aceBeanSetFromConfig) { + if (!aceBean.isInitialContentOnlyConfig()) { + aceBeanSetNoInitialContentOnlyNodes.add(aceBean); + } + + } + return aceBeanSetNoInitialContentOnlyNodes; + } + + // to be overwritten in JUnit Test + protected JackrabbitAccessControlList getAccessControlList(AccessControlManager acMgr, String path) throws RepositoryException { + JackrabbitAccessControlList acl = AccessControlUtils.getModifiableAcl(acMgr, path); + return acl; + } + + private Set transformActionsIntoPrivileges(Set aceBeanSetFromConfig, Session session, + InstallationLogger installLog) throws RepositoryException { + + + Set aceBeanSetWithPrivilegesOnly = new LinkedHashSet(); + for (AceBean origAceBean : aceBeanSetFromConfig) { + if (origAceBean.getActionMap().isEmpty()) { + aceBeanSetWithPrivilegesOnly.add(origAceBean); + continue; + } + + Set aceBeansForActionEntry = getPrincipalAceBeansForActionAceBeanCached(origAceBean, session, installLog); + for (AceBean aceBeanResolvedFromAction : aceBeansForActionEntry) { + aceBeanSetWithPrivilegesOnly.add(aceBeanResolvedFromAction); + } + } + + return aceBeanSetWithPrivilegesOnly; + } + + private Set getPrincipalAceBeansForActionAceBeanCached(AceBean origAceBean, Session session, + InstallationLogger installLog) throws RepositoryException { + + String cacheKey = (definesContent(origAceBean.getJcrPathForPolicyApi(), session) ? "definesContent" : "simple") + + "-" + origAceBean.getPermission() + "-" + getRestrictionsComparable(origAceBean.getRestrictions()) + "-" + + Arrays.toString(origAceBean.getActions()); + + if (actionsToPrivilegesMapping.containsKey(cacheKey)) { + installLog.incCountActionCacheHit(); + LOG.trace("Cache hit for key " + cacheKey); + Set cachedAceBeansForActions = actionsToPrivilegesMapping.get(cacheKey); + Set principalCorrectedAceBeansForActions = new LinkedHashSet(); + for (AceBean aceBean : cachedAceBeansForActions) { + AceBean clone = aceBean.clone(); + clone.setPrincipalName(origAceBean.getPrincipalName()); + principalCorrectedAceBeansForActions.add(clone); + } + return principalCorrectedAceBeansForActions; + } else { + installLog.incCountActionCacheMiss(); + + Set aceBeansForActionEntry = null; + Session newSession = slingRepository.loginService(null, null); + try { + Session relevantSessionToUse; + if (newSession.nodeExists(origAceBean.getJcrPath())) { + // a new session is needed to ensure no pending changes are introduced (even if there would not be real pending changes + // since we add and remove, but session.hasPendingChanges() is true then). + // The new session is not saved(), its only function is to produce the action->privileges mapping with the ootb class + // CqActions + relevantSessionToUse = newSession; + } else { + // if the path was just only created in this session via initialContent + relevantSessionToUse = session; + LOG.warn("Reusing main session for path {} since the node was only just created in that session via 'initialContent'", + origAceBean.getJcrPath()); + } + aceBeansForActionEntry = getPrincipalAceBeansForActionAceBean(origAceBean, relevantSessionToUse); + } finally { + newSession.logout(); + } + + LOG.debug("Adding to cache: {}={}", cacheKey, aceBeansForActionEntry); + actionsToPrivilegesMapping.put(cacheKey, aceBeansForActionEntry); + + + return aceBeansForActionEntry; + } + + } + + Set getPrincipalAceBeansForActionAceBean(AceBean origAceBean, Session session) throws RepositoryException { + + Set aceBeansForActionEntry = new LinkedHashSet(); + + Principal testActionMapperPrincipal = getTestActionMapperPrincipal(); + applyCqActions(origAceBean, session, testActionMapperPrincipal); + + JackrabbitAccessControlList newAcl = getAccessControlList(session.getAccessControlManager(), origAceBean.getJcrPathForPolicyApi()); + + boolean isFirst = true; + for (AccessControlEntry newAce : newAcl.getAccessControlEntries()) { + if (!newAce.getPrincipal().equals(testActionMapperPrincipal)) { + continue; + } + + AceBean privilegesAceBeanForAction = AcHelper.getAceBean(newAce, newAcl); + privilegesAceBeanForAction.setPrincipalName(origAceBean.getPrincipalName()); + + // handle restrictions + if (isFirst) { + if (origAceBean.containsRestriction(AceBean.RESTRICTION_NAME_GLOB) + && privilegesAceBeanForAction.containsRestriction(AceBean.RESTRICTION_NAME_GLOB)) { + throw new IllegalArgumentException( + "When using actions that produce rep:glob restrictions (e.g. for page paths), rep:glob cannot be configured (origAceBean=" + + origAceBean.getRestrictions() + ", privilegesAceBeanForAction=" + + privilegesAceBeanForAction.getRestrictions() + "), check configuration for " + + origAceBean); + } else { + // other restrictions are just taken over + privilegesAceBeanForAction.getRestrictions().addAll(origAceBean.getRestrictions()); + } + } + + aceBeansForActionEntry.add(privilegesAceBeanForAction); + + // remove the fake entry again + newAcl.removeAccessControlEntry(newAce); + isFirst = false; + } + AccessControlManager acMgr = session.getAccessControlManager(); + acMgr.setPolicy(origAceBean.getJcrPath(), newAcl); + + // handle privileges + AceBean firstMappedBean = aceBeansForActionEntry.iterator().next(); // apply additional privileges only to first bean + Set newPrivilegesFirstMappedBean = new LinkedHashSet(); + // first add regular privileges + if (firstMappedBean.getPrivileges() != null) { + newPrivilegesFirstMappedBean.addAll(Arrays.asList(firstMappedBean.getPrivileges())); + } + Set flatSetPrincipalsOfFirstMappedBean = flatSetResolvedAggregates(firstMappedBean.getPrivileges(), acMgr, true); + if (origAceBean.getPrivileges() != null) { + for (String origBeanPrivString : origAceBean.getPrivileges()) { + if (!flatSetPrincipalsOfFirstMappedBean.contains(origBeanPrivString)) { + newPrivilegesFirstMappedBean.add(origBeanPrivString); + } + } + } + firstMappedBean.setPrivilegesString(StringUtils.join(newPrivilegesFirstMappedBean, ",")); + + if (LOG.isDebugEnabled()) { + StringBuilder buf = new StringBuilder(); + buf.append("CqActions at path " + origAceBean.getJcrPath() + + " with authorizableId=" + origAceBean.getAuthorizableId() + "/" + testActionMapperPrincipal.getName() + " produced \n"); + for (AceBean aceBean : aceBeansForActionEntry) { + buf.append(" " + toAceCompareString(aceBean, acMgr) + "\n"); + } + LOG.debug(buf.toString()); + } + + return aceBeansForActionEntry; + + } + + Principal getTestActionMapperPrincipal() { + String groupPrincipalId = "actool-tester-action-mapper"; // does not have to exist since the ACEs for it are not saved + Principal principal = new PrincipalImpl(groupPrincipalId); + return principal; + } + + void applyCqActions(AceBean origAceBean, Session session, Principal principal) throws RepositoryException { + + if (origAceBean.getActionMap().isEmpty()) { + return; + } + + AcToolCqActions cqActions = new AcToolCqActions(session); + Collection inheritedAllows = cqActions.getAllowedActions(origAceBean.getJcrPathForPolicyApi(), + Collections.singleton(principal)); + // this does always install new entries + cqActions.installActions(origAceBean.getJcrPath(), principal, origAceBean.getActionMap(), inheritedAllows); + + } + + private Set flatSetResolvedAggregates(String[] privNames, AccessControlManager acMgr, boolean includeAggregates) + throws RepositoryException { + if (privNames == null) { + return Collections.emptySet(); + } + final Set privileges = new HashSet(); + for (final String name : privNames) { + final Privilege p = acMgr.privilegeFromName(name); + if (!p.isAggregate() || includeAggregates) { + privileges.add(p.getName()); + } + if (p.isAggregate()) { // add "sub privileges" as well + for (Privilege subPriv : p.getDeclaredAggregatePrivileges()) { + Set subPrivileges = flatSetResolvedAggregates(new String[] { subPriv.getName() }, acMgr, includeAggregates); + privileges.addAll(subPrivileges); + } + } + } + return privileges; + } + + boolean definesContent(String pagePath, Session session) throws RepositoryException { + if (pagePath == null || pagePath.equals("/")) { + return false; + } + try { + return AcToolCqActions.definesContent(session.getNode(pagePath)); + } catch (PathNotFoundException e) { + return false; + } + + } + + private String toAceCompareString(AceBean aceBean, AccessControlManager acMgr) throws RepositoryException { + if (aceBean == null) { + return "null"; + } + + List restrictionsSorted = getRestrictionsComparable(aceBean.getRestrictions()); + + String nonAggregatePrivsNormalized = privilegesToComparableSet(aceBean.getPrivileges(), acMgr); + + String aceCompareStr = aceBean.getPrincipalName() + " " + aceBean.getPermission() + " " + nonAggregatePrivsNormalized + + Arrays.toString(restrictionsSorted.toArray()); + return aceCompareStr; + } + + private List getRestrictionsComparable(List restrictions) { + List restrictionsSorted = new ArrayList(restrictions); + Collections.sort(restrictionsSorted, new Comparator() { + + @Override + public int compare(Restriction r1, Restriction r2) { + return Collator.getInstance().compare(r1.getName(), r2.getName()); + } + }); + return restrictionsSorted; + } + + String privilegesToComparableSet(String[] privileges, AccessControlManager acMgr) throws RepositoryException { + return new TreeSet(flatSetResolvedAggregates(privileges, acMgr, false)).toString(); + } + + + + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aceinstaller/BaseAceBeanInstaller.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aceinstaller/BaseAceBeanInstaller.java index fa230dd87..d39d629d8 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aceinstaller/BaseAceBeanInstaller.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aceinstaller/BaseAceBeanInstaller.java @@ -1,208 +1,213 @@ -/* - * (C) Copyright 2016 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.aceinstaller; - -import static biz.netcentric.cq.tools.actool.history.impl.PersistableInstallationLogger.msHumanReadable; - -import java.security.Principal; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.TreeSet; - -import javax.jcr.RepositoryException; -import javax.jcr.Session; -import javax.jcr.UnsupportedRepositoryOperationException; -import javax.jcr.ValueFormatException; -import javax.jcr.security.AccessControlManager; -import javax.jcr.security.Privilege; - -import org.apache.commons.lang3.time.StopWatch; -import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import biz.netcentric.cq.tools.actool.comparators.AcePermissionComparator; -import biz.netcentric.cq.tools.actool.configmodel.AcConfiguration; -import biz.netcentric.cq.tools.actool.configmodel.AceBean; -import biz.netcentric.cq.tools.actool.configmodel.Restriction; -import biz.netcentric.cq.tools.actool.helper.AccessControlUtils; -import biz.netcentric.cq.tools.actool.helper.ContentHelper; -import biz.netcentric.cq.tools.actool.helper.RestrictionsHolder; -import biz.netcentric.cq.tools.actool.helper.runtime.RuntimeHelper; -import biz.netcentric.cq.tools.actool.history.InstallationLogger; - -/** Base Class */ -public abstract class BaseAceBeanInstaller implements AceBeanInstaller { - - private static final Logger LOG = LoggerFactory.getLogger(BaseAceBeanInstaller.class); - - @Override - public void installPathBasedACEs( - final Map> pathBasedAceMapFromConfig, - final AcConfiguration acConfiguration, - final Session session, - final InstallationLogger history, Set principalsToRemoveAcesFor) throws Exception { - - StopWatch stopWatch = new StopWatch(); - stopWatch.start(); - - Set paths = pathBasedAceMapFromConfig.keySet(); - - history.addVerboseMessage(LOG, "Found " + paths.size() + " paths in config"); - LOG.trace("Paths with ACEs: {}", paths); - - paths = filterReadOnlyPaths(paths, history, session); - - // loop through all nodes from config - for (final String path : paths) { - - final Set aceBeanSetFromConfig = pathBasedAceMapFromConfig - .get(path); // Set which holds the AceBeans of the current path in configuration - - // check if the path even exists - final boolean pathExits = AccessControlUtils.getModifiableAcl(session.getAccessControlManager(), path) != null; - if (!pathExits) { - if (!ContentHelper.createInitialContent(session, history, path, aceBeanSetFromConfig)) { - history.addVerboseMessage(LOG, "Skipped installing privileges/actions for non existing path: " + path); - history.incCountAclsPathDoesNotExist(); - continue; - } - } - - // order entries (denies in front of allows) - final Set orderedAceBeanSetFromConfig = new TreeSet( - new AcePermissionComparator()); - orderedAceBeanSetFromConfig.addAll(aceBeanSetFromConfig); - - Set principalsToRemoveAcesForAtThisPath = acConfiguration.getAuthorizablesConfig() - .removeUnmanagedPrincipalNamesAtPath(path, principalsToRemoveAcesFor, - acConfiguration.getGlobalConfiguration().getDefaultUnmanagedAcePathsRegex()); - installAcl(orderedAceBeanSetFromConfig, path, principalsToRemoveAcesForAtThisPath, session, history); - - } - - if (history.getMissingParentPathsForInitialContent() > 0) { - history.addWarning(LOG, "There were " + history.getMissingParentPathsForInitialContent() - + " parent paths missing for creation of initial content (those paths were skipped, see verbose log for details)"); - } - - history.addMessage(LOG, "ACL Update Statistics: Changed=" + history.getCountAclsChanged() + " Unchanged=" + history.getCountAclsUnchanged() - + " Path not found=" + history.getCountAclsPathDoesNotExist() + " (action cache hit/miss=" - + history.getCountActionCacheHit() + "/" + history.getCountActionCacheMiss() + ")"); - history.addMessage(LOG, "*** Finished installation of " + paths.size() + " ACLs in " - + msHumanReadable(stopWatch.getTime())); - } - - private Set filterReadOnlyPaths(Set paths, InstallationLogger history, Session session) { - - boolean isCompositeNodeStore = RuntimeHelper.isCompositeNodeStore(session); - if (isCompositeNodeStore) { - Set pathsToKeep = new TreeSet(); - Set readOnlyPaths = new TreeSet(); - for (final String path : paths) { - if (path != null && (path.startsWith("/apps") || path.startsWith("/libs"))) { - readOnlyPaths.add(path); - } else { - pathsToKeep.add(path); - } - } - history.addMessage(LOG, "Ignoring " + readOnlyPaths.size() + " ACLs in /apps and /libs because they are ready-only (Composite NodeStore)"); - return pathsToKeep; - } else { - return paths; - } - } - - /** Installs a full set of ACE beans that form an ACL for the path - * - * @throws RepositoryException */ - protected abstract void installAcl(Set aceBeanSetFromConfig, String path, Set authorizablesToRemoveAcesFor, - Session session, InstallationLogger history) throws RepositoryException; - - - protected boolean installPrivileges(AceBean aceBean, Principal principal, JackrabbitAccessControlList acl, Session session, - AccessControlManager acMgr) - throws RepositoryException { - - final Set privileges = getPrivilegeSet(aceBean.getPrivileges(), acMgr); - if (!privileges.isEmpty()) { - final RestrictionsHolder restrictions = getRestrictions(aceBean, session, acl); - if (!restrictions.isEmpty()) { - acl.addEntry(principal, privileges - .toArray(new Privilege[privileges.size()]), aceBean.isAllow(), - restrictions.getSingleValuedRestrictionsMap(), restrictions.getMultiValuedRestrictionsMap()); - } else { - acl.addEntry(principal, privileges - .toArray(new Privilege[privileges.size()]), aceBean.isAllow()); - } - return true; - } - return false; - } - - /** Creates a RestrictionHolder object containing 2 restriction maps being used in - * {@link JackrabbitAccessControlList#addEntry(Principal, Privilege[], boolean, Map, Map)} out of the set actions on this bean. - * - * @param session the session - * @param acl the access control list for which this restriction map should be used - * @return RestrictionMapsHolder containing 2 maps with restriction names as keys and restriction values as values - * (singleValuedRestrictionsMap) and values[] (multiValuedRestrictionsMap). - * @throws ValueFormatException - * @throws UnsupportedRepositoryOperationException - * @throws RepositoryException */ - protected RestrictionsHolder getRestrictions(AceBean aceBean, Session session, JackrabbitAccessControlList acl) - throws ValueFormatException, UnsupportedRepositoryOperationException, RepositoryException { - - final Collection supportedRestrictionNames = Arrays.asList(acl.getRestrictionNames()); - - if (aceBean.getRestrictions().isEmpty()) { - return RestrictionsHolder.empty(); - } - - List restrictions = aceBean.getRestrictions(); - for (Restriction restriction : restrictions) { - if (!supportedRestrictionNames.contains(restriction.getName())) { - throw new IllegalStateException( - "The AccessControlList at " + acl.getPath() + " does not support setting " + restriction.getName() - + " restrictions!"); - } - } - - RestrictionsHolder restrictionsHolder = new RestrictionsHolder(restrictions, session.getValueFactory(), acl); - return restrictionsHolder; - } - - /** Converts the given privilege names into a set of privilege objects. - * - * @param privNames (may be {@code null} - * @param acMgr - * @return a set of privileges (never {@code null}, but may be empty set) - * @throws RepositoryException */ - public Set getPrivilegeSet(String[] privNames, AccessControlManager acMgr) throws RepositoryException { - if (privNames == null) { - return Collections.emptySet(); - } - final Set privileges = new HashSet(privNames.length); - for (final String name : privNames) { - final Privilege p = acMgr.privilegeFromName(name); - if (p.isAggregate()) { - privileges.addAll(Arrays.asList(p.getAggregatePrivileges())); - } else { - privileges.add(p); - } - } - return privileges; - } - -} +package biz.netcentric.cq.tools.actool.aceinstaller; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import static biz.netcentric.cq.tools.actool.history.impl.PersistableInstallationLogger.msHumanReadable; + +import java.security.Principal; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.TreeSet; + +import javax.jcr.RepositoryException; +import javax.jcr.Session; +import javax.jcr.UnsupportedRepositoryOperationException; +import javax.jcr.ValueFormatException; +import javax.jcr.security.AccessControlManager; +import javax.jcr.security.Privilege; + +import org.apache.commons.lang3.time.StopWatch; +import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import biz.netcentric.cq.tools.actool.comparators.AcePermissionComparator; +import biz.netcentric.cq.tools.actool.configmodel.AcConfiguration; +import biz.netcentric.cq.tools.actool.configmodel.AceBean; +import biz.netcentric.cq.tools.actool.configmodel.Restriction; +import biz.netcentric.cq.tools.actool.helper.AccessControlUtils; +import biz.netcentric.cq.tools.actool.helper.ContentHelper; +import biz.netcentric.cq.tools.actool.helper.RestrictionsHolder; +import biz.netcentric.cq.tools.actool.helper.runtime.RuntimeHelper; +import biz.netcentric.cq.tools.actool.history.InstallationLogger; + +/** Base Class */ +public abstract class BaseAceBeanInstaller implements AceBeanInstaller { + + private static final Logger LOG = LoggerFactory.getLogger(BaseAceBeanInstaller.class); + + @Override + public void installPathBasedACEs( + final Map> pathBasedAceMapFromConfig, + final AcConfiguration acConfiguration, + final Session session, + final InstallationLogger history, Set principalsToRemoveAcesFor) throws Exception { + + StopWatch stopWatch = new StopWatch(); + stopWatch.start(); + + Set paths = pathBasedAceMapFromConfig.keySet(); + + history.addVerboseMessage(LOG, "Found " + paths.size() + " paths in config"); + LOG.trace("Paths with ACEs: {}", paths); + + paths = filterReadOnlyPaths(paths, history, session); + + // loop through all nodes from config + for (final String path : paths) { + + final Set aceBeanSetFromConfig = pathBasedAceMapFromConfig + .get(path); // Set which holds the AceBeans of the current path in configuration + + // check if the path even exists + final boolean pathExits = AccessControlUtils.getModifiableAcl(session.getAccessControlManager(), path) != null; + if (!pathExits) { + if (!ContentHelper.createInitialContent(session, history, path, aceBeanSetFromConfig)) { + history.addVerboseMessage(LOG, "Skipped installing privileges/actions for non existing path: " + path); + history.incCountAclsPathDoesNotExist(); + continue; + } + } + + // order entries (denies in front of allows) + final Set orderedAceBeanSetFromConfig = new TreeSet( + new AcePermissionComparator()); + orderedAceBeanSetFromConfig.addAll(aceBeanSetFromConfig); + + Set principalsToRemoveAcesForAtThisPath = acConfiguration.getAuthorizablesConfig() + .removeUnmanagedPrincipalNamesAtPath(path, principalsToRemoveAcesFor, + acConfiguration.getGlobalConfiguration().getDefaultUnmanagedAcePathsRegex()); + installAcl(orderedAceBeanSetFromConfig, path, principalsToRemoveAcesForAtThisPath, session, history); + + } + + if (history.getMissingParentPathsForInitialContent() > 0) { + history.addWarning(LOG, "There were " + history.getMissingParentPathsForInitialContent() + + " parent paths missing for creation of initial content (those paths were skipped, see verbose log for details)"); + } + + history.addMessage(LOG, "ACL Update Statistics: Changed=" + history.getCountAclsChanged() + " Unchanged=" + history.getCountAclsUnchanged() + + " Path not found=" + history.getCountAclsPathDoesNotExist() + " (action cache hit/miss=" + + history.getCountActionCacheHit() + "/" + history.getCountActionCacheMiss() + ")"); + history.addMessage(LOG, "*** Finished installation of " + paths.size() + " ACLs in " + + msHumanReadable(stopWatch.getTime())); + } + + private Set filterReadOnlyPaths(Set paths, InstallationLogger history, Session session) { + + boolean isCompositeNodeStore = RuntimeHelper.isCompositeNodeStore(session); + if (isCompositeNodeStore) { + Set pathsToKeep = new TreeSet(); + Set readOnlyPaths = new TreeSet(); + for (final String path : paths) { + if (path != null && (path.startsWith("/apps") || path.startsWith("/libs"))) { + readOnlyPaths.add(path); + } else { + pathsToKeep.add(path); + } + } + history.addMessage(LOG, "Ignoring " + readOnlyPaths.size() + " ACLs in /apps and /libs because they are ready-only (Composite NodeStore)"); + return pathsToKeep; + } else { + return paths; + } + } + + /** Installs a full set of ACE beans that form an ACL for the path + * + * @throws RepositoryException */ + protected abstract void installAcl(Set aceBeanSetFromConfig, String path, Set authorizablesToRemoveAcesFor, + Session session, InstallationLogger history) throws RepositoryException; + + + protected boolean installPrivileges(AceBean aceBean, Principal principal, JackrabbitAccessControlList acl, Session session, + AccessControlManager acMgr) + throws RepositoryException { + + final Set privileges = getPrivilegeSet(aceBean.getPrivileges(), acMgr); + if (!privileges.isEmpty()) { + final RestrictionsHolder restrictions = getRestrictions(aceBean, session, acl); + if (!restrictions.isEmpty()) { + acl.addEntry(principal, privileges + .toArray(new Privilege[privileges.size()]), aceBean.isAllow(), + restrictions.getSingleValuedRestrictionsMap(), restrictions.getMultiValuedRestrictionsMap()); + } else { + acl.addEntry(principal, privileges + .toArray(new Privilege[privileges.size()]), aceBean.isAllow()); + } + return true; + } + return false; + } + + /** Creates a RestrictionHolder object containing 2 restriction maps being used in + * {@link JackrabbitAccessControlList#addEntry(Principal, Privilege[], boolean, Map, Map)} out of the set actions on this bean. + * + * @param session the session + * @param acl the access control list for which this restriction map should be used + * @return RestrictionMapsHolder containing 2 maps with restriction names as keys and restriction values as values + * (singleValuedRestrictionsMap) and values[] (multiValuedRestrictionsMap). + * @throws ValueFormatException + * @throws UnsupportedRepositoryOperationException + * @throws RepositoryException */ + protected RestrictionsHolder getRestrictions(AceBean aceBean, Session session, JackrabbitAccessControlList acl) + throws ValueFormatException, UnsupportedRepositoryOperationException, RepositoryException { + + final Collection supportedRestrictionNames = Arrays.asList(acl.getRestrictionNames()); + + if (aceBean.getRestrictions().isEmpty()) { + return RestrictionsHolder.empty(); + } + + List restrictions = aceBean.getRestrictions(); + for (Restriction restriction : restrictions) { + if (!supportedRestrictionNames.contains(restriction.getName())) { + throw new IllegalStateException( + "The AccessControlList at " + acl.getPath() + " does not support setting " + restriction.getName() + + " restrictions!"); + } + } + + RestrictionsHolder restrictionsHolder = new RestrictionsHolder(restrictions, session.getValueFactory(), acl); + return restrictionsHolder; + } + + /** Converts the given privilege names into a set of privilege objects. + * + * @param privNames (may be {@code null} + * @param acMgr + * @return a set of privileges (never {@code null}, but may be empty set) + * @throws RepositoryException */ + public Set getPrivilegeSet(String[] privNames, AccessControlManager acMgr) throws RepositoryException { + if (privNames == null) { + return Collections.emptySet(); + } + final Set privileges = new HashSet(privNames.length); + for (final String name : privNames) { + final Privilege p = acMgr.privilegeFromName(name); + if (p.isAggregate()) { + privileges.addAll(Arrays.asList(p.getAggregatePrivileges())); + } else { + privileges.add(p); + } + } + return privileges; + } + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aem/AcToolCqActions.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aem/AcToolCqActions.java index 31407f777..3491e80d6 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aem/AcToolCqActions.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aem/AcToolCqActions.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.aem; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.security.AccessControlException; import java.security.Principal; import java.util.Arrays; @@ -239,4 +252,4 @@ private static Set getPrivilegeSet(String[] privNames, AccessControlM } return privileges; } -} \ No newline at end of file +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aem/AemCryptoDecryptionService.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aem/AemCryptoDecryptionService.java index 7e5e60253..e0a2730eb 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aem/AemCryptoDecryptionService.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aem/AemCryptoDecryptionService.java @@ -1,47 +1,52 @@ -/* - * (C) Copyright 2019 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.aem; - -import org.osgi.framework.Constants; -import org.osgi.service.component.annotations.Component; -import org.osgi.service.component.annotations.Reference; -import org.osgi.service.component.annotations.ReferencePolicyOption; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.adobe.granite.crypto.CryptoException; -import com.adobe.granite.crypto.CryptoSupport; - -import biz.netcentric.cq.tools.actool.crypto.DecryptionService; - -@Component(property = Constants.SERVICE_RANKING + ":Integer=1000") -public class AemCryptoDecryptionService implements DecryptionService { - - private static final Logger LOG = LoggerFactory.getLogger(AemCryptoDecryptionService.class); - - @Reference(policyOption = ReferencePolicyOption.GREEDY) - private CryptoSupport cryptoSupport; - - @Override - public String decrypt(String text) { - if (!cryptoSupport.isProtected(text)) { - LOG.debug("Given text is not encrypted and therefore doesn't need decryption: {}", text); - return text; - } - String abbreviatedPasswordHint = text.substring(0, 4)+".."; - try { - String unprotected = cryptoSupport.unprotect(text); - LOG.debug("Decrypted {} to text with {} chars", abbreviatedPasswordHint, unprotected.length()); - return unprotected; - } catch (CryptoException e) { - throw new IllegalArgumentException("Invalid password string starting with '"+abbreviatedPasswordHint+"' (cannot be decrypted)", e); - } - } - -} +package biz.netcentric.cq.tools.actool.aem; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import org.osgi.framework.Constants; +import org.osgi.service.component.annotations.Component; +import org.osgi.service.component.annotations.Reference; +import org.osgi.service.component.annotations.ReferencePolicyOption; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.adobe.granite.crypto.CryptoException; +import com.adobe.granite.crypto.CryptoSupport; + +import biz.netcentric.cq.tools.actool.crypto.DecryptionService; + +@Component(property = Constants.SERVICE_RANKING + ":Integer=1000") +public class AemCryptoDecryptionService implements DecryptionService { + + private static final Logger LOG = LoggerFactory.getLogger(AemCryptoDecryptionService.class); + + @Reference(policyOption = ReferencePolicyOption.GREEDY) + private CryptoSupport cryptoSupport; + + @Override + public String decrypt(String text) { + if (!cryptoSupport.isProtected(text)) { + LOG.debug("Given text is not encrypted and therefore doesn't need decryption: {}", text); + return text; + } + String abbreviatedPasswordHint = text.substring(0, 4)+".."; + try { + String unprotected = cryptoSupport.unprotect(text); + LOG.debug("Decrypted {} to text with {} chars", abbreviatedPasswordHint, unprotected.length()); + return unprotected; + } catch (CryptoException e) { + throw new IllegalArgumentException("Invalid password string starting with '"+abbreviatedPasswordHint+"' (cannot be decrypted)", e); + } + } + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/AcInstallationService.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/AcInstallationService.java index 6ebb0f0bb..5599d5ea7 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/AcInstallationService.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/AcInstallationService.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.api; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.api; import org.osgi.annotation.versioning.ProviderType; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/HistoryEntry.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/HistoryEntry.java index cf6c016e2..52b6b4eb7 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/HistoryEntry.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/HistoryEntry.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.api; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.api; import java.sql.Timestamp; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/InstallationLog.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/InstallationLog.java index 52e5f173e..361bc7303 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/InstallationLog.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/InstallationLog.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.api; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.api; import java.util.Set; @@ -30,4 +35,4 @@ public interface InstallationLog { Set getMessages(); -} \ No newline at end of file +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/InstallationResult.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/InstallationResult.java index 30d7525c7..d2415f55f 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/InstallationResult.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/InstallationResult.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.api; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import org.osgi.annotation.versioning.ProviderType; /** diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/package-info.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/package-info.java index 6cc5f09a1..663e04cc9 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/package-info.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/api/package-info.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * +@Version("3.0.0") +package biz.netcentric.cq.tools.actool.api; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -@Version("3.0.0") -package biz.netcentric.cq.tools.actool.api; import org.osgi.annotation.versioning.Version; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/AuthorizableCreatorException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/AuthorizableCreatorException.java index 1e004d8d6..f36116206 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/AuthorizableCreatorException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/AuthorizableCreatorException.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.authorizableinstaller; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.authorizableinstaller; public class AuthorizableCreatorException extends Exception { public AuthorizableCreatorException(String message) { diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/AuthorizableInstallerService.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/AuthorizableInstallerService.java index c126c1a73..4ded2431b 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/AuthorizableInstallerService.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/AuthorizableInstallerService.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.authorizableinstaller; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.authorizableinstaller; import java.io.IOException; import java.security.GeneralSecurityException; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthInstallerUserManager.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthInstallerUserManager.java index 1bf86e704..954c5d60f 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthInstallerUserManager.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthInstallerUserManager.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.authorizableinstaller.impl; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.security.Principal; import java.util.Set; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthInstallerUserManagerPrefetchingImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthInstallerUserManagerPrefetchingImpl.java index 7dc3a8564..28a5ee760 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthInstallerUserManagerPrefetchingImpl.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthInstallerUserManagerPrefetchingImpl.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.authorizableinstaller.impl; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import static biz.netcentric.cq.tools.actool.history.impl.PersistableInstallationLogger.msHumanReadable; import java.security.Principal; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImpl.java index 729192d1e..65e2d0635 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImpl.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImpl.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.authorizableinstaller.impl; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.authorizableinstaller.impl; import static biz.netcentric.cq.tools.actool.helper.Constants.PRINCIPAL_EVERYONE; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/ExternalGroupInstallerServiceImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/ExternalGroupInstallerServiceImpl.java index 11d9a04d1..7ec9343b2 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/ExternalGroupInstallerServiceImpl.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/ExternalGroupInstallerServiceImpl.java @@ -1,12 +1,18 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * + +package biz.netcentric.cq.tools.actool.authorizableinstaller.impl; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.authorizableinstaller.impl; import java.util.Collections; import java.util.Map; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/ImpersonationInstallerServiceImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/ImpersonationInstallerServiceImpl.java index 9858ec73f..828bfc639 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/ImpersonationInstallerServiceImpl.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/ImpersonationInstallerServiceImpl.java @@ -1,12 +1,18 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * + +package biz.netcentric.cq.tools.actool.authorizableinstaller.impl; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.authorizableinstaller.impl; import java.util.ArrayList; import java.util.Iterator; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/AcePathComparator.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/AcePathComparator.java index 0d3329dd5..f6995b18b 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/AcePathComparator.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/AcePathComparator.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.comparators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.comparators; import java.util.Comparator; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/AcePermissionComparator.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/AcePermissionComparator.java index 1ac8acf9c..5d4479e9f 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/AcePermissionComparator.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/AcePermissionComparator.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.comparators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.comparators; import java.util.Comparator; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/AuthorizableBeanIDComparator.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/AuthorizableBeanIDComparator.java index 1ce4c04e4..30c319ef3 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/AuthorizableBeanIDComparator.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/AuthorizableBeanIDComparator.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.comparators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.comparators; import java.util.Comparator; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/HistoryEntryComparator.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/HistoryEntryComparator.java index 1144d4d21..851525c38 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/HistoryEntryComparator.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/HistoryEntryComparator.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.comparators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.comparators; import java.util.Comparator; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/JcrCreatedComparator.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/JcrCreatedComparator.java index e002f7c7e..46fd51d0e 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/JcrCreatedComparator.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/JcrCreatedComparator.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.comparators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.comparators; import java.util.Calendar; import java.util.Comparator; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/NodeCreatedComparator.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/NodeCreatedComparator.java index 69166f9a5..337a18244 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/NodeCreatedComparator.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/NodeCreatedComparator.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.comparators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.comparators; import java.util.Calendar; import java.util.Comparator; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/TimestampPropertyComparator.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/TimestampPropertyComparator.java index 2f6f3afd6..f690a9ce0 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/TimestampPropertyComparator.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/comparators/TimestampPropertyComparator.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.comparators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.comparators; import java.util.Comparator; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AcConfiguration.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AcConfiguration.java index 8c8780171..7f11fa4b0 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AcConfiguration.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AcConfiguration.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2016 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.configmodel; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.configmodel; import java.util.ArrayList; import java.util.HashSet; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AceBean.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AceBean.java index 1629504e8..00c195e25 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AceBean.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AceBean.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.configmodel; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.configmodel; import java.security.Principal; import java.util.ArrayList; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AcesConfig.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AcesConfig.java index af7cda12e..40c60f28f 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AcesConfig.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AcesConfig.java @@ -1,12 +1,18 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * + +package biz.netcentric.cq.tools.actool.configmodel; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.configmodel; import java.util.LinkedHashSet; import java.util.Set; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AuthorizableConfigBean.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AuthorizableConfigBean.java index 742a6aa95..67e683598 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AuthorizableConfigBean.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AuthorizableConfigBean.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.configmodel; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.configmodel; import java.util.ArrayList; import java.util.Arrays; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AuthorizablesConfig.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AuthorizablesConfig.java index d1d938c3f..86d4c7dce 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AuthorizablesConfig.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AuthorizablesConfig.java @@ -1,12 +1,18 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * + +package biz.netcentric.cq.tools.actool.configmodel; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.configmodel; import java.util.HashMap; import java.util.HashSet; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AutoCreateTestUsersConfig.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AutoCreateTestUsersConfig.java index 5a92a53f0..c88ee17da 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AutoCreateTestUsersConfig.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AutoCreateTestUsersConfig.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2018 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.configmodel; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.configmodel; import java.util.Arrays; import java.util.List; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/GlobalConfiguration.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/GlobalConfiguration.java index 555c8ee1f..9015d2be0 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/GlobalConfiguration.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/GlobalConfiguration.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2016 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.configmodel; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.configmodel; import java.util.Map; import java.util.regex.Pattern; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/Restriction.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/Restriction.java index f7f84382c..61af2691b 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/Restriction.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/Restriction.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.configmodel; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.util.Arrays; import java.util.List; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/BouncycastlePkcs8EncryptedPrivateKeyDecryptor.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/BouncycastlePkcs8EncryptedPrivateKeyDecryptor.java index f1216ed6b..2dadb9058 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/BouncycastlePkcs8EncryptedPrivateKeyDecryptor.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/BouncycastlePkcs8EncryptedPrivateKeyDecryptor.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.configmodel.pkcs; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.io.IOException; import java.security.GeneralSecurityException; import java.security.InvalidKeyException; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/DerData.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/DerData.java index 3f7be8864..5cba0fd59 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/DerData.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/DerData.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.configmodel.pkcs; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.security.InvalidKeyException; import java.util.regex.Pattern; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/DerType.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/DerType.java index 72e7ddeff..aa263c16d 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/DerType.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/DerType.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.configmodel.pkcs; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.util.regex.Matcher; import java.util.regex.Pattern; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/JcaPkcs8EncryptedPrivateKeyDecryptor.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/JcaPkcs8EncryptedPrivateKeyDecryptor.java index cd6aaa7c0..4e197cb50 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/JcaPkcs8EncryptedPrivateKeyDecryptor.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/JcaPkcs8EncryptedPrivateKeyDecryptor.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.configmodel.pkcs; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.io.IOException; import java.security.AlgorithmParameters; import java.security.GeneralSecurityException; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/Key.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/Key.java index 1f9750d92..4abc016be 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/Key.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/Key.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.configmodel.pkcs; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/PrivateKeyDecryptor.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/PrivateKeyDecryptor.java index b850f5a20..f24b6e323 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/PrivateKeyDecryptor.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/PrivateKeyDecryptor.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.configmodel.pkcs; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.io.IOException; import java.security.GeneralSecurityException; import java.security.KeyFactory; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/RandomPassword.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/RandomPassword.java index 0e20beddf..a559cab0a 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/RandomPassword.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/RandomPassword.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.configmodel.pkcs; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.security.SecureRandom; import java.util.Random; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigFilesRetriever.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigFilesRetriever.java index 59102bbda..c3a597dd5 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigFilesRetriever.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigFilesRetriever.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.configreader; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.util.Collection; import java.util.Map; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigFilesRetrieverImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigFilesRetrieverImpl.java index 5150d2f28..9539d79d2 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigFilesRetrieverImpl.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigFilesRetrieverImpl.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.configreader; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.io.InputStream; import java.io.StringWriter; import java.util.Collection; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigReader.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigReader.java index 0c6d235b6..8ef391ed0 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigReader.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigReader.java @@ -1,44 +1,49 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.configreader; - -import java.util.Collection; -import java.util.Set; - -import javax.jcr.RepositoryException; -import javax.jcr.Session; - -import biz.netcentric.cq.tools.actool.configmodel.AcesConfig; -import biz.netcentric.cq.tools.actool.configmodel.AuthorizablesConfig; -import biz.netcentric.cq.tools.actool.configmodel.GlobalConfiguration; -import biz.netcentric.cq.tools.actool.validators.AceBeanValidator; -import biz.netcentric.cq.tools.actool.validators.AuthorizableValidator; -import biz.netcentric.cq.tools.actool.validators.exceptions.AcConfigBeanValidationException; - -public interface ConfigReader { - - public AcesConfig getAceConfigurationBeans( - final Collection aceConfigData, AceBeanValidator aceBeanValidator, Session session, String sourceFile) throws RepositoryException, - AcConfigBeanValidationException; - - public AuthorizablesConfig getGroupConfigurationBeans( - final Collection groupConfigData, - AuthorizableValidator authorizableValidator) - throws AcConfigBeanValidationException; - - public AuthorizablesConfig getUserConfigurationBeans( - final Collection userConfigData, - AuthorizableValidator authorizableValidator) - throws AcConfigBeanValidationException; - - public GlobalConfiguration getGlobalConfiguration(final Collection yamlList); - - public Set getObsoluteAuthorizables(Collection yamlList); - -} \ No newline at end of file +package biz.netcentric.cq.tools.actool.configreader; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import java.util.Collection; +import java.util.Set; + +import javax.jcr.RepositoryException; +import javax.jcr.Session; + +import biz.netcentric.cq.tools.actool.configmodel.AcesConfig; +import biz.netcentric.cq.tools.actool.configmodel.AuthorizablesConfig; +import biz.netcentric.cq.tools.actool.configmodel.GlobalConfiguration; +import biz.netcentric.cq.tools.actool.validators.AceBeanValidator; +import biz.netcentric.cq.tools.actool.validators.AuthorizableValidator; +import biz.netcentric.cq.tools.actool.validators.exceptions.AcConfigBeanValidationException; + +public interface ConfigReader { + + public AcesConfig getAceConfigurationBeans( + final Collection aceConfigData, AceBeanValidator aceBeanValidator, Session session, String sourceFile) throws RepositoryException, + AcConfigBeanValidationException; + + public AuthorizablesConfig getGroupConfigurationBeans( + final Collection groupConfigData, + AuthorizableValidator authorizableValidator) + throws AcConfigBeanValidationException; + + public AuthorizablesConfig getUserConfigurationBeans( + final Collection userConfigData, + AuthorizableValidator authorizableValidator) + throws AcConfigBeanValidationException; + + public GlobalConfiguration getGlobalConfiguration(final Collection yamlList); + + public Set getObsoluteAuthorizables(Collection yamlList); + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigurationMerger.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigurationMerger.java index 7f6ec66d7..90bd4479e 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigurationMerger.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigurationMerger.java @@ -1,38 +1,43 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.configreader; - -import java.util.Map; - -import javax.jcr.RepositoryException; -import javax.jcr.Session; - -import biz.netcentric.cq.tools.actool.configmodel.AcConfiguration; -import biz.netcentric.cq.tools.actool.history.impl.PersistableInstallationLogger; -import biz.netcentric.cq.tools.actool.validators.exceptions.AcConfigBeanValidationException; - -public interface ConfigurationMerger { - - /** Method that merges several textual AccessControlConfigurations written in YAML format, each comprising of a groups and ACE - * configuration. Validation ensures that no doubled defined groups and only valid section identifiers in configuration files are - * possible - * - * @param newestConfigurations map which contains all paths and configuration in YAML format. key is the node path in CRX under which - * the respective configuration is stored, entry is the textual configuration - * @param installationLog - * @return The AcConfiguration - * @throws RepositoryException in case some repository error has occurred - * @throws AcConfigBeanValidationException in case the given configuration is invalid */ - public abstract AcConfiguration getMergedConfigurations( - final Map newestConfigurations, - final PersistableInstallationLogger installationLog, - final ConfigReader configReader, Session session) throws RepositoryException, - AcConfigBeanValidationException; - -} \ No newline at end of file +package biz.netcentric.cq.tools.actool.configreader; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import java.util.Map; + +import javax.jcr.RepositoryException; +import javax.jcr.Session; + +import biz.netcentric.cq.tools.actool.configmodel.AcConfiguration; +import biz.netcentric.cq.tools.actool.history.impl.PersistableInstallationLogger; +import biz.netcentric.cq.tools.actool.validators.exceptions.AcConfigBeanValidationException; + +public interface ConfigurationMerger { + + /** Method that merges several textual AccessControlConfigurations written in YAML format, each comprising of a groups and ACE + * configuration. Validation ensures that no doubled defined groups and only valid section identifiers in configuration files are + * possible + * + * @param newestConfigurations map which contains all paths and configuration in YAML format. key is the node path in CRX under which + * the respective configuration is stored, entry is the textual configuration + * @param installationLog + * @return The AcConfiguration + * @throws RepositoryException in case some repository error has occurred + * @throws AcConfigBeanValidationException in case the given configuration is invalid */ + public abstract AcConfiguration getMergedConfigurations( + final Map newestConfigurations, + final PersistableInstallationLogger installationLog, + final ConfigReader configReader, Session session) throws RepositoryException, + AcConfigBeanValidationException; + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/TestUserConfigsCreator.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/TestUserConfigsCreator.java index be623e338..56db10a73 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/TestUserConfigsCreator.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/TestUserConfigsCreator.java @@ -1,141 +1,147 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.configreader; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.apache.commons.collections4.CollectionUtils; -import org.apache.commons.lang3.StringUtils; -import org.osgi.service.component.annotations.Component; -import org.osgi.service.component.annotations.Reference; -import org.osgi.service.component.annotations.ReferencePolicyOption; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import biz.netcentric.cq.tools.actool.configmodel.AcConfiguration; -import biz.netcentric.cq.tools.actool.configmodel.AuthorizableConfigBean; -import biz.netcentric.cq.tools.actool.configmodel.AuthorizablesConfig; -import biz.netcentric.cq.tools.actool.configmodel.AutoCreateTestUsersConfig; -import biz.netcentric.cq.tools.actool.configmodel.GlobalConfiguration; -import biz.netcentric.cq.tools.actool.crypto.DecryptionService; -import biz.netcentric.cq.tools.actool.history.InstallationLogger; -import biz.netcentric.cq.tools.actool.slingsettings.ExtendedSlingSettingsService; - -@Component(service=TestUserConfigsCreator.class) -public class TestUserConfigsCreator { - - private static final Logger LOG = LoggerFactory.getLogger(TestUserConfigsCreator.class); - - @Reference(policyOption = ReferencePolicyOption.GREEDY) - ExtendedSlingSettingsService slingSettingsService; - - @Reference(policyOption = ReferencePolicyOption.GREEDY) - DecryptionService decryptionService; - - YamlMacroElEvaluator elEvaluator = null; - - public boolean isSkippedForRunmode(List skipForRunmodes) { - return slingSettingsService != null && !CollectionUtils.intersection(slingSettingsService.getRunModes(), skipForRunmodes).isEmpty(); - } - - void createTestUserConfigs(AcConfiguration acConfiguration, InstallationLogger logger) { - - AutoCreateTestUsersConfig autoCreateTestUsersConf = acConfiguration.getGlobalConfiguration().getAutoCreateTestUsersConfig(); - if (autoCreateTestUsersConf == null) { - return; - } - - if (isSkippedForRunmode(autoCreateTestUsersConf.getSkipForRunmodes())) { - return; - } - - List testUserConfigBeansToAdd = new ArrayList<>(); - AuthorizablesConfig authorizablesConfig = acConfiguration.getAuthorizablesConfig(); - for (AuthorizableConfigBean groupAuthConfigBean : authorizablesConfig) { - if(!groupAuthConfigBean.isGroup()) { - continue; - } - String groupId = groupAuthConfigBean.getAuthorizableId(); - if (groupId.matches(autoCreateTestUsersConf.getCreateForGroupNamesRegEx())) { - - Map vars = getVarsForAuthConfigBean(groupAuthConfigBean); - - AuthorizableConfigBean testUserConfigBean = new AuthorizableConfigBean(); - testUserConfigBean.setIsGroup(false); - String testUserAuthId = autoCreateTestUsersConf.getPrefix() + groupId; - testUserConfigBean.setAuthorizableId(testUserAuthId); - testUserConfigBean.setPath(autoCreateTestUsersConf.getPath()); - testUserConfigBean.setIsMemberOf(new String[] { groupId }); - - String name = StringUtils.defaultIfEmpty(autoCreateTestUsersConf.getName(), "Test User %{group.name}"); - testUserConfigBean.setName(processValue(name, vars)); - - if(StringUtils.isNotBlank(autoCreateTestUsersConf.getEmail())) { - testUserConfigBean.setEmail(processValue(autoCreateTestUsersConf.getEmail(), vars)); - } - if(StringUtils.isNotBlank(autoCreateTestUsersConf.getDescription())) { - testUserConfigBean.setDescription(processValue(autoCreateTestUsersConf.getDescription(), vars)); - } - - String password = autoCreateTestUsersConf.getPassword(); - if(StringUtils.isNotBlank(password)) { - password = processValue(password, vars); // allow for pws ala "pw%{group.id}" - } else { - password = testUserAuthId; - } - - try { - password = decryptionService.decrypt(password); - } catch (UnsupportedOperationException e) { - throw new IllegalArgumentException("Could not unprotect password " + password + " as given in " - + GlobalConfiguration.KEY_AUTOCREATE_TEST_USERS); - } - testUserConfigBean.setPassword(password); - - testUserConfigBeansToAdd.add(testUserConfigBean); - } - } - - authorizablesConfig.addAll(testUserConfigBeansToAdd); - - logger.addMessage(LOG, - "Created " + testUserConfigBeansToAdd.size() + " test user configs at path " + autoCreateTestUsersConf.getPath() - + " (for groups matching " + autoCreateTestUsersConf.getCreateForGroupNamesRegEx() + ")"); - - } - - Map getVarsForAuthConfigBean(AuthorizableConfigBean groupAuthConfigBean) { - Map vars = new HashMap<>(); - Map groupVar = new HashMap<>(); - String groupId = groupAuthConfigBean.getAuthorizableId(); - groupVar.put("id", groupId); - groupVar.put("name", StringUtils.defaultIfEmpty(groupAuthConfigBean.getName(), groupId)); - groupVar.put("path", groupAuthConfigBean.getPath()); - vars.put("group", groupVar); - return vars; - } - - String processValue(String value, Map variables) { - - String elWithDollarExpressions = value.replaceAll("%\\{([^\\}]+)\\}", "\\${$1}"); - if(elEvaluator==null) { - elEvaluator = new YamlMacroElEvaluator(); - } - - String interpolatedValue = elEvaluator.evaluateEl(elWithDollarExpressions, String.class, variables); - - return interpolatedValue; - } - - - -} + +package biz.netcentric.cq.tools.actool.configreader; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.lang3.StringUtils; +import org.osgi.service.component.annotations.Component; +import org.osgi.service.component.annotations.Reference; +import org.osgi.service.component.annotations.ReferencePolicyOption; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import biz.netcentric.cq.tools.actool.configmodel.AcConfiguration; +import biz.netcentric.cq.tools.actool.configmodel.AuthorizableConfigBean; +import biz.netcentric.cq.tools.actool.configmodel.AuthorizablesConfig; +import biz.netcentric.cq.tools.actool.configmodel.AutoCreateTestUsersConfig; +import biz.netcentric.cq.tools.actool.configmodel.GlobalConfiguration; +import biz.netcentric.cq.tools.actool.crypto.DecryptionService; +import biz.netcentric.cq.tools.actool.history.InstallationLogger; +import biz.netcentric.cq.tools.actool.slingsettings.ExtendedSlingSettingsService; + +@Component(service=TestUserConfigsCreator.class) +public class TestUserConfigsCreator { + + private static final Logger LOG = LoggerFactory.getLogger(TestUserConfigsCreator.class); + + @Reference(policyOption = ReferencePolicyOption.GREEDY) + ExtendedSlingSettingsService slingSettingsService; + + @Reference(policyOption = ReferencePolicyOption.GREEDY) + DecryptionService decryptionService; + + YamlMacroElEvaluator elEvaluator = null; + + public boolean isSkippedForRunmode(List skipForRunmodes) { + return slingSettingsService != null && !CollectionUtils.intersection(slingSettingsService.getRunModes(), skipForRunmodes).isEmpty(); + } + + void createTestUserConfigs(AcConfiguration acConfiguration, InstallationLogger logger) { + + AutoCreateTestUsersConfig autoCreateTestUsersConf = acConfiguration.getGlobalConfiguration().getAutoCreateTestUsersConfig(); + if (autoCreateTestUsersConf == null) { + return; + } + + if (isSkippedForRunmode(autoCreateTestUsersConf.getSkipForRunmodes())) { + return; + } + + List testUserConfigBeansToAdd = new ArrayList<>(); + AuthorizablesConfig authorizablesConfig = acConfiguration.getAuthorizablesConfig(); + for (AuthorizableConfigBean groupAuthConfigBean : authorizablesConfig) { + if(!groupAuthConfigBean.isGroup()) { + continue; + } + String groupId = groupAuthConfigBean.getAuthorizableId(); + if (groupId.matches(autoCreateTestUsersConf.getCreateForGroupNamesRegEx())) { + + Map vars = getVarsForAuthConfigBean(groupAuthConfigBean); + + AuthorizableConfigBean testUserConfigBean = new AuthorizableConfigBean(); + testUserConfigBean.setIsGroup(false); + String testUserAuthId = autoCreateTestUsersConf.getPrefix() + groupId; + testUserConfigBean.setAuthorizableId(testUserAuthId); + testUserConfigBean.setPath(autoCreateTestUsersConf.getPath()); + testUserConfigBean.setIsMemberOf(new String[] { groupId }); + + String name = StringUtils.defaultIfEmpty(autoCreateTestUsersConf.getName(), "Test User %{group.name}"); + testUserConfigBean.setName(processValue(name, vars)); + + if(StringUtils.isNotBlank(autoCreateTestUsersConf.getEmail())) { + testUserConfigBean.setEmail(processValue(autoCreateTestUsersConf.getEmail(), vars)); + } + if(StringUtils.isNotBlank(autoCreateTestUsersConf.getDescription())) { + testUserConfigBean.setDescription(processValue(autoCreateTestUsersConf.getDescription(), vars)); + } + + String password = autoCreateTestUsersConf.getPassword(); + if(StringUtils.isNotBlank(password)) { + password = processValue(password, vars); // allow for pws ala "pw%{group.id}" + } else { + password = testUserAuthId; + } + + try { + password = decryptionService.decrypt(password); + } catch (UnsupportedOperationException e) { + throw new IllegalArgumentException("Could not unprotect password " + password + " as given in " + + GlobalConfiguration.KEY_AUTOCREATE_TEST_USERS); + } + testUserConfigBean.setPassword(password); + + testUserConfigBeansToAdd.add(testUserConfigBean); + } + } + + authorizablesConfig.addAll(testUserConfigBeansToAdd); + + logger.addMessage(LOG, + "Created " + testUserConfigBeansToAdd.size() + " test user configs at path " + autoCreateTestUsersConf.getPath() + + " (for groups matching " + autoCreateTestUsersConf.getCreateForGroupNamesRegEx() + ")"); + + } + + Map getVarsForAuthConfigBean(AuthorizableConfigBean groupAuthConfigBean) { + Map vars = new HashMap<>(); + Map groupVar = new HashMap<>(); + String groupId = groupAuthConfigBean.getAuthorizableId(); + groupVar.put("id", groupId); + groupVar.put("name", StringUtils.defaultIfEmpty(groupAuthConfigBean.getName(), groupId)); + groupVar.put("path", groupAuthConfigBean.getPath()); + vars.put("group", groupVar); + return vars; + } + + String processValue(String value, Map variables) { + + String elWithDollarExpressions = value.replaceAll("%\\{([^\\}]+)\\}", "\\${$1}"); + if(elEvaluator==null) { + elEvaluator = new YamlMacroElEvaluator(); + } + + String interpolatedValue = elEvaluator.evaluateEl(elWithDollarExpressions, String.class, variables); + + return interpolatedValue; + } + + + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/VirtualGroupProcessor.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/VirtualGroupProcessor.java index 4d7a2a679..69bc629d0 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/VirtualGroupProcessor.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/VirtualGroupProcessor.java @@ -1,167 +1,173 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.configreader; - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collections; -import java.util.HashSet; -import java.util.LinkedList; -import java.util.List; -import java.util.Set; - -import org.apache.commons.lang3.ArrayUtils; -import org.apache.commons.lang3.StringUtils; -import org.osgi.service.component.annotations.Component; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import biz.netcentric.cq.tools.actool.configmodel.AcConfiguration; -import biz.netcentric.cq.tools.actool.configmodel.AceBean; -import biz.netcentric.cq.tools.actool.configmodel.AcesConfig; -import biz.netcentric.cq.tools.actool.configmodel.AuthorizableConfigBean; -import biz.netcentric.cq.tools.actool.history.InstallationLogger; - -@Component(service=VirtualGroupProcessor.class) -public class VirtualGroupProcessor { - - private static final Logger LOG = LoggerFactory.getLogger(VirtualGroupProcessor.class); - - void flattenGroupTree(AcConfiguration acConfiguration, InstallationLogger logger) { - - List virtualGroups = getVirtualGroups(acConfiguration); - - AcesConfig aceConfig = acConfiguration.getAceConfig(); - - int countAceAdded = 0; - int countAceRemoved = 0; - - for (AuthorizableConfigBean virtualAutBean : virtualGroups) { - - logger.addVerboseMessage(LOG, "Authorizable bean " + virtualAutBean.getAuthorizableId() + " is virtual"); - - if (!ArrayUtils.isEmpty(virtualAutBean.getMembers())) { - throw new IllegalArgumentException("It is not allowed to define members in virtual groups (offending virtual group: '" - + virtualAutBean.getAuthorizableId() + "')"); - } - - List referencingAuthBeans = getAuthConfigBeansReferencingVirtualGroup( - virtualAutBean.getAuthorizableId(), acConfiguration); - - // fix isMemberOf - adjustIsMemberOf(logger, virtualAutBean, referencingAuthBeans); - - // fix ace beans - List aceBeansToBeRemoved = new LinkedList(); - List aceBeansToBeAdded = new LinkedList(); - adjustAceBeans(logger, aceConfig, aceBeansToBeRemoved, aceBeansToBeAdded, virtualAutBean, - referencingAuthBeans); - - countAceRemoved += aceBeansToBeRemoved.size(); - aceConfig.removeAll(aceBeansToBeRemoved); - - countAceAdded += aceBeansToBeAdded.size(); - aceConfig.addAll(aceBeansToBeAdded); - } - - if (virtualGroups.isEmpty()) { - return; - } - - acConfiguration.getAuthorizablesConfig().removeAll(virtualGroups); - acConfiguration.setVirtualGroups(virtualGroups); - acConfiguration.ensureAceBeansHaveCorrectPrincipalNameSet(); - - for (AuthorizableConfigBean autBean : acConfiguration.getAuthorizablesConfig()) { - for (AuthorizableConfigBean virtualGroup : virtualGroups) { - if (ArrayUtils.contains(autBean.getIsMemberOf(), virtualGroup.getAuthorizableId())) { - throw new IllegalStateException( - "Group " + autBean + " in isMemberOf still contains " + virtualGroup.getAuthorizableId()); - } - } - } - - logger.addMessage(LOG, - "Processed " + virtualGroups.size() + " virtual groups, replaced " + countAceRemoved - + " ACEs of virtual groups with " + countAceAdded + " new ACEs in configuration"); - - } - - private List getAuthConfigBeansReferencingVirtualGroup(String virtualGroupAuthId, - AcConfiguration acConfiguration) { - List referencingBeans = new ArrayList<>(); - for (AuthorizableConfigBean autBean : acConfiguration.getAuthorizablesConfig()) { - if (ArrayUtils.contains(autBean.getIsMemberOf(), virtualGroupAuthId)) { - referencingBeans.add(autBean); - } - } - return referencingBeans; - } - - private void adjustIsMemberOf(InstallationLogger installationLogger, - AuthorizableConfigBean virtualAutBean, List referencingAuthBeans) { - String[] isMemberOf = virtualAutBean.getIsMemberOf(); - List isMemberOfOfVirtualGroup = isMemberOf != null ? Arrays.asList(isMemberOf) : Collections. emptyList(); - - if (referencingAuthBeans == null || referencingAuthBeans.isEmpty()) { - throw new IllegalArgumentException("Virtual group '" + virtualAutBean.getAuthorizableId() - + "' is not used in any isMemberOf attribute of other groups, hence it cannot be declared virtual"); - } - - for (AuthorizableConfigBean otherAuthBean : referencingAuthBeans) { - installationLogger.addVerboseMessage(LOG, - "Virtual Group: " + virtualAutBean.getAuthorizableId() + " - Adding groups " + isMemberOfOfVirtualGroup + " to " - + otherAuthBean.getAuthorizableId()); - Set adjustedIsMemberOf = new HashSet(Arrays.asList(otherAuthBean.getIsMemberOf())); - adjustedIsMemberOf.addAll(isMemberOfOfVirtualGroup); - adjustedIsMemberOf.remove(virtualAutBean.getAuthorizableId()); - otherAuthBean.setIsMemberOf(new ArrayList(adjustedIsMemberOf)); - } - - // remove all references as they are moved now - virtualAutBean.setIsMemberOf(new String[0]); - - } - - private void adjustAceBeans(InstallationLogger logger, AcesConfig aceConfig, List aceBeansToBeRemoved, - List aceBeansToBeAdded, AuthorizableConfigBean virtualAutBean, List referencingAuthBeans) { - - for (AceBean aceBean : aceConfig) { - - if (StringUtils.equals(aceBean.getAuthorizableId(), virtualAutBean.getAuthorizableId())) { - logger.addVerboseMessage(LOG, - "ACE at path " + aceBean.getJcrPath() + " for virtual group " + virtualAutBean.getAuthorizableId()); - aceBeansToBeRemoved.add(aceBean); - - for (AuthorizableConfigBean newAuthBeanInAcl : referencingAuthBeans) { - AceBean cloneForAuthConfigBeanUsingIsMemberOf = aceBean.clone(); - cloneForAuthConfigBeanUsingIsMemberOf.setAuthorizableId(newAuthBeanInAcl.getAuthorizableId()); - aceBeansToBeAdded.add(cloneForAuthConfigBeanUsingIsMemberOf); - logger.addVerboseMessage(LOG, " Adding clone for authorizable id " + newAuthBeanInAcl.getAuthorizableId() - + " replacing " + aceBean.getAuthorizableId()); - - } - } - } - } - - public List getVirtualGroups(AcConfiguration acConfiguration) { - List virtualGroups = new ArrayList<>(); - for (AuthorizableConfigBean authBean : acConfiguration.getAuthorizablesConfig()) { - if (authBean.isVirtual()) { - if (!authBean.isGroup()) { - throw new IllegalArgumentException("\"virtual: true\" can only be set on groups, not on users"); - } - virtualGroups.add(authBean); - } - } - return virtualGroups; - } - -} + +package biz.netcentric.cq.tools.actool.configreader; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Set; + +import org.apache.commons.lang3.ArrayUtils; +import org.apache.commons.lang3.StringUtils; +import org.osgi.service.component.annotations.Component; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import biz.netcentric.cq.tools.actool.configmodel.AcConfiguration; +import biz.netcentric.cq.tools.actool.configmodel.AceBean; +import biz.netcentric.cq.tools.actool.configmodel.AcesConfig; +import biz.netcentric.cq.tools.actool.configmodel.AuthorizableConfigBean; +import biz.netcentric.cq.tools.actool.history.InstallationLogger; + +@Component(service=VirtualGroupProcessor.class) +public class VirtualGroupProcessor { + + private static final Logger LOG = LoggerFactory.getLogger(VirtualGroupProcessor.class); + + void flattenGroupTree(AcConfiguration acConfiguration, InstallationLogger logger) { + + List virtualGroups = getVirtualGroups(acConfiguration); + + AcesConfig aceConfig = acConfiguration.getAceConfig(); + + int countAceAdded = 0; + int countAceRemoved = 0; + + for (AuthorizableConfigBean virtualAutBean : virtualGroups) { + + logger.addVerboseMessage(LOG, "Authorizable bean " + virtualAutBean.getAuthorizableId() + " is virtual"); + + if (!ArrayUtils.isEmpty(virtualAutBean.getMembers())) { + throw new IllegalArgumentException("It is not allowed to define members in virtual groups (offending virtual group: '" + + virtualAutBean.getAuthorizableId() + "')"); + } + + List referencingAuthBeans = getAuthConfigBeansReferencingVirtualGroup( + virtualAutBean.getAuthorizableId(), acConfiguration); + + // fix isMemberOf + adjustIsMemberOf(logger, virtualAutBean, referencingAuthBeans); + + // fix ace beans + List aceBeansToBeRemoved = new LinkedList(); + List aceBeansToBeAdded = new LinkedList(); + adjustAceBeans(logger, aceConfig, aceBeansToBeRemoved, aceBeansToBeAdded, virtualAutBean, + referencingAuthBeans); + + countAceRemoved += aceBeansToBeRemoved.size(); + aceConfig.removeAll(aceBeansToBeRemoved); + + countAceAdded += aceBeansToBeAdded.size(); + aceConfig.addAll(aceBeansToBeAdded); + } + + if (virtualGroups.isEmpty()) { + return; + } + + acConfiguration.getAuthorizablesConfig().removeAll(virtualGroups); + acConfiguration.setVirtualGroups(virtualGroups); + acConfiguration.ensureAceBeansHaveCorrectPrincipalNameSet(); + + for (AuthorizableConfigBean autBean : acConfiguration.getAuthorizablesConfig()) { + for (AuthorizableConfigBean virtualGroup : virtualGroups) { + if (ArrayUtils.contains(autBean.getIsMemberOf(), virtualGroup.getAuthorizableId())) { + throw new IllegalStateException( + "Group " + autBean + " in isMemberOf still contains " + virtualGroup.getAuthorizableId()); + } + } + } + + logger.addMessage(LOG, + "Processed " + virtualGroups.size() + " virtual groups, replaced " + countAceRemoved + + " ACEs of virtual groups with " + countAceAdded + " new ACEs in configuration"); + + } + + private List getAuthConfigBeansReferencingVirtualGroup(String virtualGroupAuthId, + AcConfiguration acConfiguration) { + List referencingBeans = new ArrayList<>(); + for (AuthorizableConfigBean autBean : acConfiguration.getAuthorizablesConfig()) { + if (ArrayUtils.contains(autBean.getIsMemberOf(), virtualGroupAuthId)) { + referencingBeans.add(autBean); + } + } + return referencingBeans; + } + + private void adjustIsMemberOf(InstallationLogger installationLogger, + AuthorizableConfigBean virtualAutBean, List referencingAuthBeans) { + String[] isMemberOf = virtualAutBean.getIsMemberOf(); + List isMemberOfOfVirtualGroup = isMemberOf != null ? Arrays.asList(isMemberOf) : Collections. emptyList(); + + if (referencingAuthBeans == null || referencingAuthBeans.isEmpty()) { + throw new IllegalArgumentException("Virtual group '" + virtualAutBean.getAuthorizableId() + + "' is not used in any isMemberOf attribute of other groups, hence it cannot be declared virtual"); + } + + for (AuthorizableConfigBean otherAuthBean : referencingAuthBeans) { + installationLogger.addVerboseMessage(LOG, + "Virtual Group: " + virtualAutBean.getAuthorizableId() + " - Adding groups " + isMemberOfOfVirtualGroup + " to " + + otherAuthBean.getAuthorizableId()); + Set adjustedIsMemberOf = new HashSet(Arrays.asList(otherAuthBean.getIsMemberOf())); + adjustedIsMemberOf.addAll(isMemberOfOfVirtualGroup); + adjustedIsMemberOf.remove(virtualAutBean.getAuthorizableId()); + otherAuthBean.setIsMemberOf(new ArrayList(adjustedIsMemberOf)); + } + + // remove all references as they are moved now + virtualAutBean.setIsMemberOf(new String[0]); + + } + + private void adjustAceBeans(InstallationLogger logger, AcesConfig aceConfig, List aceBeansToBeRemoved, + List aceBeansToBeAdded, AuthorizableConfigBean virtualAutBean, List referencingAuthBeans) { + + for (AceBean aceBean : aceConfig) { + + if (StringUtils.equals(aceBean.getAuthorizableId(), virtualAutBean.getAuthorizableId())) { + logger.addVerboseMessage(LOG, + "ACE at path " + aceBean.getJcrPath() + " for virtual group " + virtualAutBean.getAuthorizableId()); + aceBeansToBeRemoved.add(aceBean); + + for (AuthorizableConfigBean newAuthBeanInAcl : referencingAuthBeans) { + AceBean cloneForAuthConfigBeanUsingIsMemberOf = aceBean.clone(); + cloneForAuthConfigBeanUsingIsMemberOf.setAuthorizableId(newAuthBeanInAcl.getAuthorizableId()); + aceBeansToBeAdded.add(cloneForAuthConfigBeanUsingIsMemberOf); + logger.addVerboseMessage(LOG, " Adding clone for authorizable id " + newAuthBeanInAcl.getAuthorizableId() + + " replacing " + aceBean.getAuthorizableId()); + + } + } + } + } + + public List getVirtualGroups(AcConfiguration acConfiguration) { + List virtualGroups = new ArrayList<>(); + for (AuthorizableConfigBean authBean : acConfiguration.getAuthorizablesConfig()) { + if (authBean.isVirtual()) { + if (!authBean.isGroup()) { + throw new IllegalArgumentException("\"virtual: true\" can only be set on groups, not on users"); + } + virtualGroups.add(authBean); + } + } + return virtualGroups; + } + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigReader.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigReader.java index 160d4f9f3..c900a1a7c 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigReader.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigReader.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.configreader; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.configreader; import java.io.IOException; import java.security.GeneralSecurityException; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigurationAdminPluginScalarConstructor.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigurationAdminPluginScalarConstructor.java index 6e347d370..5704e8afc 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigurationAdminPluginScalarConstructor.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigurationAdminPluginScalarConstructor.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.configreader; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.util.Dictionary; import java.util.Hashtable; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigurationMerger.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigurationMerger.java index 8a293fd74..4935c6632 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigurationMerger.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigurationMerger.java @@ -1,291 +1,296 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.configreader; - -import static biz.netcentric.cq.tools.actool.history.impl.PersistableInstallationLogger.msHumanReadable; - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.LinkedHashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.regex.Pattern; - -import javax.jcr.RepositoryException; -import javax.jcr.Session; - -import org.osgi.service.cm.ConfigurationPlugin; -import org.osgi.service.component.annotations.Component; -import org.osgi.service.component.annotations.Reference; -import org.osgi.service.component.annotations.ReferenceCardinality; -import org.osgi.service.component.annotations.ReferencePolicyOption; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.yaml.snakeyaml.Yaml; -import org.yaml.snakeyaml.error.YAMLException; - -import biz.netcentric.cq.tools.actool.configmodel.AcConfiguration; -import biz.netcentric.cq.tools.actool.configmodel.AceBean; -import biz.netcentric.cq.tools.actool.configmodel.AcesConfig; -import biz.netcentric.cq.tools.actool.configmodel.AuthorizableConfigBean; -import biz.netcentric.cq.tools.actool.configmodel.AuthorizablesConfig; -import biz.netcentric.cq.tools.actool.configmodel.GlobalConfiguration; -import biz.netcentric.cq.tools.actool.helper.Constants; -import biz.netcentric.cq.tools.actool.history.InstallationLogger; -import biz.netcentric.cq.tools.actool.history.impl.PersistableInstallationLogger; -import biz.netcentric.cq.tools.actool.slingsettings.ExtendedSlingSettingsService; -import biz.netcentric.cq.tools.actool.validators.AuthorizableValidator; -import biz.netcentric.cq.tools.actool.validators.ExternalGroupsInIsMemberOfValidator; -import biz.netcentric.cq.tools.actool.validators.ConfigurationsValidator; -import biz.netcentric.cq.tools.actool.validators.GlobalConfigurationValidator; -import biz.netcentric.cq.tools.actool.validators.ObsoleteAuthorizablesValidator; -import biz.netcentric.cq.tools.actool.validators.UnmangedExternalMemberRelationshipChecker; -import biz.netcentric.cq.tools.actool.validators.YamlConfigurationsValidator; -import biz.netcentric.cq.tools.actool.validators.exceptions.AcConfigBeanValidationException; -import biz.netcentric.cq.tools.actool.validators.exceptions.NoListOnTopLevelException; -import biz.netcentric.cq.tools.actool.validators.impl.AceBeanValidatorImpl; -import biz.netcentric.cq.tools.actool.validators.impl.AuthorizableValidatorImpl; - -@Component -public class YamlConfigurationMerger implements ConfigurationMerger { - - private static final Logger LOG = LoggerFactory.getLogger(YamlConfigurationMerger.class); - - public static final String GLOBAL_VAR_RUNMODES = "RUNMODES"; - - @Reference(policyOption = ReferencePolicyOption.GREEDY) - YamlMacroProcessor yamlMacroProcessor; - - @Reference(policyOption = ReferencePolicyOption.GREEDY) - ObsoleteAuthorizablesValidator obsoleteAuthorizablesValidator; - - @Reference(policyOption = ReferencePolicyOption.GREEDY) - ExternalGroupsInIsMemberOfValidator externalGroupsInIsMemberOfValidator; - - @Reference(policyOption = ReferencePolicyOption.GREEDY) - VirtualGroupProcessor virtualGroupProcessor; - - @Reference(policyOption = ReferencePolicyOption.GREEDY) - TestUserConfigsCreator testUserConfigsCreator; - - @Reference(policyOption = ReferencePolicyOption.GREEDY) - ExtendedSlingSettingsService slingSettingsService; - - @Reference(cardinality = ReferenceCardinality.OPTIONAL, policyOption = ReferencePolicyOption.GREEDY, target="(config.plugin.id=org.apache.felix.configadmin.plugin.interpolation)") - ConfigurationPlugin interpolationPlugin; - - /** Regular expression which matches against values which should be interpolated, see https://github.com/apache/felix-dev/blob/master/configadmin-plugins/interpolation/README.md */ - public static final Pattern CONFIG_ADMIN_INTERPOLATOR_FORMAT = Pattern.compile(".*\\$\\[(env|secret|prop):[^\\]]*\\].*"); - - @Override - public AcConfiguration getMergedConfigurations( - final Map configFileContentByFilename, - final PersistableInstallationLogger installLog, - final ConfigReader configReader, Session session) throws RepositoryException, - AcConfigBeanValidationException { - - long wholeConfigStart = System.currentTimeMillis(); - - final GlobalConfiguration globalConfiguration = new GlobalConfiguration(); - final AuthorizablesConfig mergedAuthorizablesBeansfromConfig = new AuthorizablesConfig(); - final AcesConfig mergedAceBeansFromConfig = new AcesConfig(); - final Set authorizableIdsFromAllConfigs = new HashSet(); // needed for detection of doubled defined groups in - // configurations - final Set obsoleteAuthorizables = new HashSet(); - - final Yaml yamlParser; - if (interpolationPlugin != null) { - yamlParser = new Yaml(new YamlConfigurationAdminPluginScalarConstructor(installLog, interpolationPlugin)); - // bind constructor to certain scalar formats (compare with https://bitbucket.org/asomov/snakeyaml/src/master/src/test/java/org/yaml/snakeyaml/env/EnvVariableTest.java) - yamlParser.addImplicitResolver(YamlConfigurationAdminPluginScalarConstructor.TAG, CONFIG_ADMIN_INTERPOLATOR_FORMAT, null); - installLog.addMessage(LOG, "Using YAML parser with ConfigurationAdmin Plugin placeholder support"); - } else { - yamlParser = new Yaml(); - } - final ConfigurationsValidator configurationsValidator = new YamlConfigurationsValidator(); - - Map globalVariables = getGlobalVariablesForYamlMacroProcessing(); - - for (final Map.Entry entry : configFileContentByFilename.entrySet()) { - - long configFileStart = System.currentTimeMillis(); - - String sourceFile = entry.getKey(); - installLog.addMessage(LOG, "Using configuration file " + sourceFile); - - List yamlRootList; - try { - yamlRootList = yamlParser.loadAs(entry.getValue(), List.class); - if (yamlRootList == null || yamlRootList.isEmpty()) { - installLog.addMessage(LOG, " " + sourceFile + " has no instructions"); - continue; - } - } catch (ClassCastException e) { - throw new NoListOnTopLevelException("Each yaml file must contain a list on the top level but the yaml at " + sourceFile + " does not.", e); - } catch (YAMLException e) { - throw new IllegalArgumentException("Invalid yaml source file " + sourceFile + ": "+ e, e); - } - yamlRootList = yamlMacroProcessor.processMacros(yamlRootList, globalVariables, installLog, session); - // set merged config per file to ensure it is there in case of validation errors (for success, the actual merged config is set - // after this loop) - installLog.setMergedAndProcessedConfig("# File " + sourceFile + "\n" + yamlRootList); - - final Set sectionIdentifiers = new LinkedHashSet(); - - // put all section identifiers of current configuration into a set - for (int i = 0; i < yamlRootList.size(); i++) { - sectionIdentifiers.addAll(yamlRootList.get(i).keySet()); - } - configurationsValidator.validateSectionIdentifiers(sectionIdentifiers, sourceFile); - - // --- global configuration section - try { - globalConfiguration.merge(configReader.getGlobalConfiguration(yamlRootList)); - } catch (IllegalArgumentException e) { - throw new IllegalArgumentException("Invalid global configuration in " + sourceFile + ": " + e, e); - } - - // --- authorizables config section - - final AuthorizableValidator authorizableValidator = new AuthorizableValidatorImpl(Constants.GROUPS_ROOT, Constants.USERS_ROOT); - final AuthorizablesConfig groupsFromThisConfig = configReader.getGroupConfigurationBeans( - yamlRootList, authorizableValidator); - // add AuthorizableConfigBeans built from current configuration to set containing AuthorizableConfigBeans from all - // configurations - if (groupsFromThisConfig != null) { - mergedAuthorizablesBeansfromConfig.addAll(groupsFromThisConfig); - } - - final AuthorizablesConfig usersMapFromThisConfig = configReader.getUserConfigurationBeans( - yamlRootList, authorizableValidator); - if (usersMapFromThisConfig != null) { - mergedAuthorizablesBeansfromConfig.addAll(usersMapFromThisConfig); - } - - // validate duplicate authorizables - final Set authorizableIdsFromCurrentConfig = new HashSet(); - if (groupsFromThisConfig != null) { - authorizableIdsFromCurrentConfig.addAll(groupsFromThisConfig.getAuthorizableIds()); - } - if (usersMapFromThisConfig != null) { - authorizableIdsFromCurrentConfig.addAll(usersMapFromThisConfig.getAuthorizableIds()); - } - - if (authorizableIdsFromCurrentConfig != null) { - configurationsValidator.validateDuplicateAuthorizables(authorizableIdsFromAllConfigs, authorizableIdsFromCurrentConfig, - sourceFile); - // add IDs from authorizables from current configuration to set - authorizableIdsFromAllConfigs.addAll(authorizableIdsFromCurrentConfig); - } - - // --- ace_config section - final Set currentAceBeansFromConfig = configReader.getAceConfigurationBeans(yamlRootList, - getAceBeanValidator(authorizableIdsFromAllConfigs), session, sourceFile); - - configurationsValidator.validateKeepOrder(mergedAceBeansFromConfig, currentAceBeansFromConfig, sourceFile); - - // add AceBeans built from current configuration to set containing AceBeans from all configurations - if (currentAceBeansFromConfig != null) { - mergedAceBeansFromConfig.addAll(currentAceBeansFromConfig); - } - - configurationsValidator.validateInitialContentForNoDuplicates(mergedAceBeansFromConfig); - - // --- obsolete authorizables config section - obsoleteAuthorizables.addAll(configReader.getObsoluteAuthorizables(yamlRootList)); - obsoleteAuthorizablesValidator.validate(obsoleteAuthorizables, authorizableIdsFromAllConfigs, sourceFile); - - installLog.addVerboseMessage(LOG, - "Loaded configuration file " + sourceFile + " in " + msHumanReadable(System.currentTimeMillis() - configFileStart)); - } - - ensureIsMemberOfIsUsedWherePossible(mergedAuthorizablesBeansfromConfig, installLog); - - GlobalConfigurationValidator.validate(globalConfiguration); - - AcConfiguration acConfiguration = new AcConfiguration(); - acConfiguration.setGlobalConfiguration(globalConfiguration); - acConfiguration.setAuthorizablesConfig(mergedAuthorizablesBeansfromConfig); - acConfiguration.setAceConfig(mergedAceBeansFromConfig); - acConfiguration.setObsoleteAuthorizables(obsoleteAuthorizables); - - virtualGroupProcessor.flattenGroupTree(acConfiguration, installLog); - - testUserConfigsCreator.createTestUserConfigs(acConfiguration, installLog); - - if(!Boolean.TRUE.equals(globalConfiguration.getAllowCreateOfUnmanagedRelationships())) { - UnmangedExternalMemberRelationshipChecker.validate(acConfiguration); - } - - externalGroupsInIsMemberOfValidator.validateIsMemberOfConfig(acConfiguration, installLog, globalConfiguration); - - installLog.setMergedAndProcessedConfig( - "# Merged configuration of " + configFileContentByFilename.size() + " files \n" + acConfiguration); - - installLog.addMessage(LOG, "Loaded configuration in " + msHumanReadable(System.currentTimeMillis() - wholeConfigStart)); - - return acConfiguration; - } - - - private Map getGlobalVariablesForYamlMacroProcessing() { - Map globalVariables = new HashMap<>(); - if(slingSettingsService != null) { - globalVariables.put(GLOBAL_VAR_RUNMODES, new ArrayList(slingSettingsService.getRunModes())); - } - return globalVariables; - } - - AceBeanValidatorImpl getAceBeanValidator(final Set authorizableIdsFromAllConfigs) { - return new AceBeanValidatorImpl(authorizableIdsFromAllConfigs); - } - - void ensureIsMemberOfIsUsedWherePossible(AuthorizablesConfig mergedAuthorizablesBeansfromConfig, - InstallationLogger history) { - - for (AuthorizableConfigBean group : mergedAuthorizablesBeansfromConfig) { - if (!group.isGroup()) { - continue; - } - - final String groupName = group.getAuthorizableId(); - - String[] origMembersArr = group.getMembers(); - - if ((origMembersArr == null) || (origMembersArr.length == 0)) { - continue; - } - - final List members = new ArrayList(Arrays.asList(origMembersArr)); - - Iterator membersIt = members.iterator(); - while (membersIt.hasNext()) { - String member = membersIt.next(); - - AuthorizableConfigBean groupForIsMemberOf = mergedAuthorizablesBeansfromConfig.getAuthorizableConfig(member); - - boolean memberContainedInConfig = groupForIsMemberOf != null; - if (memberContainedInConfig) { - groupForIsMemberOf.addIsMemberOf(groupName); - membersIt.remove(); - history.addVerboseMessage(LOG, "Group " + group.getAuthorizableId() + " is declaring member " + member - + " - moving relationship to isMemberOf of authorizable " + groupForIsMemberOf.getAuthorizableId() - + " (always prefer using isMemberOf over members if referenced member is availalbe in configuration)"); - } - - } - group.setMembers(members.toArray(new String[members.size()])); - - } - } -} +package biz.netcentric.cq.tools.actool.configreader; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import static biz.netcentric.cq.tools.actool.history.impl.PersistableInstallationLogger.msHumanReadable; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedHashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.regex.Pattern; + +import javax.jcr.RepositoryException; +import javax.jcr.Session; + +import org.osgi.service.cm.ConfigurationPlugin; +import org.osgi.service.component.annotations.Component; +import org.osgi.service.component.annotations.Reference; +import org.osgi.service.component.annotations.ReferenceCardinality; +import org.osgi.service.component.annotations.ReferencePolicyOption; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.yaml.snakeyaml.Yaml; +import org.yaml.snakeyaml.error.YAMLException; + +import biz.netcentric.cq.tools.actool.configmodel.AcConfiguration; +import biz.netcentric.cq.tools.actool.configmodel.AceBean; +import biz.netcentric.cq.tools.actool.configmodel.AcesConfig; +import biz.netcentric.cq.tools.actool.configmodel.AuthorizableConfigBean; +import biz.netcentric.cq.tools.actool.configmodel.AuthorizablesConfig; +import biz.netcentric.cq.tools.actool.configmodel.GlobalConfiguration; +import biz.netcentric.cq.tools.actool.helper.Constants; +import biz.netcentric.cq.tools.actool.history.InstallationLogger; +import biz.netcentric.cq.tools.actool.history.impl.PersistableInstallationLogger; +import biz.netcentric.cq.tools.actool.slingsettings.ExtendedSlingSettingsService; +import biz.netcentric.cq.tools.actool.validators.AuthorizableValidator; +import biz.netcentric.cq.tools.actool.validators.ExternalGroupsInIsMemberOfValidator; +import biz.netcentric.cq.tools.actool.validators.ConfigurationsValidator; +import biz.netcentric.cq.tools.actool.validators.GlobalConfigurationValidator; +import biz.netcentric.cq.tools.actool.validators.ObsoleteAuthorizablesValidator; +import biz.netcentric.cq.tools.actool.validators.UnmangedExternalMemberRelationshipChecker; +import biz.netcentric.cq.tools.actool.validators.YamlConfigurationsValidator; +import biz.netcentric.cq.tools.actool.validators.exceptions.AcConfigBeanValidationException; +import biz.netcentric.cq.tools.actool.validators.exceptions.NoListOnTopLevelException; +import biz.netcentric.cq.tools.actool.validators.impl.AceBeanValidatorImpl; +import biz.netcentric.cq.tools.actool.validators.impl.AuthorizableValidatorImpl; + +@Component +public class YamlConfigurationMerger implements ConfigurationMerger { + + private static final Logger LOG = LoggerFactory.getLogger(YamlConfigurationMerger.class); + + public static final String GLOBAL_VAR_RUNMODES = "RUNMODES"; + + @Reference(policyOption = ReferencePolicyOption.GREEDY) + YamlMacroProcessor yamlMacroProcessor; + + @Reference(policyOption = ReferencePolicyOption.GREEDY) + ObsoleteAuthorizablesValidator obsoleteAuthorizablesValidator; + + @Reference(policyOption = ReferencePolicyOption.GREEDY) + ExternalGroupsInIsMemberOfValidator externalGroupsInIsMemberOfValidator; + + @Reference(policyOption = ReferencePolicyOption.GREEDY) + VirtualGroupProcessor virtualGroupProcessor; + + @Reference(policyOption = ReferencePolicyOption.GREEDY) + TestUserConfigsCreator testUserConfigsCreator; + + @Reference(policyOption = ReferencePolicyOption.GREEDY) + ExtendedSlingSettingsService slingSettingsService; + + @Reference(cardinality = ReferenceCardinality.OPTIONAL, policyOption = ReferencePolicyOption.GREEDY, target="(config.plugin.id=org.apache.felix.configadmin.plugin.interpolation)") + ConfigurationPlugin interpolationPlugin; + + /** Regular expression which matches against values which should be interpolated, see https://github.com/apache/felix-dev/blob/master/configadmin-plugins/interpolation/README.md */ + public static final Pattern CONFIG_ADMIN_INTERPOLATOR_FORMAT = Pattern.compile(".*\\$\\[(env|secret|prop):[^\\]]*\\].*"); + + @Override + public AcConfiguration getMergedConfigurations( + final Map configFileContentByFilename, + final PersistableInstallationLogger installLog, + final ConfigReader configReader, Session session) throws RepositoryException, + AcConfigBeanValidationException { + + long wholeConfigStart = System.currentTimeMillis(); + + final GlobalConfiguration globalConfiguration = new GlobalConfiguration(); + final AuthorizablesConfig mergedAuthorizablesBeansfromConfig = new AuthorizablesConfig(); + final AcesConfig mergedAceBeansFromConfig = new AcesConfig(); + final Set authorizableIdsFromAllConfigs = new HashSet(); // needed for detection of doubled defined groups in + // configurations + final Set obsoleteAuthorizables = new HashSet(); + + final Yaml yamlParser; + if (interpolationPlugin != null) { + yamlParser = new Yaml(new YamlConfigurationAdminPluginScalarConstructor(installLog, interpolationPlugin)); + // bind constructor to certain scalar formats (compare with https://bitbucket.org/asomov/snakeyaml/src/master/src/test/java/org/yaml/snakeyaml/env/EnvVariableTest.java) + yamlParser.addImplicitResolver(YamlConfigurationAdminPluginScalarConstructor.TAG, CONFIG_ADMIN_INTERPOLATOR_FORMAT, null); + installLog.addMessage(LOG, "Using YAML parser with ConfigurationAdmin Plugin placeholder support"); + } else { + yamlParser = new Yaml(); + } + final ConfigurationsValidator configurationsValidator = new YamlConfigurationsValidator(); + + Map globalVariables = getGlobalVariablesForYamlMacroProcessing(); + + for (final Map.Entry entry : configFileContentByFilename.entrySet()) { + + long configFileStart = System.currentTimeMillis(); + + String sourceFile = entry.getKey(); + installLog.addMessage(LOG, "Using configuration file " + sourceFile); + + List yamlRootList; + try { + yamlRootList = yamlParser.loadAs(entry.getValue(), List.class); + if (yamlRootList == null || yamlRootList.isEmpty()) { + installLog.addMessage(LOG, " " + sourceFile + " has no instructions"); + continue; + } + } catch (ClassCastException e) { + throw new NoListOnTopLevelException("Each yaml file must contain a list on the top level but the yaml at " + sourceFile + " does not.", e); + } catch (YAMLException e) { + throw new IllegalArgumentException("Invalid yaml source file " + sourceFile + ": "+ e, e); + } + yamlRootList = yamlMacroProcessor.processMacros(yamlRootList, globalVariables, installLog, session); + // set merged config per file to ensure it is there in case of validation errors (for success, the actual merged config is set + // after this loop) + installLog.setMergedAndProcessedConfig("# File " + sourceFile + "\n" + yamlRootList); + + final Set sectionIdentifiers = new LinkedHashSet(); + + // put all section identifiers of current configuration into a set + for (int i = 0; i < yamlRootList.size(); i++) { + sectionIdentifiers.addAll(yamlRootList.get(i).keySet()); + } + configurationsValidator.validateSectionIdentifiers(sectionIdentifiers, sourceFile); + + // --- global configuration section + try { + globalConfiguration.merge(configReader.getGlobalConfiguration(yamlRootList)); + } catch (IllegalArgumentException e) { + throw new IllegalArgumentException("Invalid global configuration in " + sourceFile + ": " + e, e); + } + + // --- authorizables config section + + final AuthorizableValidator authorizableValidator = new AuthorizableValidatorImpl(Constants.GROUPS_ROOT, Constants.USERS_ROOT); + final AuthorizablesConfig groupsFromThisConfig = configReader.getGroupConfigurationBeans( + yamlRootList, authorizableValidator); + // add AuthorizableConfigBeans built from current configuration to set containing AuthorizableConfigBeans from all + // configurations + if (groupsFromThisConfig != null) { + mergedAuthorizablesBeansfromConfig.addAll(groupsFromThisConfig); + } + + final AuthorizablesConfig usersMapFromThisConfig = configReader.getUserConfigurationBeans( + yamlRootList, authorizableValidator); + if (usersMapFromThisConfig != null) { + mergedAuthorizablesBeansfromConfig.addAll(usersMapFromThisConfig); + } + + // validate duplicate authorizables + final Set authorizableIdsFromCurrentConfig = new HashSet(); + if (groupsFromThisConfig != null) { + authorizableIdsFromCurrentConfig.addAll(groupsFromThisConfig.getAuthorizableIds()); + } + if (usersMapFromThisConfig != null) { + authorizableIdsFromCurrentConfig.addAll(usersMapFromThisConfig.getAuthorizableIds()); + } + + if (authorizableIdsFromCurrentConfig != null) { + configurationsValidator.validateDuplicateAuthorizables(authorizableIdsFromAllConfigs, authorizableIdsFromCurrentConfig, + sourceFile); + // add IDs from authorizables from current configuration to set + authorizableIdsFromAllConfigs.addAll(authorizableIdsFromCurrentConfig); + } + + // --- ace_config section + final Set currentAceBeansFromConfig = configReader.getAceConfigurationBeans(yamlRootList, + getAceBeanValidator(authorizableIdsFromAllConfigs), session, sourceFile); + + configurationsValidator.validateKeepOrder(mergedAceBeansFromConfig, currentAceBeansFromConfig, sourceFile); + + // add AceBeans built from current configuration to set containing AceBeans from all configurations + if (currentAceBeansFromConfig != null) { + mergedAceBeansFromConfig.addAll(currentAceBeansFromConfig); + } + + configurationsValidator.validateInitialContentForNoDuplicates(mergedAceBeansFromConfig); + + // --- obsolete authorizables config section + obsoleteAuthorizables.addAll(configReader.getObsoluteAuthorizables(yamlRootList)); + obsoleteAuthorizablesValidator.validate(obsoleteAuthorizables, authorizableIdsFromAllConfigs, sourceFile); + + installLog.addVerboseMessage(LOG, + "Loaded configuration file " + sourceFile + " in " + msHumanReadable(System.currentTimeMillis() - configFileStart)); + } + + ensureIsMemberOfIsUsedWherePossible(mergedAuthorizablesBeansfromConfig, installLog); + + GlobalConfigurationValidator.validate(globalConfiguration); + + AcConfiguration acConfiguration = new AcConfiguration(); + acConfiguration.setGlobalConfiguration(globalConfiguration); + acConfiguration.setAuthorizablesConfig(mergedAuthorizablesBeansfromConfig); + acConfiguration.setAceConfig(mergedAceBeansFromConfig); + acConfiguration.setObsoleteAuthorizables(obsoleteAuthorizables); + + virtualGroupProcessor.flattenGroupTree(acConfiguration, installLog); + + testUserConfigsCreator.createTestUserConfigs(acConfiguration, installLog); + + if(!Boolean.TRUE.equals(globalConfiguration.getAllowCreateOfUnmanagedRelationships())) { + UnmangedExternalMemberRelationshipChecker.validate(acConfiguration); + } + + externalGroupsInIsMemberOfValidator.validateIsMemberOfConfig(acConfiguration, installLog, globalConfiguration); + + installLog.setMergedAndProcessedConfig( + "# Merged configuration of " + configFileContentByFilename.size() + " files \n" + acConfiguration); + + installLog.addMessage(LOG, "Loaded configuration in " + msHumanReadable(System.currentTimeMillis() - wholeConfigStart)); + + return acConfiguration; + } + + + private Map getGlobalVariablesForYamlMacroProcessing() { + Map globalVariables = new HashMap<>(); + if(slingSettingsService != null) { + globalVariables.put(GLOBAL_VAR_RUNMODES, new ArrayList(slingSettingsService.getRunModes())); + } + return globalVariables; + } + + AceBeanValidatorImpl getAceBeanValidator(final Set authorizableIdsFromAllConfigs) { + return new AceBeanValidatorImpl(authorizableIdsFromAllConfigs); + } + + void ensureIsMemberOfIsUsedWherePossible(AuthorizablesConfig mergedAuthorizablesBeansfromConfig, + InstallationLogger history) { + + for (AuthorizableConfigBean group : mergedAuthorizablesBeansfromConfig) { + if (!group.isGroup()) { + continue; + } + + final String groupName = group.getAuthorizableId(); + + String[] origMembersArr = group.getMembers(); + + if ((origMembersArr == null) || (origMembersArr.length == 0)) { + continue; + } + + final List members = new ArrayList(Arrays.asList(origMembersArr)); + + Iterator membersIt = members.iterator(); + while (membersIt.hasNext()) { + String member = membersIt.next(); + + AuthorizableConfigBean groupForIsMemberOf = mergedAuthorizablesBeansfromConfig.getAuthorizableConfig(member); + + boolean memberContainedInConfig = groupForIsMemberOf != null; + if (memberContainedInConfig) { + groupForIsMemberOf.addIsMemberOf(groupName); + membersIt.remove(); + history.addVerboseMessage(LOG, "Group " + group.getAuthorizableId() + " is declaring member " + member + + " - moving relationship to isMemberOf of authorizable " + groupForIsMemberOf.getAuthorizableId() + + " (always prefer using isMemberOf over members if referenced member is availalbe in configuration)"); + } + + } + group.setMembers(members.toArray(new String[members.size()])); + + } + } +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroChildNodeObjectsProvider.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroChildNodeObjectsProvider.java index c318a7b4a..656c025c5 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroChildNodeObjectsProvider.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroChildNodeObjectsProvider.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.configreader; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.configreader; import java.util.List; @@ -21,4 +26,4 @@ public interface YamlMacroChildNodeObjectsProvider { List getValuesForPath(String pathOfChildrenOfClause, InstallationLogger history, Session session, boolean includeContent); -} \ No newline at end of file +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroChildNodeObjectsProviderImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroChildNodeObjectsProviderImpl.java index 7ecceb053..207336d98 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroChildNodeObjectsProviderImpl.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroChildNodeObjectsProviderImpl.java @@ -1,146 +1,151 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.configreader; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.jcr.Node; -import javax.jcr.NodeIterator; -import javax.jcr.PathNotFoundException; -import javax.jcr.Property; -import javax.jcr.PropertyIterator; -import javax.jcr.PropertyType; -import javax.jcr.RepositoryException; -import javax.jcr.Session; -import javax.jcr.Value; -import javax.jcr.ValueFormatException; - -import org.apache.sling.jcr.api.SlingRepository; -import org.osgi.service.component.annotations.Component; -import org.osgi.service.component.annotations.Reference; -import org.osgi.service.component.annotations.ReferencePolicyOption; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.day.cq.commons.jcr.JcrConstants; - -import biz.netcentric.cq.tools.actool.history.InstallationLogger; - -@Component -public class YamlMacroChildNodeObjectsProviderImpl implements YamlMacroChildNodeObjectsProvider { - - private static final Logger LOG = LoggerFactory.getLogger(YamlMacroChildNodeObjectsProviderImpl.class); - - @Reference(policyOption = ReferencePolicyOption.GREEDY) - private SlingRepository repository; - - @Override - public List getValuesForPath(String pathOfChildrenOfClause, InstallationLogger history, Session session, boolean includeContent) { - - LOG.debug("FOR Loop: Getting children for {} with content {}", pathOfChildrenOfClause, includeContent); - - List results = new ArrayList(); - - try { - - Node node = session.getNode(pathOfChildrenOfClause); - - NodeIterator childrenIt = node.getNodes(); - while (childrenIt.hasNext()) { - Node childNode = (Node) childrenIt.next(); - - if (childNode.getName().startsWith("jcr:") - || childNode.getName().startsWith("rep:") - || childNode.getName().startsWith("oak:")) { - continue; - } - - Map childNodeObjectForEl = new HashMap(); - - childNodeObjectForEl.put("name", childNode.getName()); - childNodeObjectForEl.put("path", childNode.getPath()); - childNodeObjectForEl.put("primaryType", childNode.getPrimaryNodeType().toString()); - - if (childNode.hasNode(JcrConstants.JCR_CONTENT)) { - Node jcrContentNode = childNode.getNode(JcrConstants.JCR_CONTENT); - - if (jcrContentNode.hasProperty(JcrConstants.JCR_TITLE)) { - childNodeObjectForEl.put("title", jcrContentNode.getProperty(JcrConstants.JCR_TITLE).getString()); - } - - Map jcrContentSubNode = getValuesForNode(jcrContentNode, includeContent); - childNodeObjectForEl.put(JcrConstants.JCR_CONTENT, jcrContentSubNode); - } - - results.add(childNodeObjectForEl); - } - - } catch (PathNotFoundException e) { - history.addWarning(LOG, - "Path " + pathOfChildrenOfClause + " as configured for source for FOR loop does not exist! (statement skipped)"); - - } catch (RepositoryException e) { - throw new IllegalStateException("Could not get children of path " + pathOfChildrenOfClause + ": " + e, e); - } - - history.addVerboseMessage(LOG, "Loop for children of " + pathOfChildrenOfClause + " evaluates to " + results.size() + " children"); - - return results; - } - - private Map getValuesForNode(Node node, boolean includeChildren) throws RepositoryException { - PropertyIterator propertiesIt = node.getProperties(); - Map values = new HashMap(); - while (propertiesIt.hasNext()) { - Property prop = (Property) propertiesIt.next(); - if (prop.isMultiple()) { - values.put(prop.getName(), valuesToStringArr(prop.getValues())); - } else { - Value value = prop.getValue(); - if (isIrrelevantType(value)) { - continue; - } - String strVal = value.getString(); - values.put(prop.getName(), strVal); - } - } - - if (includeChildren) { - NodeIterator iterator = node.getNodes(); - while (iterator.hasNext()) { - Node child = iterator.nextNode(); - values.put(child.getName(), getValuesForNode(child, includeChildren)); - } - } - - return values; - } - - private boolean isIrrelevantType(Value value) { - return value.getType() == PropertyType.BINARY - || value.getType() == PropertyType.REFERENCE - || value.getType() == PropertyType.WEAKREFERENCE; - } - - private String[] valuesToStringArr(Value[] values) throws ValueFormatException, RepositoryException { - List strVals = new ArrayList(); - for (int i = 0; i < values.length; i++) { - Value value = values[i]; - if (isIrrelevantType(value)) { - continue; - } - strVals.add(value.getString()); - } - return strVals.toArray(new String[strVals.size()]); - } - -} +package biz.netcentric.cq.tools.actool.configreader; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.jcr.Node; +import javax.jcr.NodeIterator; +import javax.jcr.PathNotFoundException; +import javax.jcr.Property; +import javax.jcr.PropertyIterator; +import javax.jcr.PropertyType; +import javax.jcr.RepositoryException; +import javax.jcr.Session; +import javax.jcr.Value; +import javax.jcr.ValueFormatException; + +import org.apache.sling.jcr.api.SlingRepository; +import org.osgi.service.component.annotations.Component; +import org.osgi.service.component.annotations.Reference; +import org.osgi.service.component.annotations.ReferencePolicyOption; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import com.day.cq.commons.jcr.JcrConstants; + +import biz.netcentric.cq.tools.actool.history.InstallationLogger; + +@Component +public class YamlMacroChildNodeObjectsProviderImpl implements YamlMacroChildNodeObjectsProvider { + + private static final Logger LOG = LoggerFactory.getLogger(YamlMacroChildNodeObjectsProviderImpl.class); + + @Reference(policyOption = ReferencePolicyOption.GREEDY) + private SlingRepository repository; + + @Override + public List getValuesForPath(String pathOfChildrenOfClause, InstallationLogger history, Session session, boolean includeContent) { + + LOG.debug("FOR Loop: Getting children for {} with content {}", pathOfChildrenOfClause, includeContent); + + List results = new ArrayList(); + + try { + + Node node = session.getNode(pathOfChildrenOfClause); + + NodeIterator childrenIt = node.getNodes(); + while (childrenIt.hasNext()) { + Node childNode = (Node) childrenIt.next(); + + if (childNode.getName().startsWith("jcr:") + || childNode.getName().startsWith("rep:") + || childNode.getName().startsWith("oak:")) { + continue; + } + + Map childNodeObjectForEl = new HashMap(); + + childNodeObjectForEl.put("name", childNode.getName()); + childNodeObjectForEl.put("path", childNode.getPath()); + childNodeObjectForEl.put("primaryType", childNode.getPrimaryNodeType().toString()); + + if (childNode.hasNode(JcrConstants.JCR_CONTENT)) { + Node jcrContentNode = childNode.getNode(JcrConstants.JCR_CONTENT); + + if (jcrContentNode.hasProperty(JcrConstants.JCR_TITLE)) { + childNodeObjectForEl.put("title", jcrContentNode.getProperty(JcrConstants.JCR_TITLE).getString()); + } + + Map jcrContentSubNode = getValuesForNode(jcrContentNode, includeContent); + childNodeObjectForEl.put(JcrConstants.JCR_CONTENT, jcrContentSubNode); + } + + results.add(childNodeObjectForEl); + } + + } catch (PathNotFoundException e) { + history.addWarning(LOG, + "Path " + pathOfChildrenOfClause + " as configured for source for FOR loop does not exist! (statement skipped)"); + + } catch (RepositoryException e) { + throw new IllegalStateException("Could not get children of path " + pathOfChildrenOfClause + ": " + e, e); + } + + history.addVerboseMessage(LOG, "Loop for children of " + pathOfChildrenOfClause + " evaluates to " + results.size() + " children"); + + return results; + } + + private Map getValuesForNode(Node node, boolean includeChildren) throws RepositoryException { + PropertyIterator propertiesIt = node.getProperties(); + Map values = new HashMap(); + while (propertiesIt.hasNext()) { + Property prop = (Property) propertiesIt.next(); + if (prop.isMultiple()) { + values.put(prop.getName(), valuesToStringArr(prop.getValues())); + } else { + Value value = prop.getValue(); + if (isIrrelevantType(value)) { + continue; + } + String strVal = value.getString(); + values.put(prop.getName(), strVal); + } + } + + if (includeChildren) { + NodeIterator iterator = node.getNodes(); + while (iterator.hasNext()) { + Node child = iterator.nextNode(); + values.put(child.getName(), getValuesForNode(child, includeChildren)); + } + } + + return values; + } + + private boolean isIrrelevantType(Value value) { + return value.getType() == PropertyType.BINARY + || value.getType() == PropertyType.REFERENCE + || value.getType() == PropertyType.WEAKREFERENCE; + } + + private String[] valuesToStringArr(Value[] values) throws ValueFormatException, RepositoryException { + List strVals = new ArrayList(); + for (int i = 0; i < values.length; i++) { + Value value = values[i]; + if (isIrrelevantType(value)) { + continue; + } + strVals.add(value.getString()); + } + return strVals.toArray(new String[strVals.size()]); + } + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroElEvaluator.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroElEvaluator.java index c45edd4bc..df194b6da 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroElEvaluator.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroElEvaluator.java @@ -1,262 +1,267 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.configreader; - -import java.beans.FeatureDescriptor; -import java.lang.reflect.Method; -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Map; - -import jakarta.el.ArrayELResolver; -import jakarta.el.BeanELResolver; -import jakarta.el.CompositeELResolver; -import jakarta.el.ELContext; -import jakarta.el.ELResolver; -import jakarta.el.ExpressionFactory; -import jakarta.el.FunctionMapper; -import jakarta.el.ListELResolver; -import jakarta.el.MapELResolver; -import jakarta.el.ValueExpression; -import jakarta.el.VariableMapper; - -import org.apache.commons.lang3.ArrayUtils; -import org.apache.commons.lang3.StringEscapeUtils; -import org.apache.commons.lang3.StringUtils; -import org.apache.el.ExpressionFactoryImpl; - -/** Evaluates expressions that may contain variables from for loops. - * - * Not an OSGi Service as it carries state and is not multi-threading safe. - * - * @author ghenzler */ -public class YamlMacroElEvaluator { - - private ExpressionFactory expressionFactory; - private ELContext context; - - private Map vars = new HashMap(); - - public YamlMacroElEvaluator() { - - expressionFactory = new ExpressionFactoryImpl(); - - final VariableMapper variableMapper = new ElVariableMapper(); - final ElFunctionMapper functionMapper = new ElFunctionMapper(); - final CompositeELResolver compositeELResolver = new CompositeELResolver(); - - compositeELResolver.add(new BaseELResolver()); - compositeELResolver.add(new ArrayELResolver()); - compositeELResolver.add(new ListELResolver()); - compositeELResolver.add(new BeanELResolver()); - compositeELResolver.add(new MapELResolver()); - context = new ELContext() { - @Override - public ELResolver getELResolver() { - return compositeELResolver; - } - - @Override - public FunctionMapper getFunctionMapper() { - return functionMapper; - } - - @Override - public VariableMapper getVariableMapper() { - return variableMapper; - } - - @Override - public Object convertToType(Object obj, Class type) { - if(obj == null) { - return null; - } - if(type == null) { - return obj; - } - if(type.equals(String.class)) { - return String.valueOf(obj); - } - if(type.isAssignableFrom(obj.getClass())) { - return obj; - } else { - // no special conversions supported - throw new IllegalStateException("Cannot convert "+obj.getClass() +" to " + type + " (object: "+obj+")"); - } - } - }; - } - - public T evaluateEl(String el, Class expectedResultType, Map variables) { - - vars = variables; - - ValueExpression expression = expressionFactory.createValueExpression(context, el, expectedResultType); - T value = (T) expression.getValue(context); - return value; - } - - public static class ElFunctionMapper extends FunctionMapper { - - private Map functionMap = new HashMap(); - - public ElFunctionMapper() { - - try { - Method[] exportedMethods = new Method[] { - - StringUtils.class.getMethod("split", new Class[] { String.class, String.class }), - StringUtils.class.getMethod("join", new Class[] { Object[].class, String.class }), - ArrayUtils.class.getMethod("subarray", new Class[] { Object[].class, int.class, int.class }), - - StringUtils.class.getMethod("upperCase", new Class[] { String.class }), - StringUtils.class.getMethod("lowerCase", new Class[] { String.class }), - StringUtils.class.getMethod("capitalize", new Class[] { String.class }), - StringUtils.class.getMethod("substringAfter", new Class[] { String.class, String.class }), - StringUtils.class.getMethod("substringBefore", new Class[] { String.class, String.class }), - StringUtils.class.getMethod("substringAfterLast", new Class[] { String.class, String.class }), - StringUtils.class.getMethod("substringBeforeLast", new Class[] { String.class, String.class }), - StringUtils.class.getMethod("contains", new Class[] { CharSequence.class, CharSequence.class }), - StringUtils.class.getMethod("endsWith", new Class[] { CharSequence.class, CharSequence.class }), - StringUtils.class.getMethod("startsWith", new Class[] { CharSequence.class, CharSequence.class }), - StringUtils.class.getMethod("replace", new Class[] { String.class, String.class, String.class }), - StringUtils.class.getMethod("length", new Class[] { CharSequence.class }), - StringUtils.class.getMethod("defaultIfEmpty", new Class[] { CharSequence.class, CharSequence.class }), - - YamlMacroElEvaluator.ElFunctionMapper.class.getMethod("containsItem", new Class[] { List.class, String.class }), - YamlMacroElEvaluator.ElFunctionMapper.class.getMethod("containsAllItems", new Class[] { List.class, List.class }), - YamlMacroElEvaluator.ElFunctionMapper.class.getMethod("containsAnyItem", new Class[] { List.class, List.class }), - YamlMacroElEvaluator.ElFunctionMapper.class.getMethod("keys", new Class[] { Map.class }), - YamlMacroElEvaluator.ElFunctionMapper.class.getMethod("values", new Class[] { Map.class }), - YamlMacroElEvaluator.ElFunctionMapper.class.getMethod("escapeXml", new Class[] { String.class }) - }; - for (Method method : exportedMethods) { - functionMap.put(method.getName(), method); - } - - } catch (NoSuchMethodException e) { - throw new IllegalStateException("Class StringUtils/ArrayUtils is missing expected methods", e); - } - - } - - @Override - public Method resolveFunction(String prefix, String localName) { - String key = (StringUtils.isNotBlank(prefix) ? prefix + ":" : "") + localName; - return functionMap.get(key); - } - - // -- additional functions not available in StringUtils or ArrayUtils - public static boolean containsItem(List list, String element) { - return list.contains(element); - } - - public static boolean containsAllItems(List list, List items) { - return list.containsAll(items); - } - - public static boolean containsAnyItem(List list, List items) { - return !Collections.disjoint(list, items); - } - - public static List keys(Map map) { - return new ArrayList<>(map.keySet()); - } - public static List values(Map map) { - return new ArrayList<>(map.values()); - } - - public static String escapeXml(String input) { - // DocView is XML 1.0 - return StringEscapeUtils.escapeXml10(input); - } - } - - class ElVariableMapper extends VariableMapper { - - @Override - public ValueExpression resolveVariable(String paramString) { - Object value = vars.get(paramString); - if (value == null && paramString.equals("env")) { - value = System.getenv(); - } - return value != null ? expressionFactory.createValueExpression(value, value.getClass()) : null; - } - - @Override - public ValueExpression setVariable(String paramString, ValueExpression paramValueExpression) { - throw new UnsupportedOperationException(); - } - - } - - /** extra base resolver needed to allow to put maps on root level, see - * http://illegalargumentexception.blogspot.com.es/2008/04/java-using-el-outside-j2ee.html */ - class BaseELResolver extends ELResolver { - - private ELResolver delegate = new MapELResolver(); - - public BaseELResolver() { - } - - @Override - public Object getValue(ELContext context, Object base, Object property) { - if (base == null) { - base = vars; - } - return delegate.getValue(context, base, property); - } - - @Override - public Class getCommonPropertyType(ELContext context, Object base) { - if (base == null) { - base = vars; - } - return delegate.getCommonPropertyType(context, base); - } - - @Override - public Iterator getFeatureDescriptors(ELContext context, - Object base) { - if (base == null) { - base = vars; - } - return delegate.getFeatureDescriptors(context, base); - } - - @Override - public Class getType(ELContext context, Object base, Object property) { - if (base == null) { - base = vars; - } - return delegate.getType(context, base, property); - } - - @Override - public boolean isReadOnly(ELContext context, Object base, Object property) { - if (base == null) { - base = vars; - } - return delegate.isReadOnly(context, base, property); - } - - @Override - public void setValue(ELContext context, Object base, Object property, Object value) { - if (base == null) { - base = vars; - } - delegate.setValue(context, base, property, value); - } - - } - -} +package biz.netcentric.cq.tools.actool.configreader; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import java.beans.FeatureDescriptor; +import java.lang.reflect.Method; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +import jakarta.el.ArrayELResolver; +import jakarta.el.BeanELResolver; +import jakarta.el.CompositeELResolver; +import jakarta.el.ELContext; +import jakarta.el.ELResolver; +import jakarta.el.ExpressionFactory; +import jakarta.el.FunctionMapper; +import jakarta.el.ListELResolver; +import jakarta.el.MapELResolver; +import jakarta.el.ValueExpression; +import jakarta.el.VariableMapper; + +import org.apache.commons.lang3.ArrayUtils; +import org.apache.commons.lang3.StringEscapeUtils; +import org.apache.commons.lang3.StringUtils; +import org.apache.el.ExpressionFactoryImpl; + +/** Evaluates expressions that may contain variables from for loops. + * + * Not an OSGi Service as it carries state and is not multi-threading safe. + * + * @author ghenzler */ +public class YamlMacroElEvaluator { + + private ExpressionFactory expressionFactory; + private ELContext context; + + private Map vars = new HashMap(); + + public YamlMacroElEvaluator() { + + expressionFactory = new ExpressionFactoryImpl(); + + final VariableMapper variableMapper = new ElVariableMapper(); + final ElFunctionMapper functionMapper = new ElFunctionMapper(); + final CompositeELResolver compositeELResolver = new CompositeELResolver(); + + compositeELResolver.add(new BaseELResolver()); + compositeELResolver.add(new ArrayELResolver()); + compositeELResolver.add(new ListELResolver()); + compositeELResolver.add(new BeanELResolver()); + compositeELResolver.add(new MapELResolver()); + context = new ELContext() { + @Override + public ELResolver getELResolver() { + return compositeELResolver; + } + + @Override + public FunctionMapper getFunctionMapper() { + return functionMapper; + } + + @Override + public VariableMapper getVariableMapper() { + return variableMapper; + } + + @Override + public Object convertToType(Object obj, Class type) { + if(obj == null) { + return null; + } + if(type == null) { + return obj; + } + if(type.equals(String.class)) { + return String.valueOf(obj); + } + if(type.isAssignableFrom(obj.getClass())) { + return obj; + } else { + // no special conversions supported + throw new IllegalStateException("Cannot convert "+obj.getClass() +" to " + type + " (object: "+obj+")"); + } + } + }; + } + + public T evaluateEl(String el, Class expectedResultType, Map variables) { + + vars = variables; + + ValueExpression expression = expressionFactory.createValueExpression(context, el, expectedResultType); + T value = (T) expression.getValue(context); + return value; + } + + public static class ElFunctionMapper extends FunctionMapper { + + private Map functionMap = new HashMap(); + + public ElFunctionMapper() { + + try { + Method[] exportedMethods = new Method[] { + + StringUtils.class.getMethod("split", new Class[] { String.class, String.class }), + StringUtils.class.getMethod("join", new Class[] { Object[].class, String.class }), + ArrayUtils.class.getMethod("subarray", new Class[] { Object[].class, int.class, int.class }), + + StringUtils.class.getMethod("upperCase", new Class[] { String.class }), + StringUtils.class.getMethod("lowerCase", new Class[] { String.class }), + StringUtils.class.getMethod("capitalize", new Class[] { String.class }), + StringUtils.class.getMethod("substringAfter", new Class[] { String.class, String.class }), + StringUtils.class.getMethod("substringBefore", new Class[] { String.class, String.class }), + StringUtils.class.getMethod("substringAfterLast", new Class[] { String.class, String.class }), + StringUtils.class.getMethod("substringBeforeLast", new Class[] { String.class, String.class }), + StringUtils.class.getMethod("contains", new Class[] { CharSequence.class, CharSequence.class }), + StringUtils.class.getMethod("endsWith", new Class[] { CharSequence.class, CharSequence.class }), + StringUtils.class.getMethod("startsWith", new Class[] { CharSequence.class, CharSequence.class }), + StringUtils.class.getMethod("replace", new Class[] { String.class, String.class, String.class }), + StringUtils.class.getMethod("length", new Class[] { CharSequence.class }), + StringUtils.class.getMethod("defaultIfEmpty", new Class[] { CharSequence.class, CharSequence.class }), + + YamlMacroElEvaluator.ElFunctionMapper.class.getMethod("containsItem", new Class[] { List.class, String.class }), + YamlMacroElEvaluator.ElFunctionMapper.class.getMethod("containsAllItems", new Class[] { List.class, List.class }), + YamlMacroElEvaluator.ElFunctionMapper.class.getMethod("containsAnyItem", new Class[] { List.class, List.class }), + YamlMacroElEvaluator.ElFunctionMapper.class.getMethod("keys", new Class[] { Map.class }), + YamlMacroElEvaluator.ElFunctionMapper.class.getMethod("values", new Class[] { Map.class }), + YamlMacroElEvaluator.ElFunctionMapper.class.getMethod("escapeXml", new Class[] { String.class }) + }; + for (Method method : exportedMethods) { + functionMap.put(method.getName(), method); + } + + } catch (NoSuchMethodException e) { + throw new IllegalStateException("Class StringUtils/ArrayUtils is missing expected methods", e); + } + + } + + @Override + public Method resolveFunction(String prefix, String localName) { + String key = (StringUtils.isNotBlank(prefix) ? prefix + ":" : "") + localName; + return functionMap.get(key); + } + + // -- additional functions not available in StringUtils or ArrayUtils + public static boolean containsItem(List list, String element) { + return list.contains(element); + } + + public static boolean containsAllItems(List list, List items) { + return list.containsAll(items); + } + + public static boolean containsAnyItem(List list, List items) { + return !Collections.disjoint(list, items); + } + + public static List keys(Map map) { + return new ArrayList<>(map.keySet()); + } + public static List values(Map map) { + return new ArrayList<>(map.values()); + } + + public static String escapeXml(String input) { + // DocView is XML 1.0 + return StringEscapeUtils.escapeXml10(input); + } + } + + class ElVariableMapper extends VariableMapper { + + @Override + public ValueExpression resolveVariable(String paramString) { + Object value = vars.get(paramString); + if (value == null && paramString.equals("env")) { + value = System.getenv(); + } + return value != null ? expressionFactory.createValueExpression(value, value.getClass()) : null; + } + + @Override + public ValueExpression setVariable(String paramString, ValueExpression paramValueExpression) { + throw new UnsupportedOperationException(); + } + + } + + /** extra base resolver needed to allow to put maps on root level, see + * http://illegalargumentexception.blogspot.com.es/2008/04/java-using-el-outside-j2ee.html */ + class BaseELResolver extends ELResolver { + + private ELResolver delegate = new MapELResolver(); + + public BaseELResolver() { + } + + @Override + public Object getValue(ELContext context, Object base, Object property) { + if (base == null) { + base = vars; + } + return delegate.getValue(context, base, property); + } + + @Override + public Class getCommonPropertyType(ELContext context, Object base) { + if (base == null) { + base = vars; + } + return delegate.getCommonPropertyType(context, base); + } + + @Override + public Iterator getFeatureDescriptors(ELContext context, + Object base) { + if (base == null) { + base = vars; + } + return delegate.getFeatureDescriptors(context, base); + } + + @Override + public Class getType(ELContext context, Object base, Object property) { + if (base == null) { + base = vars; + } + return delegate.getType(context, base, property); + } + + @Override + public boolean isReadOnly(ELContext context, Object base, Object property) { + if (base == null) { + base = vars; + } + return delegate.isReadOnly(context, base, property); + } + + @Override + public void setValue(ELContext context, Object base, Object property, Object value) { + if (base == null) { + base = vars; + } + delegate.setValue(context, base, property, value); + } + + } + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroProcessor.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroProcessor.java index 67385a3ae..2d040fff4 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroProcessor.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroProcessor.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.configreader; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.configreader; import java.util.List; import java.util.Map; @@ -22,4 +27,4 @@ public interface YamlMacroProcessor { List processMacros(List yamlList, Map globalVariables, InstallationLogger history, Session session); -} \ No newline at end of file +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroProcessorImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroProcessorImpl.java index d5a273e2a..c6658b821 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroProcessorImpl.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroProcessorImpl.java @@ -1,324 +1,329 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.configreader; - -import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Iterator; -import java.util.LinkedHashMap; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Set; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import javax.jcr.Session; - -import org.apache.commons.lang3.StringUtils; -import org.osgi.service.component.annotations.Component; -import org.osgi.service.component.annotations.Reference; -import org.osgi.service.component.annotations.ReferencePolicyOption; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import biz.netcentric.cq.tools.actool.helper.Constants; -import biz.netcentric.cq.tools.actool.history.InstallationLogger; - -import org.slf4j.helpers.MessageFormatter; - -@Component -public class YamlMacroProcessorImpl implements YamlMacroProcessor { - - private static final Logger LOG = LoggerFactory.getLogger(YamlMacroProcessorImpl.class); - - private static final Pattern FOR_LOOP_PATTERN = Pattern.compile( - "for +(\\w+)( +with +content)? +in +(?:\\[([,/\\s\\w\\-\\.:]+)\\]|children +of +([^\\s]+)|(\\$\\{[^\\}]+\\}))", - Pattern.CASE_INSENSITIVE); - private static final Pattern IF_PATTERN = Pattern.compile("if +(\\$\\{[^\\}]+\\})", Pattern.CASE_INSENSITIVE); - - private static final String VARIABLE_DEF_BASE_PATTERN = "DEF +([a-z0-9_]+)="; - static final Pattern VARIABLE_DEF_PATTERN_COMPLEX_VAL_FROM_YAML = Pattern.compile(VARIABLE_DEF_BASE_PATTERN, Pattern.CASE_INSENSITIVE); - static final Pattern VARIABLE_DEF_PATTERN_ONE_LINE = Pattern.compile(VARIABLE_DEF_BASE_PATTERN+"(?:\\[(.+)\\]|(\"?)([^\"]*)(\\3))", - Pattern.CASE_INSENSITIVE); - - static final String COMMA_SEPARATED_LIST_SPLITTER = "\\s*,\\s*"; - - YamlMacroElEvaluator elEvaluator = new YamlMacroElEvaluator(); - - @Reference(policyOption = ReferencePolicyOption.GREEDY) - YamlMacroChildNodeObjectsProvider yamlMacroChildNodeObjectsProvider; - - - - @Override - public List processMacros(List yamlList, Map globalVariables, InstallationLogger installLog, Session session) { - Map initialVariables = getLocalVariables(yamlList, globalVariables, installLog, session); - return (List) transform(yamlList, initialVariables, installLog, session); - } - - private Map getLocalVariables(List yamlList, Map globalVariables, - InstallationLogger installLog, Session session) { - - Set initalGlobalVarNames = new HashSet<>(globalVariables.keySet()); - - // read variables that might be defined in global_config to global variables - Iterator topLevelIterator = yamlList.iterator(); - Object transformedGlobalConfig = null; - while (topLevelIterator.hasNext()) { - Object obj = topLevelIterator.next(); - if(obj instanceof Map) { - Map map = (Map) obj; - if(!map.isEmpty() && Constants.GLOBAL_CONFIGURATION_KEY.equals(map.keySet().iterator().next())) { - transformedGlobalConfig = transform(map, globalVariables, installLog, session); - topLevelIterator.remove(); - break; - } - } - } - if(transformedGlobalConfig != null) { - yamlList.add(0, (Map) transformedGlobalConfig); - } - - for (Entry globalVar : globalVariables.entrySet()) { - if(!initalGlobalVarNames.contains(globalVar.getKey())) { - installLog.addVerboseMessage(LOG, "Global DEF Statement: "+globalVar.getKey() + "="+globalVar.getValue()); - } - } - - Map localVariables = new LinkedHashMap(); - localVariables.putAll(globalVariables); - return localVariables; - } - - private Object transform(Object o, Map variables, InstallationLogger installLog, Session session) { - if (o == null) { - return null; - } else if (o instanceof String) { - String str = (String) o; - - Matcher variableDefMatcher = VARIABLE_DEF_PATTERN_ONE_LINE.matcher(str); - if (variableDefMatcher.find()) { - return evaluateDefStatementOneLine(variables, variableDefMatcher, installLog); - } - - Object result = elEvaluator.evaluateEl(str, Object.class, variables); - return result; - - } else if (o instanceof Boolean) { - return (Boolean) o; - - } else if (o instanceof List) { - List list = (List) o; - List transformedList = new LinkedList(); - for (Object val : list) { - Object transformedObject = transform(val, variables, installLog, session); - addToListWithPotentialUnfolding(transformedList, transformedObject); - } - return transformedList; - } else if (o instanceof Map) { - Map map = (Map) o; - Map resultMap = new LinkedHashMap(); - for (Object key : map.keySet()) { - Object objVal = map.get(key); - - String string = key.toString(); - Matcher forMatcher = FOR_LOOP_PATTERN.matcher(string); - if (forMatcher.matches()) { - // map is skipped and value returned directly - return evaluateForStatement(variables, objVal, forMatcher, installLog, session); - } - - Matcher ifMatcher = IF_PATTERN.matcher(string); - if (ifMatcher.matches()) { - // map is skipped and value returned directly - return evaluateIfStatement(variables, objVal, ifMatcher, installLog, session); - } - - Matcher complexVarDefMatcher = VARIABLE_DEF_PATTERN_COMPLEX_VAL_FROM_YAML.matcher(string); - if (complexVarDefMatcher.matches()) { - // map is skipped and value returned directly - return evaluateDefStatementComplex(variables, complexVarDefMatcher, objVal, installLog); - } - - // default: transform both key and value - Object transformedKey = transform(key, variables, installLog, session); - Object transformedVal = transform(objVal, variables, installLog, session); - if (transformedVal != null) { - resultMap.put(transformedKey, transformedVal); - } - - } - return resultMap; - } else { - throw new IllegalStateException("Unexpected class " + o.getClass() + " in object structure produced by yaml: " + o); - - } - } - - private Object evaluateDefStatementOneLine(Map variables, Matcher variableDefMatcher, InstallationLogger installLog) { - String varName = variableDefMatcher.group(1); - String varValueArr = variableDefMatcher.group(2); - String varValueStr = variableDefMatcher.group(4); - - Object varValueEvaluated; - if (varValueStr != null) { - varValueEvaluated = elEvaluator.evaluateEl(varValueStr, Object.class, variables); - } else if (varValueArr != null) { - List result = new ArrayList(); - - String[] arrayVals = varValueArr.split(COMMA_SEPARATED_LIST_SPLITTER); - for (String arrayVal : arrayVals) { - Object arrayValEvaluated = elEvaluator.evaluateEl(arrayVal, Object.class, variables); - result.add(arrayValEvaluated); - } - varValueEvaluated = result; - } else { - throw new IllegalStateException("None of the def value types were set even though RegEx matched"); - } - - if(variables.containsKey(varName)) { - installLog.addVerboseMessage(LOG, "Overwriting variable '"+varName + "' with "+varValueEvaluated); - } - variables.put(varName, varValueEvaluated); - return null; - } - - private Object evaluateDefStatementComplex(Map variables, Matcher variableDefMatcher, Object varComplexValueFromYaml, InstallationLogger installLog) { - String varName = variableDefMatcher.group(1); - if(variables.containsKey(varName)) { - installLog.addVerboseMessage(LOG, "Overwriting variable '"+varName + "' with "+varComplexValueFromYaml); - } - variables.put(varName, varComplexValueFromYaml); - return null; - } - - private Object evaluateForStatement(Map variables, Object objVal, Matcher forMatcher, - InstallationLogger installLog, Session session) { - String varName = StringUtils.trim(forMatcher.group(1)); - String withClause = StringUtils.trim(forMatcher.group(2)); - String valueOfInClause = StringUtils.trim(forMatcher.group(3)); - String pathOfChildrenOfClause = StringUtils.trim(forMatcher.group(4)); - String variableForInClause = StringUtils.trim(forMatcher.group(5)); - - List iterationValues; - if(valueOfInClause != null) { - iterationValues = Arrays.asList(valueOfInClause.split(COMMA_SEPARATED_LIST_SPLITTER)); - } else if(pathOfChildrenOfClause!=null) { - // allow variables in root path also - pathOfChildrenOfClause = elEvaluator.evaluateEl(pathOfChildrenOfClause, String.class, variables); - iterationValues = yamlMacroChildNodeObjectsProvider.getValuesForPath(pathOfChildrenOfClause, installLog, session, StringUtils.isNotBlank(withClause)); - } else if(variableForInClause!=null) { - iterationValues = elEvaluator.evaluateEl(variableForInClause, List.class, variables); - if(iterationValues == null) { - if(variableForInClause.contains(".") || variableForInClause.contains("[")) { - return null; - } else { - throw new IllegalStateException("LOOP over EL ${"+variableForInClause+"} is null"); - } - - } - } else { - throw new IllegalStateException("None of the loop type variables were set even though RegEx matched"); - } - - List toBeUnfoldedList = unfoldLoop(variables, objVal, varName, iterationValues, installLog, session); - - return toBeUnfoldedList; - } - - private Object evaluateIfStatement(Map variables, Object objVal, Matcher ifMatcher, - InstallationLogger installLog, Session session) { - String condition = ifMatcher.group(1).trim(); - - Boolean expressionIsTrue = elEvaluator.evaluateEl(condition, Boolean.class, variables); - - if (expressionIsTrue == null) { - installLog.addWarning(LOG, MessageFormatter.format("Expression {} evaluates to null, returning false", condition).getMessage()); - expressionIsTrue = false; - } - - List toBeUnfoldedList = unfoldIf(variables, objVal, expressionIsTrue, installLog, session); - - return toBeUnfoldedList; - } - - private void addToListWithPotentialUnfolding(List transformedList, Object transformedObject) { - if (transformedObject == null) { - return; // this happens for vars with DEF - those are evaluated already, entry must be left out - } else if (transformedObject instanceof ToBeUnfoldedList) { - // add entries individually (for for loops) - ToBeUnfoldedList toBeUnfoldedList = (ToBeUnfoldedList) transformedObject; - for (Object object : toBeUnfoldedList) { - transformedList.add(object); - } - } else { - // add transformed object as is - transformedList.add(transformedObject); - } - } - - private List unfoldLoop(Map variables, Object val, String varName, List varValues, - InstallationLogger installLog, Session session) { - List resultList = new ToBeUnfoldedList(); - - for (Object varValue : varValues) { - Map variablesAtThisScope = new HashMap(variables); - variablesAtThisScope.put(varName, varValue); - unfold(val, resultList, variablesAtThisScope, installLog, session); - - } - return resultList; - } - - private List unfoldIf(Map variables, Object val, boolean expressionIsTrue, - InstallationLogger installLog, Session session) { - List resultList = new ToBeUnfoldedList(); - if (expressionIsTrue) { - unfold(val, resultList, variables, installLog, session); - } // otherwise return empty list - - return resultList; - } - - private void unfold(Object val, List resultList, Map variablesAtThisScope, - InstallationLogger installLog, Session session) { - if (val instanceof List) { - List origList = (List) val; - for (Object origListItem : origList) { - Object transformedListItem = transform(origListItem, variablesAtThisScope, installLog, session); - addToListWithPotentialUnfolding(resultList, transformedListItem); - } - } else { - Object transformedListItem = transform(val, variablesAtThisScope, installLog, session); - addToListWithPotentialUnfolding(resultList, transformedListItem); - } - } - - // marker class - private class ToBeUnfoldedList extends LinkedList { - - } - - public static void main(String[] args) throws Exception { - Map userMap = new HashMap(); - userMap.put("x", new Integer(123)); - userMap.put("y", new Integer(456)); - userMap.put("TEST", "a long test value"); - - String expr = "x= ---- ${upperCase(splitByWholeSeparator(TEST,'long')[1])}"; - String val = new YamlMacroElEvaluator().evaluateEl(expr, String.class, userMap); - System.out.println("the value for " + expr + " =>> " + val); - - } - -} +package biz.netcentric.cq.tools.actool.configreader; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedHashMap; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Set; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import javax.jcr.Session; + +import org.apache.commons.lang3.StringUtils; +import org.osgi.service.component.annotations.Component; +import org.osgi.service.component.annotations.Reference; +import org.osgi.service.component.annotations.ReferencePolicyOption; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import biz.netcentric.cq.tools.actool.helper.Constants; +import biz.netcentric.cq.tools.actool.history.InstallationLogger; + +import org.slf4j.helpers.MessageFormatter; + +@Component +public class YamlMacroProcessorImpl implements YamlMacroProcessor { + + private static final Logger LOG = LoggerFactory.getLogger(YamlMacroProcessorImpl.class); + + private static final Pattern FOR_LOOP_PATTERN = Pattern.compile( + "for +(\\w+)( +with +content)? +in +(?:\\[([,/\\s\\w\\-\\.:]+)\\]|children +of +([^\\s]+)|(\\$\\{[^\\}]+\\}))", + Pattern.CASE_INSENSITIVE); + private static final Pattern IF_PATTERN = Pattern.compile("if +(\\$\\{[^\\}]+\\})", Pattern.CASE_INSENSITIVE); + + private static final String VARIABLE_DEF_BASE_PATTERN = "DEF +([a-z0-9_]+)="; + static final Pattern VARIABLE_DEF_PATTERN_COMPLEX_VAL_FROM_YAML = Pattern.compile(VARIABLE_DEF_BASE_PATTERN, Pattern.CASE_INSENSITIVE); + static final Pattern VARIABLE_DEF_PATTERN_ONE_LINE = Pattern.compile(VARIABLE_DEF_BASE_PATTERN+"(?:\\[(.+)\\]|(\"?)([^\"]*)(\\3))", + Pattern.CASE_INSENSITIVE); + + static final String COMMA_SEPARATED_LIST_SPLITTER = "\\s*,\\s*"; + + YamlMacroElEvaluator elEvaluator = new YamlMacroElEvaluator(); + + @Reference(policyOption = ReferencePolicyOption.GREEDY) + YamlMacroChildNodeObjectsProvider yamlMacroChildNodeObjectsProvider; + + + + @Override + public List processMacros(List yamlList, Map globalVariables, InstallationLogger installLog, Session session) { + Map initialVariables = getLocalVariables(yamlList, globalVariables, installLog, session); + return (List) transform(yamlList, initialVariables, installLog, session); + } + + private Map getLocalVariables(List yamlList, Map globalVariables, + InstallationLogger installLog, Session session) { + + Set initalGlobalVarNames = new HashSet<>(globalVariables.keySet()); + + // read variables that might be defined in global_config to global variables + Iterator topLevelIterator = yamlList.iterator(); + Object transformedGlobalConfig = null; + while (topLevelIterator.hasNext()) { + Object obj = topLevelIterator.next(); + if(obj instanceof Map) { + Map map = (Map) obj; + if(!map.isEmpty() && Constants.GLOBAL_CONFIGURATION_KEY.equals(map.keySet().iterator().next())) { + transformedGlobalConfig = transform(map, globalVariables, installLog, session); + topLevelIterator.remove(); + break; + } + } + } + if(transformedGlobalConfig != null) { + yamlList.add(0, (Map) transformedGlobalConfig); + } + + for (Entry globalVar : globalVariables.entrySet()) { + if(!initalGlobalVarNames.contains(globalVar.getKey())) { + installLog.addVerboseMessage(LOG, "Global DEF Statement: "+globalVar.getKey() + "="+globalVar.getValue()); + } + } + + Map localVariables = new LinkedHashMap(); + localVariables.putAll(globalVariables); + return localVariables; + } + + private Object transform(Object o, Map variables, InstallationLogger installLog, Session session) { + if (o == null) { + return null; + } else if (o instanceof String) { + String str = (String) o; + + Matcher variableDefMatcher = VARIABLE_DEF_PATTERN_ONE_LINE.matcher(str); + if (variableDefMatcher.find()) { + return evaluateDefStatementOneLine(variables, variableDefMatcher, installLog); + } + + Object result = elEvaluator.evaluateEl(str, Object.class, variables); + return result; + + } else if (o instanceof Boolean) { + return (Boolean) o; + + } else if (o instanceof List) { + List list = (List) o; + List transformedList = new LinkedList(); + for (Object val : list) { + Object transformedObject = transform(val, variables, installLog, session); + addToListWithPotentialUnfolding(transformedList, transformedObject); + } + return transformedList; + } else if (o instanceof Map) { + Map map = (Map) o; + Map resultMap = new LinkedHashMap(); + for (Object key : map.keySet()) { + Object objVal = map.get(key); + + String string = key.toString(); + Matcher forMatcher = FOR_LOOP_PATTERN.matcher(string); + if (forMatcher.matches()) { + // map is skipped and value returned directly + return evaluateForStatement(variables, objVal, forMatcher, installLog, session); + } + + Matcher ifMatcher = IF_PATTERN.matcher(string); + if (ifMatcher.matches()) { + // map is skipped and value returned directly + return evaluateIfStatement(variables, objVal, ifMatcher, installLog, session); + } + + Matcher complexVarDefMatcher = VARIABLE_DEF_PATTERN_COMPLEX_VAL_FROM_YAML.matcher(string); + if (complexVarDefMatcher.matches()) { + // map is skipped and value returned directly + return evaluateDefStatementComplex(variables, complexVarDefMatcher, objVal, installLog); + } + + // default: transform both key and value + Object transformedKey = transform(key, variables, installLog, session); + Object transformedVal = transform(objVal, variables, installLog, session); + if (transformedVal != null) { + resultMap.put(transformedKey, transformedVal); + } + + } + return resultMap; + } else { + throw new IllegalStateException("Unexpected class " + o.getClass() + " in object structure produced by yaml: " + o); + + } + } + + private Object evaluateDefStatementOneLine(Map variables, Matcher variableDefMatcher, InstallationLogger installLog) { + String varName = variableDefMatcher.group(1); + String varValueArr = variableDefMatcher.group(2); + String varValueStr = variableDefMatcher.group(4); + + Object varValueEvaluated; + if (varValueStr != null) { + varValueEvaluated = elEvaluator.evaluateEl(varValueStr, Object.class, variables); + } else if (varValueArr != null) { + List result = new ArrayList(); + + String[] arrayVals = varValueArr.split(COMMA_SEPARATED_LIST_SPLITTER); + for (String arrayVal : arrayVals) { + Object arrayValEvaluated = elEvaluator.evaluateEl(arrayVal, Object.class, variables); + result.add(arrayValEvaluated); + } + varValueEvaluated = result; + } else { + throw new IllegalStateException("None of the def value types were set even though RegEx matched"); + } + + if(variables.containsKey(varName)) { + installLog.addVerboseMessage(LOG, "Overwriting variable '"+varName + "' with "+varValueEvaluated); + } + variables.put(varName, varValueEvaluated); + return null; + } + + private Object evaluateDefStatementComplex(Map variables, Matcher variableDefMatcher, Object varComplexValueFromYaml, InstallationLogger installLog) { + String varName = variableDefMatcher.group(1); + if(variables.containsKey(varName)) { + installLog.addVerboseMessage(LOG, "Overwriting variable '"+varName + "' with "+varComplexValueFromYaml); + } + variables.put(varName, varComplexValueFromYaml); + return null; + } + + private Object evaluateForStatement(Map variables, Object objVal, Matcher forMatcher, + InstallationLogger installLog, Session session) { + String varName = StringUtils.trim(forMatcher.group(1)); + String withClause = StringUtils.trim(forMatcher.group(2)); + String valueOfInClause = StringUtils.trim(forMatcher.group(3)); + String pathOfChildrenOfClause = StringUtils.trim(forMatcher.group(4)); + String variableForInClause = StringUtils.trim(forMatcher.group(5)); + + List iterationValues; + if(valueOfInClause != null) { + iterationValues = Arrays.asList(valueOfInClause.split(COMMA_SEPARATED_LIST_SPLITTER)); + } else if(pathOfChildrenOfClause!=null) { + // allow variables in root path also + pathOfChildrenOfClause = elEvaluator.evaluateEl(pathOfChildrenOfClause, String.class, variables); + iterationValues = yamlMacroChildNodeObjectsProvider.getValuesForPath(pathOfChildrenOfClause, installLog, session, StringUtils.isNotBlank(withClause)); + } else if(variableForInClause!=null) { + iterationValues = elEvaluator.evaluateEl(variableForInClause, List.class, variables); + if(iterationValues == null) { + if(variableForInClause.contains(".") || variableForInClause.contains("[")) { + return null; + } else { + throw new IllegalStateException("LOOP over EL ${"+variableForInClause+"} is null"); + } + + } + } else { + throw new IllegalStateException("None of the loop type variables were set even though RegEx matched"); + } + + List toBeUnfoldedList = unfoldLoop(variables, objVal, varName, iterationValues, installLog, session); + + return toBeUnfoldedList; + } + + private Object evaluateIfStatement(Map variables, Object objVal, Matcher ifMatcher, + InstallationLogger installLog, Session session) { + String condition = ifMatcher.group(1).trim(); + + Boolean expressionIsTrue = elEvaluator.evaluateEl(condition, Boolean.class, variables); + + if (expressionIsTrue == null) { + installLog.addWarning(LOG, MessageFormatter.format("Expression {} evaluates to null, returning false", condition).getMessage()); + expressionIsTrue = false; + } + + List toBeUnfoldedList = unfoldIf(variables, objVal, expressionIsTrue, installLog, session); + + return toBeUnfoldedList; + } + + private void addToListWithPotentialUnfolding(List transformedList, Object transformedObject) { + if (transformedObject == null) { + return; // this happens for vars with DEF - those are evaluated already, entry must be left out + } else if (transformedObject instanceof ToBeUnfoldedList) { + // add entries individually (for for loops) + ToBeUnfoldedList toBeUnfoldedList = (ToBeUnfoldedList) transformedObject; + for (Object object : toBeUnfoldedList) { + transformedList.add(object); + } + } else { + // add transformed object as is + transformedList.add(transformedObject); + } + } + + private List unfoldLoop(Map variables, Object val, String varName, List varValues, + InstallationLogger installLog, Session session) { + List resultList = new ToBeUnfoldedList(); + + for (Object varValue : varValues) { + Map variablesAtThisScope = new HashMap(variables); + variablesAtThisScope.put(varName, varValue); + unfold(val, resultList, variablesAtThisScope, installLog, session); + + } + return resultList; + } + + private List unfoldIf(Map variables, Object val, boolean expressionIsTrue, + InstallationLogger installLog, Session session) { + List resultList = new ToBeUnfoldedList(); + if (expressionIsTrue) { + unfold(val, resultList, variables, installLog, session); + } // otherwise return empty list + + return resultList; + } + + private void unfold(Object val, List resultList, Map variablesAtThisScope, + InstallationLogger installLog, Session session) { + if (val instanceof List) { + List origList = (List) val; + for (Object origListItem : origList) { + Object transformedListItem = transform(origListItem, variablesAtThisScope, installLog, session); + addToListWithPotentialUnfolding(resultList, transformedListItem); + } + } else { + Object transformedListItem = transform(val, variablesAtThisScope, installLog, session); + addToListWithPotentialUnfolding(resultList, transformedListItem); + } + } + + // marker class + private class ToBeUnfoldedList extends LinkedList { + + } + + public static void main(String[] args) throws Exception { + Map userMap = new HashMap(); + userMap.put("x", new Integer(123)); + userMap.put("y", new Integer(456)); + userMap.put("TEST", "a long test value"); + + String expr = "x= ---- ${upperCase(splitByWholeSeparator(TEST,'long')[1])}"; + String val = new YamlMacroElEvaluator().evaluateEl(expr, String.class, userMap); + System.out.println("the value for " + expr + " =>> " + val); + + } + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configuploadlistener/UploadListenerService.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configuploadlistener/UploadListenerService.java index c36407b79..0fb5cb8a3 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configuploadlistener/UploadListenerService.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configuploadlistener/UploadListenerService.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.configuploadlistener; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.configuploadlistener; public interface UploadListenerService { } diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configuploadlistener/impl/UploadListenerServiceImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configuploadlistener/impl/UploadListenerServiceImpl.java index efce9beb0..ca0a18928 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configuploadlistener/impl/UploadListenerServiceImpl.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configuploadlistener/impl/UploadListenerServiceImpl.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.configuploadlistener.impl; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.configuploadlistener.impl; import java.util.ArrayList; import java.util.Date; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/crypto/DecryptionService.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/crypto/DecryptionService.java index 0b3c859a3..522838420 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/crypto/DecryptionService.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/crypto/DecryptionService.java @@ -1,21 +1,26 @@ -/* - * (C) Copyright 2019 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.crypto; - -/** Interface for decrypting encrypted text. - * This allows to decouple from a concrete (AEM-specific) interface like {@link com.adobe.granite.crypto.CryptoSupport} */ -public interface DecryptionService { - - /** - * Decrypts the given parameter in case it is encrypted. Otherwise returns the given parameter unmodified. - * @param text the potentially encrypted text - * @return the decrypted text - */ - public String decrypt(String text); -} +package biz.netcentric.cq.tools.actool.crypto; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +/** Interface for decrypting encrypted text. + * This allows to decouple from a concrete (AEM-specific) interface like {@link com.adobe.granite.crypto.CryptoSupport} */ +public interface DecryptionService { + + /** + * Decrypts the given parameter in case it is encrypted. Otherwise returns the given parameter unmodified. + * @param text the potentially encrypted text + * @return the decrypted text + */ + public String decrypt(String text); +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/crypto/SimpleDecryptionService.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/crypto/SimpleDecryptionService.java index 672d0176a..e8c918efa 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/crypto/SimpleDecryptionService.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/crypto/SimpleDecryptionService.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.crypto; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import org.osgi.service.component.annotations.Component; /** diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/AcDumpElement.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/AcDumpElement.java index 001f4f958..674216faf 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/AcDumpElement.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/AcDumpElement.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.dumpservice; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.dumpservice; public interface AcDumpElement { void accept(AcDumpElementVisitor acDumpElementVisitor); diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/AcDumpElementVisitor.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/AcDumpElementVisitor.java index cccd03214..080141839 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/AcDumpElementVisitor.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/AcDumpElementVisitor.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.dumpservice; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.dumpservice; import biz.netcentric.cq.tools.actool.configmodel.AceBean; import biz.netcentric.cq.tools.actool.configmodel.AuthorizableConfigBean; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/AcDumpElementYamlVisitor.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/AcDumpElementYamlVisitor.java index ed66acfae..af7da3512 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/AcDumpElementYamlVisitor.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/AcDumpElementYamlVisitor.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.dumpservice; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.dumpservice; import java.util.List; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/AceDumpData.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/AceDumpData.java index 3588d5d96..1899c02b0 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/AceDumpData.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/AceDumpData.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.dumpservice; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.dumpservice; import java.util.Map; import java.util.Set; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/CommentingDumpElement.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/CommentingDumpElement.java index 88424354b..a4876a6cb 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/CommentingDumpElement.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/CommentingDumpElement.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.dumpservice; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.dumpservice; public interface CommentingDumpElement { diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/CompleteAcDump.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/CompleteAcDump.java index 6d1564e65..b4f446b32 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/CompleteAcDump.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/CompleteAcDump.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.dumpservice; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.dumpservice; import java.util.Map; import java.util.Set; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/ConfigDumpService.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/ConfigDumpService.java index 58bc9350b..b318046ab 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/ConfigDumpService.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/ConfigDumpService.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.dumpservice; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.dumpservice; import java.io.IOException; import java.util.List; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/DumpComment.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/DumpComment.java index ac9936558..5de4fd32c 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/DumpComment.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/DumpComment.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.dumpservice; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.dumpservice; public class DumpComment implements CommentingDumpElement { String comment; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/DumpSectionElement.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/DumpSectionElement.java index c34dd597e..00e93ad8d 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/DumpSectionElement.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/DumpSectionElement.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.dumpservice; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.dumpservice; public class DumpSectionElement implements StructuralDumpElement { diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/MapKey.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/MapKey.java index 43f426cfc..bda4a90a7 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/MapKey.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/MapKey.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.dumpservice; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.dumpservice; public class MapKey implements StructuralDumpElement { diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/StructuralDumpElement.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/StructuralDumpElement.java index 7cb6c57ad..1a16f3781 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/StructuralDumpElement.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/StructuralDumpElement.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.dumpservice; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.dumpservice; public interface StructuralDumpElement { diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/impl/DumpServiceImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/impl/DumpServiceImpl.java index c3967976a..033f7ecdd 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/impl/DumpServiceImpl.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/dumpservice/impl/DumpServiceImpl.java @@ -1,12 +1,17 @@ -/* -d * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.dumpservice.impl; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.dumpservice.impl; import java.io.IOException; import java.util.ArrayList; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/externalusermanagement/ExternalGroupManagement.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/externalusermanagement/ExternalGroupManagement.java index 373b3d1ba..a026dada9 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/externalusermanagement/ExternalGroupManagement.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/externalusermanagement/ExternalGroupManagement.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.externalusermanagement; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.io.IOException; import java.util.Collection; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/healthcheck/LastRunSuccessHealthCheck.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/healthcheck/LastRunSuccessHealthCheck.java index 7637092c0..5b999799c 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/healthcheck/LastRunSuccessHealthCheck.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/healthcheck/LastRunSuccessHealthCheck.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2016 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.healthcheck; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.healthcheck; import java.util.Date; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/AcHelper.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/AcHelper.java index a59194de6..46fe524da 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/AcHelper.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/AcHelper.java @@ -1,186 +1,191 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.helper; - -import java.util.ArrayList; -import java.util.LinkedHashSet; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; -import java.util.Set; -import java.util.TreeMap; -import java.util.TreeSet; - -import javax.jcr.RepositoryException; -import javax.jcr.Value; -import javax.jcr.ValueFormatException; -import javax.jcr.security.AccessControlEntry; -import javax.jcr.security.AccessControlList; - -import org.apache.commons.lang3.StringUtils; -import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry; -import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import biz.netcentric.cq.tools.actool.comparators.AcePermissionComparator; -import biz.netcentric.cq.tools.actool.configmodel.AceBean; -import biz.netcentric.cq.tools.actool.configmodel.Restriction; - -public class AcHelper { - public static final Logger LOG = LoggerFactory.getLogger(AcHelper.class); - - private AcHelper() { - } - - /** By default ACEs with denies are sorted up to the top of the list, this follows the best practice to order denies always before - * allows - this makes by default allows always take precedence over denies. - * - * Denies should be used sparsely: Normally there is exactly one group that includes all deny-ACEs for to-be-secured content and many - * groups with allow-ACEs, that selectively allow what has been denied by the "global deny" group. - * - * For some special cases (e.g. when working with restrictions that limit a preceding allow) it is possible to specify "keepOrder=true", - * for those cases the natural order from the config file is kept when {@link #ACE_ORDER_ACTOOL_BEST_PRACTICE} is used. */ - public static int ACE_ORDER_ACTOOL_BEST_PRACTICE = 1; - - /** Retains order of ACEs in ACLs. */ - public static int ACE_ORDER_NONE = 2; - - /** Sorts ACEs in ACLs alphabetical. */ - public static int ACE_ORDER_ALPHABETICAL = 3; - - public static int PRINCIPAL_BASED_ORDER = 1; - public static int PATH_BASED_ORDER = 2; - - public static AceBean getAceBean(AccessControlEntry ace, AccessControlList acl) throws RepositoryException { - AceWrapper aceWrapper = new AceWrapper((JackrabbitAccessControlEntry) ace, ( (JackrabbitAccessControlList) acl).getPath()); - AceBean aceBean = AcHelper.getAceBean(aceWrapper); - return aceBean; - } - - public static AceBean getAceBean(final AceWrapper aceWrapper) - throws IllegalStateException, RepositoryException { - final AceBean aceBean = new AceBean(); - final JackrabbitAccessControlEntry ace = aceWrapper.getAce(); - - aceBean.setPermission(ace.isAllow() ? "allow" : "deny"); - aceBean.setJcrPath(aceWrapper.getJcrPath()); - aceBean.setPrincipalName(ace.getPrincipal().getName()); - aceBean.setPrivilegesString(aceWrapper.getPrivilegesString()); - - List restrictions = buildRestrictionsMap(ace); - aceBean.setRestrictions(restrictions); - return aceBean; - } - - private static List buildRestrictionsMap(final JackrabbitAccessControlEntry ace) throws RepositoryException { - final String[] restrictionNames = ace.getRestrictionNames(); - final List restrictionsList = new ArrayList(); - for (final String restrictionName : restrictionNames) { - final Value[] values = ace.getRestrictions(restrictionName); - String[] strValues = new String[values.length]; - for (int i = 0; i < strValues.length; i++) { - strValues[i] = values[i].getString(); - } - restrictionsList.add(new Restriction(restrictionName, strValues)); - } - return restrictionsList; - } - - public static String getBlankString(final int nrOfBlanks) { - return StringUtils.repeat(" ", nrOfBlanks); - } - - public static Map> getPathBasedAceMap(Set aceBeansFromConfig, int sorting) { - final Map> pathBasedAceMap = new TreeMap>(); - - for (final AceBean bean : aceBeansFromConfig) { - - // if there isn't already a path key in pathBasedAceMap create a - // new one and add new Set - // with current ACE as first entry - if (pathBasedAceMap.get(bean.getJcrPath()) == null) { - - Set aceSet = null; - if (sorting == AcHelper.ACE_ORDER_NONE) { - aceSet = new LinkedHashSet(); - } else if (sorting == AcHelper.ACE_ORDER_ACTOOL_BEST_PRACTICE) { - aceSet = new TreeSet(new AcePermissionComparator()); - } - - aceSet.add(bean); - pathBasedAceMap.put(bean.getJcrPath(), aceSet); - // add current ACE to Set - } else { - pathBasedAceMap.get(bean.getJcrPath()).add(bean); - } - } - - return pathBasedAceMap; - } - - /** changes a group based ACE map into a path based ACE map - * - * @param groupBasedAceMap the group based ace map - * @param sorting specifies whether ACEs get sorted by permissions (all denies followed by all allows) - * @return the path based ace map */ - public static Map> getPathBasedAceMap( - final Map> groupBasedAceMap, final int sorting) { - final Map> pathBasedAceMap = new TreeMap>(); - - // loop through all Sets of groupBasedAceMap - for (final Entry> entry : groupBasedAceMap.entrySet()) { - final String principal = entry.getKey(); - - // get current Set of current principal - final Set tmpSet = entry.getValue(); - - for (final AceBean bean : tmpSet) { - - // set current principal - bean.setPrincipalName(principal); - - // if there isn't already a path key in pathBasedAceMap create a - // new one and add new Set - // with current ACE as first entry - if (pathBasedAceMap.get(bean.getJcrPath()) == null) { - - Set aceSet = null; - if (sorting == AcHelper.ACE_ORDER_NONE) { - aceSet = new LinkedHashSet(); - } else if (sorting == AcHelper.ACE_ORDER_ACTOOL_BEST_PRACTICE) { - aceSet = new TreeSet(new AcePermissionComparator()); - } - - aceSet.add(bean); - pathBasedAceMap.put(bean.getJcrPath(), aceSet); - // add current ACE to Set - } else { - pathBasedAceMap.get(bean.getJcrPath()).add(bean); - } - } - } - return pathBasedAceMap; - } - - public static String valuesToString(Value[] propertyValues) throws RepositoryException { - if (propertyValues == null) { - return null; - } else if (propertyValues.length == 0) { - return null; - } else if (propertyValues.length == 1) { - return propertyValues[0].getString(); - } else { - throw new IllegalArgumentException( - "Unexpectedly received more than one value for a property that is expected to be non-multiple"); - } - } - - -} +package biz.netcentric.cq.tools.actool.helper; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import java.util.ArrayList; +import java.util.LinkedHashSet; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import java.util.Set; +import java.util.TreeMap; +import java.util.TreeSet; + +import javax.jcr.RepositoryException; +import javax.jcr.Value; +import javax.jcr.ValueFormatException; +import javax.jcr.security.AccessControlEntry; +import javax.jcr.security.AccessControlList; + +import org.apache.commons.lang3.StringUtils; +import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry; +import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import biz.netcentric.cq.tools.actool.comparators.AcePermissionComparator; +import biz.netcentric.cq.tools.actool.configmodel.AceBean; +import biz.netcentric.cq.tools.actool.configmodel.Restriction; + +public class AcHelper { + public static final Logger LOG = LoggerFactory.getLogger(AcHelper.class); + + private AcHelper() { + } + + /** By default ACEs with denies are sorted up to the top of the list, this follows the best practice to order denies always before + * allows - this makes by default allows always take precedence over denies. + * + * Denies should be used sparsely: Normally there is exactly one group that includes all deny-ACEs for to-be-secured content and many + * groups with allow-ACEs, that selectively allow what has been denied by the "global deny" group. + * + * For some special cases (e.g. when working with restrictions that limit a preceding allow) it is possible to specify "keepOrder=true", + * for those cases the natural order from the config file is kept when {@link #ACE_ORDER_ACTOOL_BEST_PRACTICE} is used. */ + public static int ACE_ORDER_ACTOOL_BEST_PRACTICE = 1; + + /** Retains order of ACEs in ACLs. */ + public static int ACE_ORDER_NONE = 2; + + /** Sorts ACEs in ACLs alphabetical. */ + public static int ACE_ORDER_ALPHABETICAL = 3; + + public static int PRINCIPAL_BASED_ORDER = 1; + public static int PATH_BASED_ORDER = 2; + + public static AceBean getAceBean(AccessControlEntry ace, AccessControlList acl) throws RepositoryException { + AceWrapper aceWrapper = new AceWrapper((JackrabbitAccessControlEntry) ace, ( (JackrabbitAccessControlList) acl).getPath()); + AceBean aceBean = AcHelper.getAceBean(aceWrapper); + return aceBean; + } + + public static AceBean getAceBean(final AceWrapper aceWrapper) + throws IllegalStateException, RepositoryException { + final AceBean aceBean = new AceBean(); + final JackrabbitAccessControlEntry ace = aceWrapper.getAce(); + + aceBean.setPermission(ace.isAllow() ? "allow" : "deny"); + aceBean.setJcrPath(aceWrapper.getJcrPath()); + aceBean.setPrincipalName(ace.getPrincipal().getName()); + aceBean.setPrivilegesString(aceWrapper.getPrivilegesString()); + + List restrictions = buildRestrictionsMap(ace); + aceBean.setRestrictions(restrictions); + return aceBean; + } + + private static List buildRestrictionsMap(final JackrabbitAccessControlEntry ace) throws RepositoryException { + final String[] restrictionNames = ace.getRestrictionNames(); + final List restrictionsList = new ArrayList(); + for (final String restrictionName : restrictionNames) { + final Value[] values = ace.getRestrictions(restrictionName); + String[] strValues = new String[values.length]; + for (int i = 0; i < strValues.length; i++) { + strValues[i] = values[i].getString(); + } + restrictionsList.add(new Restriction(restrictionName, strValues)); + } + return restrictionsList; + } + + public static String getBlankString(final int nrOfBlanks) { + return StringUtils.repeat(" ", nrOfBlanks); + } + + public static Map> getPathBasedAceMap(Set aceBeansFromConfig, int sorting) { + final Map> pathBasedAceMap = new TreeMap>(); + + for (final AceBean bean : aceBeansFromConfig) { + + // if there isn't already a path key in pathBasedAceMap create a + // new one and add new Set + // with current ACE as first entry + if (pathBasedAceMap.get(bean.getJcrPath()) == null) { + + Set aceSet = null; + if (sorting == AcHelper.ACE_ORDER_NONE) { + aceSet = new LinkedHashSet(); + } else if (sorting == AcHelper.ACE_ORDER_ACTOOL_BEST_PRACTICE) { + aceSet = new TreeSet(new AcePermissionComparator()); + } + + aceSet.add(bean); + pathBasedAceMap.put(bean.getJcrPath(), aceSet); + // add current ACE to Set + } else { + pathBasedAceMap.get(bean.getJcrPath()).add(bean); + } + } + + return pathBasedAceMap; + } + + /** changes a group based ACE map into a path based ACE map + * + * @param groupBasedAceMap the group based ace map + * @param sorting specifies whether ACEs get sorted by permissions (all denies followed by all allows) + * @return the path based ace map */ + public static Map> getPathBasedAceMap( + final Map> groupBasedAceMap, final int sorting) { + final Map> pathBasedAceMap = new TreeMap>(); + + // loop through all Sets of groupBasedAceMap + for (final Entry> entry : groupBasedAceMap.entrySet()) { + final String principal = entry.getKey(); + + // get current Set of current principal + final Set tmpSet = entry.getValue(); + + for (final AceBean bean : tmpSet) { + + // set current principal + bean.setPrincipalName(principal); + + // if there isn't already a path key in pathBasedAceMap create a + // new one and add new Set + // with current ACE as first entry + if (pathBasedAceMap.get(bean.getJcrPath()) == null) { + + Set aceSet = null; + if (sorting == AcHelper.ACE_ORDER_NONE) { + aceSet = new LinkedHashSet(); + } else if (sorting == AcHelper.ACE_ORDER_ACTOOL_BEST_PRACTICE) { + aceSet = new TreeSet(new AcePermissionComparator()); + } + + aceSet.add(bean); + pathBasedAceMap.put(bean.getJcrPath(), aceSet); + // add current ACE to Set + } else { + pathBasedAceMap.get(bean.getJcrPath()).add(bean); + } + } + } + return pathBasedAceMap; + } + + public static String valuesToString(Value[] propertyValues) throws RepositoryException { + if (propertyValues == null) { + return null; + } else if (propertyValues.length == 0) { + return null; + } else if (propertyValues.length == 1) { + return propertyValues[0].getString(); + } else { + throw new IllegalArgumentException( + "Unexpectedly received more than one value for a property that is expected to be non-multiple"); + } + } + + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/AccessControlUtils.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/AccessControlUtils.java index b117ce84d..f47a0831d 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/AccessControlUtils.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/AccessControlUtils.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.helper; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.helper; import java.security.Principal; import java.util.HashSet; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/AceWrapper.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/AceWrapper.java index 3649f4795..25a744d23 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/AceWrapper.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/AceWrapper.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.helper; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.helper; import javax.jcr.RepositoryException; import javax.jcr.Value; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/AclBean.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/AclBean.java index 630908a58..c8df52d96 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/AclBean.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/AclBean.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.helper; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.helper; import java.security.Principal; import java.text.Collator; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/Constants.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/Constants.java index d22cc0899..63276da51 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/Constants.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/Constants.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.helper; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.helper; import java.util.Arrays; import java.util.HashSet; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/ContentHelper.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/ContentHelper.java index a5d68870e..710ed431a 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/ContentHelper.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/ContentHelper.java @@ -1,309 +1,314 @@ -/* - * (C) Copyright 2016 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.helper; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.nio.charset.StandardCharsets; -import java.util.Arrays; -import java.util.Collection; -import java.util.Properties; -import java.util.Set; - -import javax.jcr.AccessDeniedException; -import javax.jcr.InvalidSerializedDataException; -import javax.jcr.ItemExistsException; -import javax.jcr.Node; -import javax.jcr.PathNotFoundException; -import javax.jcr.RepositoryException; -import javax.jcr.Session; -import javax.jcr.lock.LockException; -import javax.jcr.nodetype.ConstraintViolationException; -import javax.jcr.version.VersionException; - -import org.apache.commons.lang3.StringUtils; -import org.apache.jackrabbit.vault.fs.api.PathFilterSet; -import org.apache.jackrabbit.vault.fs.api.ProgressTrackerListener; -import org.apache.jackrabbit.vault.fs.api.VaultInputSource; -import org.apache.jackrabbit.vault.fs.config.ConfigurationException; -import org.apache.jackrabbit.vault.fs.config.DefaultMetaInf; -import org.apache.jackrabbit.vault.fs.config.DefaultWorkspaceFilter; -import org.apache.jackrabbit.vault.fs.config.MetaInf; -import org.apache.jackrabbit.vault.fs.config.VaultSettings; -import org.apache.jackrabbit.vault.fs.io.Archive; -import org.apache.jackrabbit.vault.fs.io.ImportOptions; -import org.apache.jackrabbit.vault.fs.io.Importer; -import org.apache.jackrabbit.vault.fs.io.SubArchive; -import org.apache.jackrabbit.vault.util.Constants; -import org.apache.jackrabbit.vault.util.Text; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import biz.netcentric.cq.tools.actool.configmodel.AceBean; -import biz.netcentric.cq.tools.actool.history.InstallationLogger; - -public class ContentHelper { - public static final Logger LOG = LoggerFactory.getLogger(ContentHelper.class); - - private ContentHelper() { - } - - public static boolean createInitialContent(final Session session, final InstallationLogger history, String path, - Set aceBeanSetFromConfig) throws RepositoryException, PathNotFoundException, ItemExistsException, - ConstraintViolationException, VersionException, InvalidSerializedDataException, LockException, AccessDeniedException { - - String initialContent = findInitialContentInConfigsForPath(aceBeanSetFromConfig, history); - if (StringUtils.isBlank(initialContent)) { - return false; - } else { - - try { - - String parentPath = Text.getRelativeParent(path, 1); - if (!session.nodeExists(parentPath)) { - history.incMissingParentPathsForInitialContent(); - history.addVerboseMessage(LOG, "Parent path " + parentPath + " missing for initial content at " + path); - return false; - } - - importContent(session, path, initialContent); - history.addMessage(LOG, "Created initial content for path " + path); - return true; - } catch (Exception e) { - history.addError(LOG, "Failed creating initial content for path " + path + ": " + e, e); - return false; - } - - } - } - - private static String findInitialContentInConfigsForPath(Set aceBeanSetFromConfig, InstallationLogger history) { - String initialContent = null; - for (AceBean aceBean : aceBeanSetFromConfig) { - String currentInitialContent = aceBean.getInitialContent(); - if (StringUtils.isNotBlank(currentInitialContent)) { - if (initialContent == null) { - initialContent = currentInitialContent; - } else { - // this should not happen as it is validated at YamlConfigurationsValidator#validateInitialContentForNoDuplic already - throw new IllegalStateException("Invalid Configuration: Path " + aceBean.getJcrPath() - + " defines initial content at two locations"); - } - } - } - return initialContent; - } - - public static void importContent(final Session session, final String path, - String contentXmlStr) throws RepositoryException { - String parentPath = Text.getRelativeParent(path, 1); - try { - session.getNode(parentPath); - } catch (PathNotFoundException e) { - throw new PathNotFoundException("Parent path " + parentPath + " for creating content at " + path + " does not exist", e); - } - - String rootElementStr = " getChildren() { - return child != null ? Arrays.asList(child) : null; - } - - @Override - public Entry getChild(String name) { - return (name != null && name.equals(child.getName())) ? child : null; - } - - } - - } - -} +package biz.netcentric.cq.tools.actool.helper; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.nio.charset.StandardCharsets; +import java.util.Arrays; +import java.util.Collection; +import java.util.Properties; +import java.util.Set; + +import javax.jcr.AccessDeniedException; +import javax.jcr.InvalidSerializedDataException; +import javax.jcr.ItemExistsException; +import javax.jcr.Node; +import javax.jcr.PathNotFoundException; +import javax.jcr.RepositoryException; +import javax.jcr.Session; +import javax.jcr.lock.LockException; +import javax.jcr.nodetype.ConstraintViolationException; +import javax.jcr.version.VersionException; + +import org.apache.commons.lang3.StringUtils; +import org.apache.jackrabbit.vault.fs.api.PathFilterSet; +import org.apache.jackrabbit.vault.fs.api.ProgressTrackerListener; +import org.apache.jackrabbit.vault.fs.api.VaultInputSource; +import org.apache.jackrabbit.vault.fs.config.ConfigurationException; +import org.apache.jackrabbit.vault.fs.config.DefaultMetaInf; +import org.apache.jackrabbit.vault.fs.config.DefaultWorkspaceFilter; +import org.apache.jackrabbit.vault.fs.config.MetaInf; +import org.apache.jackrabbit.vault.fs.config.VaultSettings; +import org.apache.jackrabbit.vault.fs.io.Archive; +import org.apache.jackrabbit.vault.fs.io.ImportOptions; +import org.apache.jackrabbit.vault.fs.io.Importer; +import org.apache.jackrabbit.vault.fs.io.SubArchive; +import org.apache.jackrabbit.vault.util.Constants; +import org.apache.jackrabbit.vault.util.Text; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import biz.netcentric.cq.tools.actool.configmodel.AceBean; +import biz.netcentric.cq.tools.actool.history.InstallationLogger; + +public class ContentHelper { + public static final Logger LOG = LoggerFactory.getLogger(ContentHelper.class); + + private ContentHelper() { + } + + public static boolean createInitialContent(final Session session, final InstallationLogger history, String path, + Set aceBeanSetFromConfig) throws RepositoryException, PathNotFoundException, ItemExistsException, + ConstraintViolationException, VersionException, InvalidSerializedDataException, LockException, AccessDeniedException { + + String initialContent = findInitialContentInConfigsForPath(aceBeanSetFromConfig, history); + if (StringUtils.isBlank(initialContent)) { + return false; + } else { + + try { + + String parentPath = Text.getRelativeParent(path, 1); + if (!session.nodeExists(parentPath)) { + history.incMissingParentPathsForInitialContent(); + history.addVerboseMessage(LOG, "Parent path " + parentPath + " missing for initial content at " + path); + return false; + } + + importContent(session, path, initialContent); + history.addMessage(LOG, "Created initial content for path " + path); + return true; + } catch (Exception e) { + history.addError(LOG, "Failed creating initial content for path " + path + ": " + e, e); + return false; + } + + } + } + + private static String findInitialContentInConfigsForPath(Set aceBeanSetFromConfig, InstallationLogger history) { + String initialContent = null; + for (AceBean aceBean : aceBeanSetFromConfig) { + String currentInitialContent = aceBean.getInitialContent(); + if (StringUtils.isNotBlank(currentInitialContent)) { + if (initialContent == null) { + initialContent = currentInitialContent; + } else { + // this should not happen as it is validated at YamlConfigurationsValidator#validateInitialContentForNoDuplic already + throw new IllegalStateException("Invalid Configuration: Path " + aceBean.getJcrPath() + + " defines initial content at two locations"); + } + } + } + return initialContent; + } + + public static void importContent(final Session session, final String path, + String contentXmlStr) throws RepositoryException { + String parentPath = Text.getRelativeParent(path, 1); + try { + session.getNode(parentPath); + } catch (PathNotFoundException e) { + throw new PathNotFoundException("Parent path " + parentPath + " for creating content at " + path + " does not exist", e); + } + + String rootElementStr = " getChildren() { + return child != null ? Arrays.asList(child) : null; + } + + @Override + public Entry getChild(String name) { + return (name != null && name.equals(child.getName())) ? child : null; + } + + } + + } + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/PurgeHelper.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/PurgeHelper.java index f93a478a7..93a225932 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/PurgeHelper.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/PurgeHelper.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.helper; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.helper; import javax.jcr.Node; import javax.jcr.NodeIterator; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/QueryHelper.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/QueryHelper.java index aec7bb83c..0ce343779 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/QueryHelper.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/QueryHelper.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.helper; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.helper; import static biz.netcentric.cq.tools.actool.history.impl.PersistableInstallationLogger.msHumanReadable; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/RestrictionsHolder.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/RestrictionsHolder.java index f54bbb115..0fa8f7f32 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/RestrictionsHolder.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/RestrictionsHolder.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.helper; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/UncheckedRepositoryException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/UncheckedRepositoryException.java index b5726e925..7137346a2 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/UncheckedRepositoryException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/UncheckedRepositoryException.java @@ -8,6 +8,19 @@ */ package biz.netcentric.cq.tools.actool.helper; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.util.Objects; import javax.jcr.RepositoryException; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/runtime/RuntimeHelper.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/runtime/RuntimeHelper.java index c3e3c3621..aec9ef859 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/runtime/RuntimeHelper.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/runtime/RuntimeHelper.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.helper.runtime; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import javax.jcr.Node; import javax.jcr.Session; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/AcHistoryService.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/AcHistoryService.java index f08ac56c5..d1476e443 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/AcHistoryService.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/AcHistoryService.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.history; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.history; import java.util.List; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/AcToolExecution.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/AcToolExecution.java index 44a1240be..7bedee58e 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/AcToolExecution.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/AcToolExecution.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.history; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.util.Date; import org.osgi.annotation.versioning.ProviderType; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/InstallationListener.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/InstallationListener.java index c4abbc3c6..b7d2cf325 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/InstallationListener.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/InstallationListener.java @@ -1,12 +1,18 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * + +package biz.netcentric.cq.tools.actool.history; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.history; import org.osgi.annotation.versioning.ConsumerType; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/InstallationLogger.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/InstallationLogger.java index 9af37ff81..6a04f073b 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/InstallationLogger.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/InstallationLogger.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.history; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import org.slf4j.Logger; import biz.netcentric.cq.tools.actool.api.InstallationLog; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/AcHistoryServiceImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/AcHistoryServiceImpl.java index fc88f90e0..7d86f5ba6 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/AcHistoryServiceImpl.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/AcHistoryServiceImpl.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.history.impl; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.history.impl; import java.io.ByteArrayInputStream; import java.io.File; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/AcToolExecutionImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/AcToolExecutionImpl.java index bb1f34cba..59fcaee72 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/AcToolExecutionImpl.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/AcToolExecutionImpl.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.history.impl; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.util.Date; import org.apache.commons.lang3.StringUtils; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/HistoryUtils.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/HistoryUtils.java index ee1a563b8..43717577b 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/HistoryUtils.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/HistoryUtils.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.history.impl; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.history.impl; import java.io.ByteArrayInputStream; import java.io.IOException; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/HtmlConstants.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/HtmlConstants.java index 54d620bfa..89e115164 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/HtmlConstants.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/HtmlConstants.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.history.impl; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.history.impl; public final class HtmlConstants { diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/PersistableInstallationLogger.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/PersistableInstallationLogger.java index 9906b0af7..bb6d87c0a 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/PersistableInstallationLogger.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/PersistableInstallationLogger.java @@ -1,12 +1,18 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * + +package biz.netcentric.cq.tools.actool.history.impl; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.history.impl; import java.sql.Timestamp; import java.text.DateFormat; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/ProgressTrackerListenerInstallationLogger.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/ProgressTrackerListenerInstallationLogger.java index bdc3b944b..e24d0173b 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/ProgressTrackerListenerInstallationLogger.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/impl/ProgressTrackerListenerInstallationLogger.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.history.impl; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.util.Objects; import org.apache.jackrabbit.vault.fs.api.ProgressTrackerListener; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/AcConfigChangeTracker.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/AcConfigChangeTracker.java index f8b369058..7700a11c7 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/AcConfigChangeTracker.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/AcConfigChangeTracker.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.impl; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.util.Map; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/AcInstallationServiceImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/AcInstallationServiceImpl.java index 63c116e76..a849fc1bf 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/AcInstallationServiceImpl.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/AcInstallationServiceImpl.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.impl; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.impl; import static biz.netcentric.cq.tools.actool.helper.Constants.PRINCIPAL_EVERYONE; import static biz.netcentric.cq.tools.actool.history.impl.PersistableInstallationLogger.msHumanReadable; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/AcInstallationServiceInternal.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/AcInstallationServiceInternal.java index 21c76a342..125ede409 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/AcInstallationServiceInternal.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/AcInstallationServiceInternal.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.impl; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.impl; import java.util.Map; import java.util.Set; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/Activator.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/Activator.java index 3a2e3e04f..3e17e6866 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/Activator.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/Activator.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.impl; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.util.Dictionary; import java.util.Hashtable; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/JcrInstallUrlHandler.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/JcrInstallUrlHandler.java index 38d922f7e..8295e23cc 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/JcrInstallUrlHandler.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/JcrInstallUrlHandler.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.impl; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.io.IOException; import java.io.InputStream; import java.net.URL; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/IMSUserManagement.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/IMSUserManagement.java index d4ff93bfb..b892485c7 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/IMSUserManagement.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/IMSUserManagement.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.ims; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStreamReader; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/ActionCommand.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/ActionCommand.java index bdedb62c0..83fc2e021 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/ActionCommand.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/ActionCommand.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.ims.request; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.util.Collection; import java.util.LinkedList; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/AddMembershipStep.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/AddMembershipStep.java index 02dc579dd..ddcdbac13 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/AddMembershipStep.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/AddMembershipStep.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.ims.request; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.util.Set; import com.fasterxml.jackson.annotation.JsonInclude; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/CreateGroupStep.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/CreateGroupStep.java index 07773e776..8407e286b 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/CreateGroupStep.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/CreateGroupStep.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.ims.request; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonInclude.Include; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/Step.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/Step.java index 89c07875a..52bd7d492 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/Step.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/Step.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.ims.request; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import com.fasterxml.jackson.annotation.JsonSubTypes; import com.fasterxml.jackson.annotation.JsonSubTypes.Type; import com.fasterxml.jackson.annotation.JsonTypeInfo; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/UserGroupActionCommand.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/UserGroupActionCommand.java index 4ea84d38b..c2945aeb7 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/UserGroupActionCommand.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/request/UserGroupActionCommand.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.ims.request; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import com.fasterxml.jackson.annotation.JsonProperty; public class UserGroupActionCommand extends ActionCommand { diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/AccessToken.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/AccessToken.java index c60272d75..017b0a037 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/AccessToken.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/AccessToken.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.ims.response; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/ActionCommandError.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/ActionCommandError.java index d75dde745..1aec7432c 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/ActionCommandError.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/ActionCommandError.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.ims.response; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/ActionCommandIssue.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/ActionCommandIssue.java index 6e6981d1c..bdc7f4981 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/ActionCommandIssue.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/ActionCommandIssue.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.ims.response; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonProperty; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/ActionCommandResponse.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/ActionCommandResponse.java index 244e9de07..119aba886 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/ActionCommandResponse.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/ActionCommandResponse.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.ims.response; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.util.Collections; import java.util.List; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/ActionCommandWarning.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/ActionCommandWarning.java index 2cb2aaca6..8782252af 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/ActionCommandWarning.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ims/response/ActionCommandWarning.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.ims.response; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonProperty; @@ -18,4 +31,4 @@ public String toString() { return "ActionCommandWarning [warningCode=" + warningCode + ", requestID=" + requestID + ", index=" + index + ", step=" + step + ", message=" + message + ", user=" + user + "]"; } -} \ No newline at end of file +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/AcToolInstallHook.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/AcToolInstallHook.java index d6a85b325..288e5f78a 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/AcToolInstallHook.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/AcToolInstallHook.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.installhook; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.installhook; import org.apache.jackrabbit.vault.fs.api.ProgressTrackerListener; import org.apache.jackrabbit.vault.packaging.InstallContext; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/AcToolInstallHookService.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/AcToolInstallHookService.java index 142f385bb..5f8febf44 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/AcToolInstallHookService.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/AcToolInstallHookService.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.installhook; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.installhook; import javax.jcr.Session; @@ -23,4 +28,4 @@ public InstallationResult installYamlFilesFromPackage(VaultPackage archive, Sess ProgressTrackerListener progressTrackerListener) throws Exception; -} \ No newline at end of file +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/OsgiAwareInstallHook.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/OsgiAwareInstallHook.java index fbc69f276..d0d6ec552 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/OsgiAwareInstallHook.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/OsgiAwareInstallHook.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.installhook; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.installhook; import org.apache.jackrabbit.vault.fs.api.ProgressTrackerListener; import org.apache.jackrabbit.vault.packaging.InstallHook; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/impl/AcToolInstallHookServiceImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/impl/AcToolInstallHookServiceImpl.java index dd981a703..14a960f8d 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/impl/AcToolInstallHookServiceImpl.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/impl/AcToolInstallHookServiceImpl.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.installhook.impl; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.installhook.impl; import java.util.ArrayList; import java.util.List; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/package-info.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/package-info.java index ba7dcdb61..3c88494b0 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/package-info.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/installhook/package-info.java @@ -1,12 +1,18 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * + +@Version("3.0.0") +package biz.netcentric.cq.tools.actool.installhook; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -@Version("3.0.0") -package biz.netcentric.cq.tools.actool.installhook; import org.osgi.annotation.versioning.Version; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/jmx/AceServiceMBean.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/jmx/AceServiceMBean.java index 48c7579de..8e8e37d33 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/jmx/AceServiceMBean.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/jmx/AceServiceMBean.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.jmx; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.jmx; import javax.jcr.RepositoryException; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/jmx/AceServiceMBeanImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/jmx/AceServiceMBeanImpl.java index f9a23222d..37b7815ee 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/jmx/AceServiceMBeanImpl.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/jmx/AceServiceMBeanImpl.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.jmx; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.jmx; import java.util.List; import java.util.Set; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/slingsettings/ExtendedSlingSettingsService.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/slingsettings/ExtendedSlingSettingsService.java index aae197c95..fc1f8c835 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/slingsettings/ExtendedSlingSettingsService.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/slingsettings/ExtendedSlingSettingsService.java @@ -8,6 +8,19 @@ */ package biz.netcentric.cq.tools.actool.slingsettings; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.util.Set; /** AC Tool SlingSettingsService in a way that also returns dev/stage/prod runmodes at runtime in the cloud. */ diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/slingsettings/ExtendedSlingSettingsServiceImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/slingsettings/ExtendedSlingSettingsServiceImpl.java index 1e1ec5a4e..448e1a573 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/slingsettings/ExtendedSlingSettingsServiceImpl.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/slingsettings/ExtendedSlingSettingsServiceImpl.java @@ -8,6 +8,19 @@ */ package biz.netcentric.cq.tools.actool.slingsettings; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.util.Arrays; import java.util.Collection; import java.util.HashSet; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/AcToolTouchUiServlet.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/AcToolTouchUiServlet.java index ffdf8da03..82c4342ac 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/AcToolTouchUiServlet.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/AcToolTouchUiServlet.java @@ -8,6 +8,19 @@ */ package biz.netcentric.cq.tools.actool.ui; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.io.IOException; import java.util.Iterator; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/AcToolUiService.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/AcToolUiService.java index 5a0394128..6c5e6fbda 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/AcToolUiService.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/AcToolUiService.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.ui; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import static org.apache.commons.lang3.StringEscapeUtils.escapeHtml4; import java.io.IOException; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/AcToolWebconsolePlugin.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/AcToolWebconsolePlugin.java index ddcde33fe..f849329d6 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/AcToolWebconsolePlugin.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/AcToolWebconsolePlugin.java @@ -8,6 +8,19 @@ */ package biz.netcentric.cq.tools.actool.ui; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.io.IOException; import javax.servlet.Servlet; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/HtmlWriter.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/HtmlWriter.java index 0a4de2ab8..164880291 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/HtmlWriter.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/HtmlWriter.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.ui; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import static org.apache.commons.lang3.StringEscapeUtils.escapeHtml4; import java.io.PrintWriter; @@ -77,4 +90,4 @@ void tableHeader(String title, int colspan) { tableHeader(title, colspan, true); } -} \ No newline at end of file +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/WebConsoleConfigTracker.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/WebConsoleConfigTracker.java index c3564ebd9..09bf17bdb 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/WebConsoleConfigTracker.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/ui/WebConsoleConfigTracker.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.ui; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.io.IOException; import java.util.Dictionary; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/user/UserProcessor.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/user/UserProcessor.java index 61eb4d553..218659312 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/user/UserProcessor.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/user/UserProcessor.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.user; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.util.function.Consumer; import javax.jcr.RepositoryException; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/user/impl/UserProcessorImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/user/impl/UserProcessorImpl.java index 816915e30..2b40bddc9 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/user/impl/UserProcessorImpl.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/user/impl/UserProcessorImpl.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.user.impl; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.util.Iterator; import java.util.Spliterator; import java.util.Spliterators; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/AceBeanValidator.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/AceBeanValidator.java index a7c80a674..391f4c8aa 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/AceBeanValidator.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/AceBeanValidator.java @@ -1,20 +1,25 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators; - -import javax.jcr.security.AccessControlManager; - -import biz.netcentric.cq.tools.actool.configmodel.AceBean; -import biz.netcentric.cq.tools.actool.validators.exceptions.AcConfigBeanValidationException; - -public interface AceBeanValidator { - - boolean validate(final AceBean aceBean, AccessControlManager accessControlManager) throws AcConfigBeanValidationException; - -} +package biz.netcentric.cq.tools.actool.validators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import javax.jcr.security.AccessControlManager; + +import biz.netcentric.cq.tools.actool.configmodel.AceBean; +import biz.netcentric.cq.tools.actool.validators.exceptions.AcConfigBeanValidationException; + +public interface AceBeanValidator { + + boolean validate(final AceBean aceBean, AccessControlManager accessControlManager) throws AcConfigBeanValidationException; + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/AuthorizableValidator.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/AuthorizableValidator.java index b79c23a59..4076f1221 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/AuthorizableValidator.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/AuthorizableValidator.java @@ -1,20 +1,25 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators; - -import biz.netcentric.cq.tools.actool.configmodel.AuthorizableConfigBean; -import biz.netcentric.cq.tools.actool.validators.exceptions.AcConfigBeanValidationException; - -public interface AuthorizableValidator { - - public boolean validate(AuthorizableConfigBean authorizableConfigBean) throws AcConfigBeanValidationException; - - public void disable(); - -} +package biz.netcentric.cq.tools.actool.validators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import biz.netcentric.cq.tools.actool.configmodel.AuthorizableConfigBean; +import biz.netcentric.cq.tools.actool.validators.exceptions.AcConfigBeanValidationException; + +public interface AuthorizableValidator { + + public boolean validate(AuthorizableConfigBean authorizableConfigBean) throws AcConfigBeanValidationException; + + public void disable(); + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/ConfigurationsValidator.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/ConfigurationsValidator.java index 529ac1399..8db5a55fe 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/ConfigurationsValidator.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/ConfigurationsValidator.java @@ -1,54 +1,59 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators; - -import java.util.Set; - -import biz.netcentric.cq.tools.actool.configmodel.AceBean; - -public interface ConfigurationsValidator { - - /** - * Method that checks if a group in the current configuration file was - * already defined in another configuration file which has been already - * processed - * - * @param authorizablesFromAllConfig - * set holding all names of groups of all config files which have - * already been processed - * @param authorizablesFromCurrentConfig - * set holding all names of the groups from the current - * configuration - * @param configPath - * repository path of current config - */ - public abstract void validateDuplicateAuthorizables(Set authorizablesFromAllConfig, - Set authorizablesFromCurrentConfig, String configPath) - throws IllegalArgumentException; - - /** - * Method that checks if only valid configuration section identifiers (group - * (and optional users) and ACE) exist in the current configuration file - */ - public abstract void validateSectionIdentifiers( - Set sectionIdentifiers, String filePath) - throws IllegalArgumentException; - - /** Checks that no duplicate initialContent property is set - * - * @param aceMapFromAllConfigs */ - public abstract void validateInitialContentForNoDuplicates(Set aceMapFromAllConfigs) throws IllegalArgumentException; - - /** Checks that keepOrder=true must be specified in one file for one given path (to ensure the natural order for an ACL can not span - * multiple files, include order of multiple files may vary) */ - public abstract void validateKeepOrder(Set aceMapFromAllConfigs, - Set aceBeansFromCurrentConfig, - String sourceFile); - -} \ No newline at end of file +package biz.netcentric.cq.tools.actool.validators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import java.util.Set; + +import biz.netcentric.cq.tools.actool.configmodel.AceBean; + +public interface ConfigurationsValidator { + + /** + * Method that checks if a group in the current configuration file was + * already defined in another configuration file which has been already + * processed + * + * @param authorizablesFromAllConfig + * set holding all names of groups of all config files which have + * already been processed + * @param authorizablesFromCurrentConfig + * set holding all names of the groups from the current + * configuration + * @param configPath + * repository path of current config + */ + public abstract void validateDuplicateAuthorizables(Set authorizablesFromAllConfig, + Set authorizablesFromCurrentConfig, String configPath) + throws IllegalArgumentException; + + /** + * Method that checks if only valid configuration section identifiers (group + * (and optional users) and ACE) exist in the current configuration file + */ + public abstract void validateSectionIdentifiers( + Set sectionIdentifiers, String filePath) + throws IllegalArgumentException; + + /** Checks that no duplicate initialContent property is set + * + * @param aceMapFromAllConfigs */ + public abstract void validateInitialContentForNoDuplicates(Set aceMapFromAllConfigs) throws IllegalArgumentException; + + /** Checks that keepOrder=true must be specified in one file for one given path (to ensure the natural order for an ACL can not span + * multiple files, include order of multiple files may vary) */ + public abstract void validateKeepOrder(Set aceMapFromAllConfigs, + Set aceBeansFromCurrentConfig, + String sourceFile); + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/ExternalGroupsInIsMemberOfValidator.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/ExternalGroupsInIsMemberOfValidator.java index 0797f2fbd..5c512530f 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/ExternalGroupsInIsMemberOfValidator.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/ExternalGroupsInIsMemberOfValidator.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2024 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.validators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.validators; import java.util.Arrays; import java.util.LinkedList; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/GlobalConfigurationValidator.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/GlobalConfigurationValidator.java index a9032e52d..6e3a06f64 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/GlobalConfigurationValidator.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/GlobalConfigurationValidator.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.validators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.validators; import org.osgi.framework.FrameworkUtil; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/ObsoleteAuthorizablesValidator.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/ObsoleteAuthorizablesValidator.java index ec46e550c..13ad9410d 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/ObsoleteAuthorizablesValidator.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/ObsoleteAuthorizablesValidator.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2016 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.validators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.validators; import java.util.Set; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/UnmangedExternalMemberRelationshipChecker.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/UnmangedExternalMemberRelationshipChecker.java index fbd73826e..4d97c0ea8 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/UnmangedExternalMemberRelationshipChecker.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/UnmangedExternalMemberRelationshipChecker.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.validators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.validators; import java.util.regex.Pattern; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/Validators.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/Validators.java index 439b9607b..c23642930 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/Validators.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/Validators.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.validators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.validators; import java.util.List; import java.util.regex.Pattern; diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/YamlConfigurationsValidator.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/YamlConfigurationsValidator.java index 34107b871..59d6c6247 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/YamlConfigurationsValidator.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/YamlConfigurationsValidator.java @@ -1,130 +1,135 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators; - -import java.util.LinkedHashSet; -import java.util.Map; -import java.util.Set; - -import org.apache.commons.collections4.CollectionUtils; -import org.apache.commons.lang3.StringUtils; - -import biz.netcentric.cq.tools.actool.configmodel.AceBean; -import biz.netcentric.cq.tools.actool.helper.AcHelper; -import biz.netcentric.cq.tools.actool.helper.Constants; - -public class YamlConfigurationsValidator implements ConfigurationsValidator { - - /* - * (non-Javadoc) - * - * @see biz.netcentric.cq.tools.actool.validators.ConfigurationsValidator# validateDoubleGroups(java.util.Set, java.util.Set, - * java.lang.String) - */ - @Override - public void validateDuplicateAuthorizables(final Set groupsFromAllConfig, - final Set groupsFromCurrentConfig, final String configPath) - throws IllegalArgumentException { - - if (CollectionUtils.containsAny(groupsFromAllConfig, - groupsFromCurrentConfig)) { - String errorMessage = "Already defined authorizable: "; - - // find the name of the doubled defined group and add it to error - // message - for (String group : groupsFromCurrentConfig) { - if (groupsFromAllConfig.contains(group)) { - errorMessage = errorMessage + group - + " found in configuration file: " + configPath - + "!"; - errorMessage += " This authorizable was already defined in another configuration file on the system!"; - break; - } - } - throw new IllegalArgumentException(errorMessage); - } - } - - /* - * (non-Javadoc) - * - * @see biz.netcentric.cq.tools.actool.validators.ConfigurationsValidator# validateSectionIdentifiers(java.util.Set, java.lang.String) - */ - @Override - public void validateSectionIdentifiers( - final Set sectionIdentifiers, final String filePath) - throws IllegalArgumentException { - - // check for invalid section identifiers - - if (!Constants.VALID_CONFIG_SECTION_IDENTIFIERS - .containsAll(sectionIdentifiers)) { - - for (String identifier : sectionIdentifiers) { - if (!Constants.VALID_CONFIG_SECTION_IDENTIFIERS - .contains(identifier)) { - throw new IllegalArgumentException( - "invalid section identifier: " - + identifier - + " in configuration file: " - + filePath - + "\n" - + "valid configuration section identifiers are: " - + Constants.VALID_CONFIG_SECTION_IDENTIFIERS); - } - } - } - } - - @Override - public void validateInitialContentForNoDuplicates(Set aceBeansFromConfig) - throws IllegalArgumentException { - - Map> pathBasedAceMapFromConfig = AcHelper - .getPathBasedAceMap(aceBeansFromConfig, AcHelper.ACE_ORDER_ACTOOL_BEST_PRACTICE); - - for (String path : pathBasedAceMapFromConfig.keySet()) { - Set aceBeanSet = pathBasedAceMapFromConfig.get(path); - String initialContent = null; - for (AceBean aceBean : aceBeanSet) { - if (StringUtils.isNotBlank(aceBean.getInitialContent())) { - if (initialContent == null) { - initialContent = aceBean.getInitialContent(); - } else { - throw new IllegalArgumentException("Duplicate 'initialContent' for path " + path); - } - } - } - } - } - - @Override - public void validateKeepOrder(Set aceBeansFromAllConfigs, Set aceBeansFromCurrentConfig, - String sourceFile) { - - Set pathsWithKeepOrderSet = new LinkedHashSet(); - for (AceBean aceBean : aceBeansFromAllConfigs) { - if (aceBean.isKeepOrder()) { - pathsWithKeepOrderSet.add(aceBean.getJcrPath()); - } - } - - if (aceBeansFromCurrentConfig != null) { - for (AceBean aceBean : aceBeansFromCurrentConfig) { - if (aceBean.isKeepOrder() && pathsWithKeepOrderSet.contains(aceBean.getJcrPath())) { - throw new IllegalArgumentException( - "If keepOrder=true is used, the ACE definitions for one particular path must only be defined in one source file (ACE for " - + aceBean.getJcrPath() + " and group " + aceBean.getAuthorizableId() + " as defined in " + sourceFile - + " was defined before) "); - } - } - } - - } -} +package biz.netcentric.cq.tools.actool.validators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import java.util.LinkedHashSet; +import java.util.Map; +import java.util.Set; + +import org.apache.commons.collections4.CollectionUtils; +import org.apache.commons.lang3.StringUtils; + +import biz.netcentric.cq.tools.actool.configmodel.AceBean; +import biz.netcentric.cq.tools.actool.helper.AcHelper; +import biz.netcentric.cq.tools.actool.helper.Constants; + +public class YamlConfigurationsValidator implements ConfigurationsValidator { + + /* + * (non-Javadoc) + * + * @see biz.netcentric.cq.tools.actool.validators.ConfigurationsValidator# validateDoubleGroups(java.util.Set, java.util.Set, + * java.lang.String) + */ + @Override + public void validateDuplicateAuthorizables(final Set groupsFromAllConfig, + final Set groupsFromCurrentConfig, final String configPath) + throws IllegalArgumentException { + + if (CollectionUtils.containsAny(groupsFromAllConfig, + groupsFromCurrentConfig)) { + String errorMessage = "Already defined authorizable: "; + + // find the name of the doubled defined group and add it to error + // message + for (String group : groupsFromCurrentConfig) { + if (groupsFromAllConfig.contains(group)) { + errorMessage = errorMessage + group + + " found in configuration file: " + configPath + + "!"; + errorMessage += " This authorizable was already defined in another configuration file on the system!"; + break; + } + } + throw new IllegalArgumentException(errorMessage); + } + } + + /* + * (non-Javadoc) + * + * @see biz.netcentric.cq.tools.actool.validators.ConfigurationsValidator# validateSectionIdentifiers(java.util.Set, java.lang.String) + */ + @Override + public void validateSectionIdentifiers( + final Set sectionIdentifiers, final String filePath) + throws IllegalArgumentException { + + // check for invalid section identifiers + + if (!Constants.VALID_CONFIG_SECTION_IDENTIFIERS + .containsAll(sectionIdentifiers)) { + + for (String identifier : sectionIdentifiers) { + if (!Constants.VALID_CONFIG_SECTION_IDENTIFIERS + .contains(identifier)) { + throw new IllegalArgumentException( + "invalid section identifier: " + + identifier + + " in configuration file: " + + filePath + + "\n" + + "valid configuration section identifiers are: " + + Constants.VALID_CONFIG_SECTION_IDENTIFIERS); + } + } + } + } + + @Override + public void validateInitialContentForNoDuplicates(Set aceBeansFromConfig) + throws IllegalArgumentException { + + Map> pathBasedAceMapFromConfig = AcHelper + .getPathBasedAceMap(aceBeansFromConfig, AcHelper.ACE_ORDER_ACTOOL_BEST_PRACTICE); + + for (String path : pathBasedAceMapFromConfig.keySet()) { + Set aceBeanSet = pathBasedAceMapFromConfig.get(path); + String initialContent = null; + for (AceBean aceBean : aceBeanSet) { + if (StringUtils.isNotBlank(aceBean.getInitialContent())) { + if (initialContent == null) { + initialContent = aceBean.getInitialContent(); + } else { + throw new IllegalArgumentException("Duplicate 'initialContent' for path " + path); + } + } + } + } + } + + @Override + public void validateKeepOrder(Set aceBeansFromAllConfigs, Set aceBeansFromCurrentConfig, + String sourceFile) { + + Set pathsWithKeepOrderSet = new LinkedHashSet(); + for (AceBean aceBean : aceBeansFromAllConfigs) { + if (aceBean.isKeepOrder()) { + pathsWithKeepOrderSet.add(aceBean.getJcrPath()); + } + } + + if (aceBeansFromCurrentConfig != null) { + for (AceBean aceBean : aceBeansFromCurrentConfig) { + if (aceBean.isKeepOrder() && pathsWithKeepOrderSet.contains(aceBean.getJcrPath())) { + throw new IllegalArgumentException( + "If keepOrder=true is used, the ACE definitions for one particular path must only be defined in one source file (ACE for " + + aceBean.getJcrPath() + " and group " + aceBean.getAuthorizableId() + " as defined in " + sourceFile + + " was defined before) "); + } + } + } + + } +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/AcConfigBeanValidationException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/AcConfigBeanValidationException.java index 3a81a65f4..bd023b4b6 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/AcConfigBeanValidationException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/AcConfigBeanValidationException.java @@ -1,19 +1,24 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators.exceptions; - -public class AcConfigBeanValidationException extends Exception { - public AcConfigBeanValidationException(String message) { - super(message); - } - - public AcConfigBeanValidationException(String message, Throwable cause) { - super(message, cause); - } -} +package biz.netcentric.cq.tools.actool.validators.exceptions; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +public class AcConfigBeanValidationException extends Exception { + public AcConfigBeanValidationException(String message) { + super(message); + } + + public AcConfigBeanValidationException(String message, Throwable cause) { + super(message, cause); + } +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/DoubledDefinedActionException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/DoubledDefinedActionException.java index c2b7da8d0..133a27c45 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/DoubledDefinedActionException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/DoubledDefinedActionException.java @@ -1,18 +1,23 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators.exceptions; - -public class DoubledDefinedActionException extends - AcConfigBeanValidationException { - - public DoubledDefinedActionException(String message) { - super(message); - } - -} +package biz.netcentric.cq.tools.actool.validators.exceptions; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +public class DoubledDefinedActionException extends + AcConfigBeanValidationException { + + public DoubledDefinedActionException(String message) { + super(message); + } + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/DoubledDefinedJcrPrivilegeException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/DoubledDefinedJcrPrivilegeException.java index db363457b..37ac3e8b1 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/DoubledDefinedJcrPrivilegeException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/DoubledDefinedJcrPrivilegeException.java @@ -1,18 +1,23 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators.exceptions; - -public class DoubledDefinedJcrPrivilegeException extends - AcConfigBeanValidationException { - - public DoubledDefinedJcrPrivilegeException(String message) { - super(message); - } - -} +package biz.netcentric.cq.tools.actool.validators.exceptions; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +public class DoubledDefinedJcrPrivilegeException extends + AcConfigBeanValidationException { + + public DoubledDefinedJcrPrivilegeException(String message) { + super(message); + } + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidActionException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidActionException.java index fb386b09b..0c670688e 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidActionException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidActionException.java @@ -1,15 +1,20 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators.exceptions; - -public class InvalidActionException extends AcConfigBeanValidationException { - public InvalidActionException(String message) { - super(message); - } -} +package biz.netcentric.cq.tools.actool.validators.exceptions; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +public class InvalidActionException extends AcConfigBeanValidationException { + public InvalidActionException(String message) { + super(message); + } +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidAuthorizableException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidAuthorizableException.java index afd6f7649..ca13a765d 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidAuthorizableException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidAuthorizableException.java @@ -1,20 +1,25 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators.exceptions; - -public class InvalidAuthorizableException extends AcConfigBeanValidationException { - - public InvalidAuthorizableException(String message) { - super(message); - } - - public InvalidAuthorizableException(String message, Throwable cause) { - super(message, cause); - } -} +package biz.netcentric.cq.tools.actool.validators.exceptions; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +public class InvalidAuthorizableException extends AcConfigBeanValidationException { + + public InvalidAuthorizableException(String message) { + super(message); + } + + public InvalidAuthorizableException(String message, Throwable cause) { + super(message, cause); + } +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidExternalGroupUsageValidationException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidExternalGroupUsageValidationException.java index d1fe982db..82ade384c 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidExternalGroupUsageValidationException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidExternalGroupUsageValidationException.java @@ -1,19 +1,24 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators.exceptions; - -public class InvalidExternalGroupUsageValidationException extends AcConfigBeanValidationException { - public InvalidExternalGroupUsageValidationException(String message) { - super(message); - } - - public InvalidExternalGroupUsageValidationException(String message, Throwable cause) { - super(message, cause); - } -} +package biz.netcentric.cq.tools.actool.validators.exceptions; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +public class InvalidExternalGroupUsageValidationException extends AcConfigBeanValidationException { + public InvalidExternalGroupUsageValidationException(String message) { + super(message); + } + + public InvalidExternalGroupUsageValidationException(String message, Throwable cause) { + super(message, cause); + } +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidGroupNameException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidGroupNameException.java index 70b6946e9..17d5cefdb 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidGroupNameException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidGroupNameException.java @@ -1,17 +1,22 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators.exceptions; - -public class InvalidGroupNameException extends AcConfigBeanValidationException { - - public InvalidGroupNameException(String message) { - super(message); - } - -} +package biz.netcentric.cq.tools.actool.validators.exceptions; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +public class InvalidGroupNameException extends AcConfigBeanValidationException { + + public InvalidGroupNameException(String message) { + super(message); + } + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidIntermediatePathException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidIntermediatePathException.java index 342222e93..e3d9e716e 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidIntermediatePathException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidIntermediatePathException.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.validators.exceptions; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + public class InvalidIntermediatePathException extends AcConfigBeanValidationException { diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidJcrPrivilegeException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidJcrPrivilegeException.java index a511efe84..3289497a3 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidJcrPrivilegeException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidJcrPrivilegeException.java @@ -1,18 +1,23 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators.exceptions; - -public class InvalidJcrPrivilegeException extends - AcConfigBeanValidationException { - - public InvalidJcrPrivilegeException(String message) { - super(message); - } - -} +package biz.netcentric.cq.tools.actool.validators.exceptions; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +public class InvalidJcrPrivilegeException extends + AcConfigBeanValidationException { + + public InvalidJcrPrivilegeException(String message) { + super(message); + } + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidPathException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidPathException.java index 61b831ebb..19aa0ca7f 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidPathException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidPathException.java @@ -1,17 +1,22 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators.exceptions; - -public class InvalidPathException extends AcConfigBeanValidationException { - - public InvalidPathException(String message) { - super(message); - } - -} +package biz.netcentric.cq.tools.actool.validators.exceptions; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +public class InvalidPathException extends AcConfigBeanValidationException { + + public InvalidPathException(String message) { + super(message); + } + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidPermissionException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidPermissionException.java index e2dc51196..6750f4d2d 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidPermissionException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidPermissionException.java @@ -1,17 +1,22 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators.exceptions; - -public class InvalidPermissionException extends AcConfigBeanValidationException { - - public InvalidPermissionException(String message) { - super(message); - } - -} +package biz.netcentric.cq.tools.actool.validators.exceptions; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +public class InvalidPermissionException extends AcConfigBeanValidationException { + + public InvalidPermissionException(String message) { + super(message); + } + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidRepGlobException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidRepGlobException.java index 186018853..91aa24207 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidRepGlobException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidRepGlobException.java @@ -1,17 +1,22 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators.exceptions; - -public class InvalidRepGlobException extends AcConfigBeanValidationException { - - public InvalidRepGlobException(String message) { - super(message); - } - -} +package biz.netcentric.cq.tools.actool.validators.exceptions; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +public class InvalidRepGlobException extends AcConfigBeanValidationException { + + public InvalidRepGlobException(String message) { + super(message); + } + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidRestrictionsException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidRestrictionsException.java index 7f2dda6eb..0a8487625 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidRestrictionsException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidRestrictionsException.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.validators.exceptions; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + public class InvalidRestrictionsException extends AcConfigBeanValidationException { public InvalidRestrictionsException(String message) { diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidYamlException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidYamlException.java index 68df6a063..8f0d75ee5 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidYamlException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/InvalidYamlException.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.validators.exceptions; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + public class InvalidYamlException extends AcConfigBeanValidationException { public InvalidYamlException(String message, Throwable cause) { diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/NoActionOrPrivilegeDefinedException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/NoActionOrPrivilegeDefinedException.java index 96379d34e..3a94bcb74 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/NoActionOrPrivilegeDefinedException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/NoActionOrPrivilegeDefinedException.java @@ -1,18 +1,23 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators.exceptions; - -public class NoActionOrPrivilegeDefinedException extends - AcConfigBeanValidationException { - - public NoActionOrPrivilegeDefinedException(String message) { - super(message); - } - -} +package biz.netcentric.cq.tools.actool.validators.exceptions; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +public class NoActionOrPrivilegeDefinedException extends + AcConfigBeanValidationException { + + public NoActionOrPrivilegeDefinedException(String message) { + super(message); + } + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/NoGroupDefinedException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/NoGroupDefinedException.java index 69389f4b8..940815a3d 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/NoGroupDefinedException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/NoGroupDefinedException.java @@ -1,17 +1,22 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators.exceptions; - -public class NoGroupDefinedException extends AcConfigBeanValidationException { - - public NoGroupDefinedException(String message) { - super(message); - } - -} +package biz.netcentric.cq.tools.actool.validators.exceptions; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +public class NoGroupDefinedException extends AcConfigBeanValidationException { + + public NoGroupDefinedException(String message) { + super(message); + } + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/NoListOnTopLevelException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/NoListOnTopLevelException.java index eb8f44018..266401636 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/NoListOnTopLevelException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/NoListOnTopLevelException.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.validators.exceptions; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + public class NoListOnTopLevelException extends AcConfigBeanValidationException { public NoListOnTopLevelException(String message, Throwable cause) { diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/TooManyActionsException.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/TooManyActionsException.java index 6ac94ea59..014703a0a 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/TooManyActionsException.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/exceptions/TooManyActionsException.java @@ -1,15 +1,20 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators.exceptions; - -public class TooManyActionsException extends AcConfigBeanValidationException { - public TooManyActionsException(String message) { - super(message); - } -} +package biz.netcentric.cq.tools.actool.validators.exceptions; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +public class TooManyActionsException extends AcConfigBeanValidationException { + public TooManyActionsException(String message) { + super(message); + } +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/impl/AceBeanValidatorImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/impl/AceBeanValidatorImpl.java index d696dd05b..ab2922531 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/impl/AceBeanValidatorImpl.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/impl/AceBeanValidatorImpl.java @@ -1,311 +1,316 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators.impl; - -import java.util.Arrays; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import javax.jcr.AccessDeniedException; -import javax.jcr.RepositoryException; -import javax.jcr.security.AccessControlManager; - -import org.apache.commons.lang3.StringUtils; -import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import biz.netcentric.cq.tools.actool.aem.AcToolCqActions; -import biz.netcentric.cq.tools.actool.configmodel.AceBean; -import biz.netcentric.cq.tools.actool.configmodel.Restriction; -import biz.netcentric.cq.tools.actool.helper.AccessControlUtils; -import biz.netcentric.cq.tools.actool.validators.AceBeanValidator; -import biz.netcentric.cq.tools.actool.validators.Validators; -import biz.netcentric.cq.tools.actool.validators.exceptions.AcConfigBeanValidationException; -import biz.netcentric.cq.tools.actool.validators.exceptions.DoubledDefinedActionException; -import biz.netcentric.cq.tools.actool.validators.exceptions.DoubledDefinedJcrPrivilegeException; -import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidActionException; -import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidGroupNameException; -import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidJcrPrivilegeException; -import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidPathException; -import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidPermissionException; -import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidRepGlobException; -import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidRestrictionsException; -import biz.netcentric.cq.tools.actool.validators.exceptions.NoActionOrPrivilegeDefinedException; -import biz.netcentric.cq.tools.actool.validators.exceptions.NoGroupDefinedException; -import biz.netcentric.cq.tools.actool.validators.exceptions.TooManyActionsException; - -public class AceBeanValidatorImpl implements AceBeanValidator { - private static final Logger LOG = LoggerFactory.getLogger(AceBeanValidatorImpl.class); - - private long currentBeanCounter = 0; - private AceBean aceBean; - private Set authorizableIdsFromCurrentConfig; - - private String previousAuthorizableId; - - public AceBeanValidatorImpl(Set authorizableIdsFromCurrentConfig) { - this.authorizableIdsFromCurrentConfig = authorizableIdsFromCurrentConfig; - } - - public AceBeanValidatorImpl() { - } - - @Override - public boolean validate(final AceBean aceBean, AccessControlManager aclManager) - throws AcConfigBeanValidationException { - - this.aceBean = aceBean; - return validate(aclManager); - } - - private boolean validate(AccessControlManager aclManager) throws AcConfigBeanValidationException { - - if (this.aceBean.isInitialContentOnlyConfig()) { - return true; - } - - maintainBeanCounter(); - - validateAuthorizableId(); - validateAcePath(); - - // either actions or privileges are required - boolean isActionDefined = validateActions(); - boolean isPrivilegeDefined = validatePrivileges(aclManager); - - validatePermission(this.aceBean); - - // either action(s) or permission(s) or both have to be defined! - final boolean isActionOrPrivilegeDefined = isActionDefined || isPrivilegeDefined; - - final boolean hasInitialContent = StringUtils.isNotBlank(this.aceBean.getInitialContent()); - - if (!isActionOrPrivilegeDefined && !hasInitialContent) { - final String errorMessage = getBeanDescription(this.currentBeanCounter, - this.aceBean.getAuthorizableId()) - + ", no actions or privileges defined" - + "! Installation aborted!"; - LOG.error(errorMessage); - throw new NoActionOrPrivilegeDefinedException(errorMessage); - } - - validateRestrictions(this.aceBean, aclManager); - - return true; - } - - private void maintainBeanCounter() { - if (StringUtils.equals(aceBean.getAuthorizableId(), previousAuthorizableId)) { - this.currentBeanCounter++; - } else { - this.currentBeanCounter = 1; - } - previousAuthorizableId = aceBean.getAuthorizableId(); - } - - private boolean validateRestrictions(final AceBean tmpAceBean, final AccessControlManager aclManager) - throws InvalidRepGlobException, InvalidRestrictionsException { - boolean valid = true; - - final List restrictions = tmpAceBean.getRestrictions(); - if (restrictions.isEmpty()) { - return true; - } - - final Set restrictionNamesFromAceBean = new HashSet(); - for (Restriction restriction : restrictions) { - restrictionNamesFromAceBean.add(restriction.getName()); - } - - final Set allowedRestrictionNames = getSupportedRestrictions(aclManager); - - if (!allowedRestrictionNames.containsAll(restrictionNamesFromAceBean)) { - restrictionNamesFromAceBean.removeAll(allowedRestrictionNames); - valid = false; - final String errorMessage = getBeanDescription(this.currentBeanCounter, - tmpAceBean.getAuthorizableId()) - + ", this repository doesn't support following restriction(s): " - + restrictionNamesFromAceBean; - throw new InvalidRestrictionsException(errorMessage); - } - - return valid; - } - - private Set getSupportedRestrictions(final AccessControlManager aclManager) - throws InvalidRepGlobException { - Set allowedRestrictions = new HashSet<>(); - try { - final JackrabbitAccessControlList jacl = getJackrabbitAccessControlList(aclManager); - allowedRestrictions = new HashSet<>(Arrays.asList(jacl.getRestrictionNames())); - } catch (final RepositoryException e) { - throw new InvalidRepGlobException("Could not get restriction names from ACL of path: " + this.aceBean.getJcrPath()); - } - return allowedRestrictions; - } - - private JackrabbitAccessControlList getJackrabbitAccessControlList(final AccessControlManager aclManager) throws RepositoryException, AccessDeniedException { - JackrabbitAccessControlList jacl = null; - // don't check paths containing wildcards - if(!this.aceBean.getJcrPath().contains("*")){ - jacl = AccessControlUtils.getModifiableAcl(aclManager, this.aceBean.getJcrPath()); - } - if(jacl == null){ - // root as fallback - jacl = AccessControlUtils.getModifiableAcl(aclManager, "/"); - } - return jacl; - } - - private boolean validatePermission(final AceBean tmpAclBean) throws InvalidPermissionException { - - final String permission = tmpAclBean.getPermission(); - if (StringUtils.isNotBlank(this.aceBean.getInitialContent()) && StringUtils.isBlank(permission)) { - return true; - } - - if (Validators.isValidPermission(permission)) { - tmpAclBean.setPermission(permission); - } else { - final String errorMessage = getBeanDescription(this.currentBeanCounter, - tmpAclBean.getAuthorizableId()) + ", invalid permission: '" + permission + "'"; - LOG.error(errorMessage); - throw new InvalidPermissionException(errorMessage); - } - return true; - } - - private boolean validateActions() throws InvalidActionException, TooManyActionsException, DoubledDefinedActionException { - final String principal = aceBean.getAuthorizableId(); - - final String[] actions = aceBean.getActions(); - - if (actions == null || actions.length == 0) { - return false; - } - - if (actions.length > AcToolCqActions.CqActions.values().length) { - final String errorMessage = getBeanDescription(this.currentBeanCounter, - principal) + " too many actions defined!"; - LOG.error(errorMessage); - throw new TooManyActionsException(errorMessage); - } - final Set actionsSet = new HashSet(); - for (int i = 0; i < actions.length; i++) { - - // remove leading and trailing blanks from action name - actions[i] = StringUtils.strip(actions[i]); - - if (!Validators.isValidAction(actions[i])) { - final String errorMessage = getBeanDescription( - this.currentBeanCounter, principal) - + ", invalid action: " + actions[i]; - LOG.error(errorMessage); - throw new InvalidActionException(errorMessage); - } - if (!actionsSet.add(actions[i])) { - final String errorMessage = getBeanDescription( - this.currentBeanCounter, principal) - + ", doubled defined action: " + actions[i]; - LOG.error(errorMessage); - throw new DoubledDefinedActionException(errorMessage); - } - } - aceBean.setActions(actions); - - return true; - } - - public boolean validatePrivileges(AccessControlManager aclManager) - throws InvalidJcrPrivilegeException, DoubledDefinedJcrPrivilegeException { - final String currentEntryValue = aceBean.getPrivilegesString(); - - if (!StringUtils.isNotBlank(currentEntryValue)) { - return false; - } - final String[] privileges = currentEntryValue.split(","); - final Set privilegesSet = new HashSet(); - - for (int i = 0; i < privileges.length; i++) { - - // remove leading and trailing blanks from privilege name - privileges[i] = StringUtils.strip(privileges[i]); - - if (!Validators.isValidJcrPrivilege(privileges[i], aclManager)) { - final String errorMessage = getBeanDescription( - this.currentBeanCounter, aceBean.getAuthorizableId()) - + ", invalid jcr privilege: " + privileges[i]; - LOG.error(errorMessage); - throw new InvalidJcrPrivilegeException(errorMessage); - } - if (!privilegesSet.add(privileges[i])) { - final String errorMessage = getBeanDescription( - this.currentBeanCounter, aceBean.getAuthorizableId()) - + ", doubled defined jcr privilege: " + privileges[i]; - LOG.error(errorMessage); - throw new DoubledDefinedJcrPrivilegeException(errorMessage); - } - } - aceBean.setPrivilegesString(currentEntryValue); - - return true; - } - - - private boolean validateAcePath() throws InvalidPathException { - boolean isPathDefined = false; - final String currentEntryValue = aceBean.getJcrPath(); - if (Validators.isValidNodePath(currentEntryValue)) { - aceBean.setJcrPath(currentEntryValue); - isPathDefined = true; - } else { - final String errorMessage = getBeanDescription(this.currentBeanCounter, - aceBean.getAuthorizableId()) + ", invalid path: " + currentEntryValue; - LOG.error(errorMessage); - throw new InvalidPathException(errorMessage); - } - return isPathDefined; - } - - - private boolean validateAuthorizableId() throws NoGroupDefinedException, InvalidGroupNameException { - boolean valid = true; - final String authorizableId = aceBean.getAuthorizableId(); - // validate authorizable name format - if (Validators.isValidAuthorizableId(authorizableId)) { - - // validate if authorizable is contained in config - if (!authorizableIdsFromCurrentConfig.contains(authorizableId)) { - final String message = getBeanDescription(this.currentBeanCounter, - authorizableId) + " is not defined in group configuration"; - throw new NoGroupDefinedException(message); - } - aceBean.setAuthorizableId(authorizableId); - } else { - valid = false; - final String errorMessage = getBeanDescription(this.currentBeanCounter, - authorizableId) - + authorizableId - + ", invalid authorizable name: " - + authorizableId; - LOG.error(errorMessage); - throw new InvalidGroupNameException(errorMessage); - - } - return valid; - } - - private String getBeanDescription(long beanCounter, String authorizableId) { - return "Validation error while reading ACE definition nr." + beanCounter + " of authorizable " + authorizableId; - } - - -} +package biz.netcentric.cq.tools.actool.validators.impl; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import java.util.Arrays; +import java.util.HashSet; +import java.util.List; +import java.util.Set; + +import javax.jcr.AccessDeniedException; +import javax.jcr.RepositoryException; +import javax.jcr.security.AccessControlManager; + +import org.apache.commons.lang3.StringUtils; +import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import biz.netcentric.cq.tools.actool.aem.AcToolCqActions; +import biz.netcentric.cq.tools.actool.configmodel.AceBean; +import biz.netcentric.cq.tools.actool.configmodel.Restriction; +import biz.netcentric.cq.tools.actool.helper.AccessControlUtils; +import biz.netcentric.cq.tools.actool.validators.AceBeanValidator; +import biz.netcentric.cq.tools.actool.validators.Validators; +import biz.netcentric.cq.tools.actool.validators.exceptions.AcConfigBeanValidationException; +import biz.netcentric.cq.tools.actool.validators.exceptions.DoubledDefinedActionException; +import biz.netcentric.cq.tools.actool.validators.exceptions.DoubledDefinedJcrPrivilegeException; +import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidActionException; +import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidGroupNameException; +import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidJcrPrivilegeException; +import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidPathException; +import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidPermissionException; +import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidRepGlobException; +import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidRestrictionsException; +import biz.netcentric.cq.tools.actool.validators.exceptions.NoActionOrPrivilegeDefinedException; +import biz.netcentric.cq.tools.actool.validators.exceptions.NoGroupDefinedException; +import biz.netcentric.cq.tools.actool.validators.exceptions.TooManyActionsException; + +public class AceBeanValidatorImpl implements AceBeanValidator { + private static final Logger LOG = LoggerFactory.getLogger(AceBeanValidatorImpl.class); + + private long currentBeanCounter = 0; + private AceBean aceBean; + private Set authorizableIdsFromCurrentConfig; + + private String previousAuthorizableId; + + public AceBeanValidatorImpl(Set authorizableIdsFromCurrentConfig) { + this.authorizableIdsFromCurrentConfig = authorizableIdsFromCurrentConfig; + } + + public AceBeanValidatorImpl() { + } + + @Override + public boolean validate(final AceBean aceBean, AccessControlManager aclManager) + throws AcConfigBeanValidationException { + + this.aceBean = aceBean; + return validate(aclManager); + } + + private boolean validate(AccessControlManager aclManager) throws AcConfigBeanValidationException { + + if (this.aceBean.isInitialContentOnlyConfig()) { + return true; + } + + maintainBeanCounter(); + + validateAuthorizableId(); + validateAcePath(); + + // either actions or privileges are required + boolean isActionDefined = validateActions(); + boolean isPrivilegeDefined = validatePrivileges(aclManager); + + validatePermission(this.aceBean); + + // either action(s) or permission(s) or both have to be defined! + final boolean isActionOrPrivilegeDefined = isActionDefined || isPrivilegeDefined; + + final boolean hasInitialContent = StringUtils.isNotBlank(this.aceBean.getInitialContent()); + + if (!isActionOrPrivilegeDefined && !hasInitialContent) { + final String errorMessage = getBeanDescription(this.currentBeanCounter, + this.aceBean.getAuthorizableId()) + + ", no actions or privileges defined" + + "! Installation aborted!"; + LOG.error(errorMessage); + throw new NoActionOrPrivilegeDefinedException(errorMessage); + } + + validateRestrictions(this.aceBean, aclManager); + + return true; + } + + private void maintainBeanCounter() { + if (StringUtils.equals(aceBean.getAuthorizableId(), previousAuthorizableId)) { + this.currentBeanCounter++; + } else { + this.currentBeanCounter = 1; + } + previousAuthorizableId = aceBean.getAuthorizableId(); + } + + private boolean validateRestrictions(final AceBean tmpAceBean, final AccessControlManager aclManager) + throws InvalidRepGlobException, InvalidRestrictionsException { + boolean valid = true; + + final List restrictions = tmpAceBean.getRestrictions(); + if (restrictions.isEmpty()) { + return true; + } + + final Set restrictionNamesFromAceBean = new HashSet(); + for (Restriction restriction : restrictions) { + restrictionNamesFromAceBean.add(restriction.getName()); + } + + final Set allowedRestrictionNames = getSupportedRestrictions(aclManager); + + if (!allowedRestrictionNames.containsAll(restrictionNamesFromAceBean)) { + restrictionNamesFromAceBean.removeAll(allowedRestrictionNames); + valid = false; + final String errorMessage = getBeanDescription(this.currentBeanCounter, + tmpAceBean.getAuthorizableId()) + + ", this repository doesn't support following restriction(s): " + + restrictionNamesFromAceBean; + throw new InvalidRestrictionsException(errorMessage); + } + + return valid; + } + + private Set getSupportedRestrictions(final AccessControlManager aclManager) + throws InvalidRepGlobException { + Set allowedRestrictions = new HashSet<>(); + try { + final JackrabbitAccessControlList jacl = getJackrabbitAccessControlList(aclManager); + allowedRestrictions = new HashSet<>(Arrays.asList(jacl.getRestrictionNames())); + } catch (final RepositoryException e) { + throw new InvalidRepGlobException("Could not get restriction names from ACL of path: " + this.aceBean.getJcrPath()); + } + return allowedRestrictions; + } + + private JackrabbitAccessControlList getJackrabbitAccessControlList(final AccessControlManager aclManager) throws RepositoryException, AccessDeniedException { + JackrabbitAccessControlList jacl = null; + // don't check paths containing wildcards + if(!this.aceBean.getJcrPath().contains("*")){ + jacl = AccessControlUtils.getModifiableAcl(aclManager, this.aceBean.getJcrPath()); + } + if(jacl == null){ + // root as fallback + jacl = AccessControlUtils.getModifiableAcl(aclManager, "/"); + } + return jacl; + } + + private boolean validatePermission(final AceBean tmpAclBean) throws InvalidPermissionException { + + final String permission = tmpAclBean.getPermission(); + if (StringUtils.isNotBlank(this.aceBean.getInitialContent()) && StringUtils.isBlank(permission)) { + return true; + } + + if (Validators.isValidPermission(permission)) { + tmpAclBean.setPermission(permission); + } else { + final String errorMessage = getBeanDescription(this.currentBeanCounter, + tmpAclBean.getAuthorizableId()) + ", invalid permission: '" + permission + "'"; + LOG.error(errorMessage); + throw new InvalidPermissionException(errorMessage); + } + return true; + } + + private boolean validateActions() throws InvalidActionException, TooManyActionsException, DoubledDefinedActionException { + final String principal = aceBean.getAuthorizableId(); + + final String[] actions = aceBean.getActions(); + + if (actions == null || actions.length == 0) { + return false; + } + + if (actions.length > AcToolCqActions.CqActions.values().length) { + final String errorMessage = getBeanDescription(this.currentBeanCounter, + principal) + " too many actions defined!"; + LOG.error(errorMessage); + throw new TooManyActionsException(errorMessage); + } + final Set actionsSet = new HashSet(); + for (int i = 0; i < actions.length; i++) { + + // remove leading and trailing blanks from action name + actions[i] = StringUtils.strip(actions[i]); + + if (!Validators.isValidAction(actions[i])) { + final String errorMessage = getBeanDescription( + this.currentBeanCounter, principal) + + ", invalid action: " + actions[i]; + LOG.error(errorMessage); + throw new InvalidActionException(errorMessage); + } + if (!actionsSet.add(actions[i])) { + final String errorMessage = getBeanDescription( + this.currentBeanCounter, principal) + + ", doubled defined action: " + actions[i]; + LOG.error(errorMessage); + throw new DoubledDefinedActionException(errorMessage); + } + } + aceBean.setActions(actions); + + return true; + } + + public boolean validatePrivileges(AccessControlManager aclManager) + throws InvalidJcrPrivilegeException, DoubledDefinedJcrPrivilegeException { + final String currentEntryValue = aceBean.getPrivilegesString(); + + if (!StringUtils.isNotBlank(currentEntryValue)) { + return false; + } + final String[] privileges = currentEntryValue.split(","); + final Set privilegesSet = new HashSet(); + + for (int i = 0; i < privileges.length; i++) { + + // remove leading and trailing blanks from privilege name + privileges[i] = StringUtils.strip(privileges[i]); + + if (!Validators.isValidJcrPrivilege(privileges[i], aclManager)) { + final String errorMessage = getBeanDescription( + this.currentBeanCounter, aceBean.getAuthorizableId()) + + ", invalid jcr privilege: " + privileges[i]; + LOG.error(errorMessage); + throw new InvalidJcrPrivilegeException(errorMessage); + } + if (!privilegesSet.add(privileges[i])) { + final String errorMessage = getBeanDescription( + this.currentBeanCounter, aceBean.getAuthorizableId()) + + ", doubled defined jcr privilege: " + privileges[i]; + LOG.error(errorMessage); + throw new DoubledDefinedJcrPrivilegeException(errorMessage); + } + } + aceBean.setPrivilegesString(currentEntryValue); + + return true; + } + + + private boolean validateAcePath() throws InvalidPathException { + boolean isPathDefined = false; + final String currentEntryValue = aceBean.getJcrPath(); + if (Validators.isValidNodePath(currentEntryValue)) { + aceBean.setJcrPath(currentEntryValue); + isPathDefined = true; + } else { + final String errorMessage = getBeanDescription(this.currentBeanCounter, + aceBean.getAuthorizableId()) + ", invalid path: " + currentEntryValue; + LOG.error(errorMessage); + throw new InvalidPathException(errorMessage); + } + return isPathDefined; + } + + + private boolean validateAuthorizableId() throws NoGroupDefinedException, InvalidGroupNameException { + boolean valid = true; + final String authorizableId = aceBean.getAuthorizableId(); + // validate authorizable name format + if (Validators.isValidAuthorizableId(authorizableId)) { + + // validate if authorizable is contained in config + if (!authorizableIdsFromCurrentConfig.contains(authorizableId)) { + final String message = getBeanDescription(this.currentBeanCounter, + authorizableId) + " is not defined in group configuration"; + throw new NoGroupDefinedException(message); + } + aceBean.setAuthorizableId(authorizableId); + } else { + valid = false; + final String errorMessage = getBeanDescription(this.currentBeanCounter, + authorizableId) + + authorizableId + + ", invalid authorizable name: " + + authorizableId; + LOG.error(errorMessage); + throw new InvalidGroupNameException(errorMessage); + + } + return valid; + } + + private String getBeanDescription(long beanCounter, String authorizableId) { + return "Validation error while reading ACE definition nr." + beanCounter + " of authorizable " + authorizableId; + } + + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/impl/AuthorizableValidatorImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/impl/AuthorizableValidatorImpl.java index 2b8bd61d9..70f8566f8 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/impl/AuthorizableValidatorImpl.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/impl/AuthorizableValidatorImpl.java @@ -1,197 +1,202 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators.impl; - -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import biz.netcentric.cq.tools.actool.configmodel.AuthorizableConfigBean; -import biz.netcentric.cq.tools.actool.validators.AuthorizableValidator; -import biz.netcentric.cq.tools.actool.validators.Validators; -import biz.netcentric.cq.tools.actool.validators.exceptions.AcConfigBeanValidationException; -import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidAuthorizableException; -import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidGroupNameException; -import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidIntermediatePathException; - -public class AuthorizableValidatorImpl implements AuthorizableValidator { - - private static final Logger LOG = LoggerFactory .getLogger(AuthorizableValidatorImpl.class); - - private boolean enabled = true; - AuthorizableConfigBean authorizableConfigBean; - final String groupsPath; - final String usersPath; - - public AuthorizableValidatorImpl(final String groupsPath, final String usersPath) { - this.groupsPath = groupsPath; - this.usersPath = usersPath; - } - - @Override - public boolean validate(AuthorizableConfigBean authorizableConfigBean) - throws AcConfigBeanValidationException { - boolean success = true; - if (enabled) { - success = validateAuthorizableProperties(authorizableConfigBean) - && validateMemberOf(authorizableConfigBean) - && validateMembers(authorizableConfigBean) - && validateAuthorizableId(authorizableConfigBean) - && validateIntermediatePath(authorizableConfigBean); - } - return success; - } - - public boolean validateIntermediatePath( - final AuthorizableConfigBean authorizableConfigBean) - throws InvalidAuthorizableException, InvalidIntermediatePathException { - boolean isGroup = authorizableConfigBean.isGroup(); - String intermediatePath = authorizableConfigBean.getPath(); - String currentAuthorizableId = authorizableConfigBean.getAuthorizableId(); - final String basicErrorMessage = "Validation error while validating intermediate path of authorizable: " - + currentAuthorizableId; - // we only care about paths starting with a slash. if there is none, the path is assumed to be relative - if (intermediatePath.startsWith("/")) { - if (!intermediatePath.startsWith(groupsPath) && !intermediatePath.startsWith(usersPath)) { - String message = basicErrorMessage - + " - the intermediate path either has to be relative (not starting with '/') or has to start with the authorizable root!"; - LOG.error(message); - throw new InvalidIntermediatePathException(message); - } - - if (!isGroup && intermediatePath.startsWith(groupsPath)) { - String message = basicErrorMessage + " - the intermediate path for the user must not be the groups path: " + groupsPath; - LOG.error(message); - throw new InvalidIntermediatePathException(message); - } - if (isGroup && intermediatePath.startsWith(usersPath)) { - String message = basicErrorMessage + " - the intermediate path for the group must not be the users path: " + usersPath; - LOG.error(message); - throw new InvalidIntermediatePathException(message); - } - if (intermediatePath.equals(groupsPath) || intermediatePath.equals(usersPath) || intermediatePath.equals(groupsPath + "/") - || intermediatePath.equals(usersPath + "/")) { - String message = basicErrorMessage - + " - the intermediate path must not be equal to the authorizable root but has to specify a subfolder of it!"; - LOG.error(message); - throw new InvalidIntermediatePathException(message); - } - } - return true; - } - - public boolean validateAuthorizableProperties( - final AuthorizableConfigBean authorizableConfigBean) - throws InvalidAuthorizableException { - - if (authorizableConfigBean.isGroup()) { - if (StringUtils.isNotBlank(authorizableConfigBean.getPassword())) { - final String message = "Group " + authorizableConfigBean.getAuthorizableId() - + " may not be configured with password"; - LOG.error(message); - throw new InvalidAuthorizableException(message); - } - - if (StringUtils.isNotBlank(authorizableConfigBean.getDisabled())) { - final String message = "Groups cannot be disabled - property 'disable' is used on " - + authorizableConfigBean.getAuthorizableId(); - LOG.error(message); - throw new InvalidAuthorizableException(message); - } - - } else { - if (authorizableConfigBean.isSystemUser()) { - if (StringUtils.isNotBlank(authorizableConfigBean.getPassword())) { - final String message = "System user " + authorizableConfigBean.getAuthorizableId() - + " may not be configured with password"; - LOG.error(message); - throw new InvalidAuthorizableException(message); - } - } - - if (StringUtils.isNotBlank(authorizableConfigBean.getMigrateFrom())) { - final String message = "migrateFrom can only be used with groups (found in " + authorizableConfigBean.getAuthorizableId() - + ")"; - LOG.error(message); - throw new InvalidAuthorizableException(message); - } - - } - return true; - } - - public boolean validateMemberOf( - final AuthorizableConfigBean authorizableConfigBean) - throws InvalidGroupNameException { - final String currentAuthorizable = authorizableConfigBean.getAuthorizableId(); - final String[] isMemberOfGroups = authorizableConfigBean.getIsMemberOf(); - if (isMemberOfGroups!=null && isMemberOfGroups.length > 0) { - - for (int i = 0; i < isMemberOfGroups.length; i++) { - if (!Validators.isValidAuthorizableId(isMemberOfGroups[i])) { - LOG.error( - "Validation error while reading group property of authorizable:{}, invalid authorizable name: {}", - currentAuthorizable, isMemberOfGroups[i]); - throw new InvalidGroupNameException( - "Validation error while reading group property of authorizable: " - + currentAuthorizable - + ", invalid group name: " + isMemberOfGroups[i]); - } - } - } - return true; - } - - public boolean validateMembers( - final AuthorizableConfigBean authorizableConfigBean) - throws InvalidGroupNameException { - final String currentAuthorizable = authorizableConfigBean.getAuthorizableId(); - final String[] members = authorizableConfigBean.getMembers(); - if (members!=null && members.length > 0) { - for (int i = 0; i < members.length; i++) { - - if (!Validators.isValidAuthorizableId(members[i])) { - LOG.error( - "Validation error while reading group property of authorizable:{}, invalid authorizable name: {}", - currentAuthorizable, members[i]); - throw new InvalidGroupNameException( - "Validation error while reading group property of authorizable: " - + currentAuthorizable - + ", invalid group name: " + members[i]); - } - } - } - return true; - } - - public boolean validateAuthorizableId( - final AuthorizableConfigBean authorizableConfigBean) - throws InvalidGroupNameException { - final String authorizableId = authorizableConfigBean.getAuthorizableId(); - - if (Validators.isValidAuthorizableId(authorizableId)) { - authorizableConfigBean.setAuthorizableId(authorizableId); - } else { - final String message = "Validation error while reading group data: invalid group name: " - + authorizableId; - LOG.error(message); - throw new InvalidGroupNameException(message); - - } - return true; - } - - - @Override - public void disable() { - enabled = false; - - } - -} +package biz.netcentric.cq.tools.actool.validators.impl; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import org.apache.commons.lang3.StringUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import biz.netcentric.cq.tools.actool.configmodel.AuthorizableConfigBean; +import biz.netcentric.cq.tools.actool.validators.AuthorizableValidator; +import biz.netcentric.cq.tools.actool.validators.Validators; +import biz.netcentric.cq.tools.actool.validators.exceptions.AcConfigBeanValidationException; +import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidAuthorizableException; +import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidGroupNameException; +import biz.netcentric.cq.tools.actool.validators.exceptions.InvalidIntermediatePathException; + +public class AuthorizableValidatorImpl implements AuthorizableValidator { + + private static final Logger LOG = LoggerFactory .getLogger(AuthorizableValidatorImpl.class); + + private boolean enabled = true; + AuthorizableConfigBean authorizableConfigBean; + final String groupsPath; + final String usersPath; + + public AuthorizableValidatorImpl(final String groupsPath, final String usersPath) { + this.groupsPath = groupsPath; + this.usersPath = usersPath; + } + + @Override + public boolean validate(AuthorizableConfigBean authorizableConfigBean) + throws AcConfigBeanValidationException { + boolean success = true; + if (enabled) { + success = validateAuthorizableProperties(authorizableConfigBean) + && validateMemberOf(authorizableConfigBean) + && validateMembers(authorizableConfigBean) + && validateAuthorizableId(authorizableConfigBean) + && validateIntermediatePath(authorizableConfigBean); + } + return success; + } + + public boolean validateIntermediatePath( + final AuthorizableConfigBean authorizableConfigBean) + throws InvalidAuthorizableException, InvalidIntermediatePathException { + boolean isGroup = authorizableConfigBean.isGroup(); + String intermediatePath = authorizableConfigBean.getPath(); + String currentAuthorizableId = authorizableConfigBean.getAuthorizableId(); + final String basicErrorMessage = "Validation error while validating intermediate path of authorizable: " + + currentAuthorizableId; + // we only care about paths starting with a slash. if there is none, the path is assumed to be relative + if (intermediatePath.startsWith("/")) { + if (!intermediatePath.startsWith(groupsPath) && !intermediatePath.startsWith(usersPath)) { + String message = basicErrorMessage + + " - the intermediate path either has to be relative (not starting with '/') or has to start with the authorizable root!"; + LOG.error(message); + throw new InvalidIntermediatePathException(message); + } + + if (!isGroup && intermediatePath.startsWith(groupsPath)) { + String message = basicErrorMessage + " - the intermediate path for the user must not be the groups path: " + groupsPath; + LOG.error(message); + throw new InvalidIntermediatePathException(message); + } + if (isGroup && intermediatePath.startsWith(usersPath)) { + String message = basicErrorMessage + " - the intermediate path for the group must not be the users path: " + usersPath; + LOG.error(message); + throw new InvalidIntermediatePathException(message); + } + if (intermediatePath.equals(groupsPath) || intermediatePath.equals(usersPath) || intermediatePath.equals(groupsPath + "/") + || intermediatePath.equals(usersPath + "/")) { + String message = basicErrorMessage + + " - the intermediate path must not be equal to the authorizable root but has to specify a subfolder of it!"; + LOG.error(message); + throw new InvalidIntermediatePathException(message); + } + } + return true; + } + + public boolean validateAuthorizableProperties( + final AuthorizableConfigBean authorizableConfigBean) + throws InvalidAuthorizableException { + + if (authorizableConfigBean.isGroup()) { + if (StringUtils.isNotBlank(authorizableConfigBean.getPassword())) { + final String message = "Group " + authorizableConfigBean.getAuthorizableId() + + " may not be configured with password"; + LOG.error(message); + throw new InvalidAuthorizableException(message); + } + + if (StringUtils.isNotBlank(authorizableConfigBean.getDisabled())) { + final String message = "Groups cannot be disabled - property 'disable' is used on " + + authorizableConfigBean.getAuthorizableId(); + LOG.error(message); + throw new InvalidAuthorizableException(message); + } + + } else { + if (authorizableConfigBean.isSystemUser()) { + if (StringUtils.isNotBlank(authorizableConfigBean.getPassword())) { + final String message = "System user " + authorizableConfigBean.getAuthorizableId() + + " may not be configured with password"; + LOG.error(message); + throw new InvalidAuthorizableException(message); + } + } + + if (StringUtils.isNotBlank(authorizableConfigBean.getMigrateFrom())) { + final String message = "migrateFrom can only be used with groups (found in " + authorizableConfigBean.getAuthorizableId() + + ")"; + LOG.error(message); + throw new InvalidAuthorizableException(message); + } + + } + return true; + } + + public boolean validateMemberOf( + final AuthorizableConfigBean authorizableConfigBean) + throws InvalidGroupNameException { + final String currentAuthorizable = authorizableConfigBean.getAuthorizableId(); + final String[] isMemberOfGroups = authorizableConfigBean.getIsMemberOf(); + if (isMemberOfGroups!=null && isMemberOfGroups.length > 0) { + + for (int i = 0; i < isMemberOfGroups.length; i++) { + if (!Validators.isValidAuthorizableId(isMemberOfGroups[i])) { + LOG.error( + "Validation error while reading group property of authorizable:{}, invalid authorizable name: {}", + currentAuthorizable, isMemberOfGroups[i]); + throw new InvalidGroupNameException( + "Validation error while reading group property of authorizable: " + + currentAuthorizable + + ", invalid group name: " + isMemberOfGroups[i]); + } + } + } + return true; + } + + public boolean validateMembers( + final AuthorizableConfigBean authorizableConfigBean) + throws InvalidGroupNameException { + final String currentAuthorizable = authorizableConfigBean.getAuthorizableId(); + final String[] members = authorizableConfigBean.getMembers(); + if (members!=null && members.length > 0) { + for (int i = 0; i < members.length; i++) { + + if (!Validators.isValidAuthorizableId(members[i])) { + LOG.error( + "Validation error while reading group property of authorizable:{}, invalid authorizable name: {}", + currentAuthorizable, members[i]); + throw new InvalidGroupNameException( + "Validation error while reading group property of authorizable: " + + currentAuthorizable + + ", invalid group name: " + members[i]); + } + } + } + return true; + } + + public boolean validateAuthorizableId( + final AuthorizableConfigBean authorizableConfigBean) + throws InvalidGroupNameException { + final String authorizableId = authorizableConfigBean.getAuthorizableId(); + + if (Validators.isValidAuthorizableId(authorizableId)) { + authorizableConfigBean.setAuthorizableId(authorizableId); + } else { + final String message = "Validation error while reading group data: invalid group name: " + + authorizableId; + LOG.error(message); + throw new InvalidGroupNameException(message); + + } + return true; + } + + + @Override + public void disable() { + enabled = false; + + } + +} diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/impl/ObsoleteAuthorizablesValidatorImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/impl/ObsoleteAuthorizablesValidatorImpl.java index c1cd56873..e7fe6a2c8 100644 --- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/impl/ObsoleteAuthorizablesValidatorImpl.java +++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/validators/impl/ObsoleteAuthorizablesValidatorImpl.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2016 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.validators.impl; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.validators.impl; import java.util.HashSet; import java.util.Set; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/aceinstaller/AceBeanInstallerIncrementalTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/aceinstaller/AceBeanInstallerIncrementalTest.java index b407ddea3..2cbf3cfa0 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/aceinstaller/AceBeanInstallerIncrementalTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/aceinstaller/AceBeanInstallerIncrementalTest.java @@ -1,12 +1,18 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * + +package biz.netcentric.cq.tools.actool.aceinstaller; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.aceinstaller; import static org.junit.jupiter.api.Assertions.assertArrayEquals; import static org.junit.jupiter.api.Assertions.assertEquals; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthInstallerUserManagerPrefetchingImplTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthInstallerUserManagerPrefetchingImplTest.java index 842843da5..68dc3349b 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthInstallerUserManagerPrefetchingImplTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthInstallerUserManagerPrefetchingImplTest.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.authorizableinstaller.impl; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import static org.junit.Assert.assertThrows; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.mockito.ArgumentMatchers.any; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImplTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImplTest.java index 6f9d65235..87e7835ac 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImplTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImplTest.java @@ -1,12 +1,18 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * + +package biz.netcentric.cq.tools.actool.authorizableinstaller.impl; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.authorizableinstaller.impl; import static java.util.Arrays.asList; import static org.mockito.ArgumentMatchers.any; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/ImpersonationInstallerServiceImplTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/ImpersonationInstallerServiceImplTest.java index 0957d4bde..b6100f740 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/ImpersonationInstallerServiceImplTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/ImpersonationInstallerServiceImplTest.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.authorizableinstaller.impl; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.never; import static org.mockito.Mockito.verify; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/comparators/AcePermissionComparatorTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/comparators/AcePermissionComparatorTest.java index fe5227030..68e7f5974 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/comparators/AcePermissionComparatorTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/comparators/AcePermissionComparatorTest.java @@ -1,12 +1,18 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * + +package biz.netcentric.cq.tools.actool.comparators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.comparators; import static org.junit.jupiter.api.Assertions.assertEquals; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/AuthorizablesConfigTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/AuthorizablesConfigTest.java index 3355aa147..5e983d0d8 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/AuthorizablesConfigTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/AuthorizablesConfigTest.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.configmodel; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import static org.junit.jupiter.api.Assertions.assertEquals; import java.util.Arrays; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/TestDecryptionService.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/TestDecryptionService.java index c47c46301..e9b663f6a 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/TestDecryptionService.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/TestDecryptionService.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.configmodel; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import biz.netcentric.cq.tools.actool.crypto.DecryptionService; public final class TestDecryptionService implements DecryptionService { @@ -8,4 +21,4 @@ public final class TestDecryptionService implements DecryptionService { public String decrypt(String text) { return text.substring(1, text.length()-1); } -} \ No newline at end of file +} diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/DerDataTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/DerDataTest.java index e93c9800c..4bf301a4b 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/DerDataTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/DerDataTest.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.configmodel.pkcs; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import static org.junit.jupiter.api.Assertions.assertArrayEquals; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.params.provider.Arguments.arguments; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/KeyTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/KeyTest.java index 8da569d9e..9fd71f134 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/KeyTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configmodel/pkcs/KeyTest.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.configmodel.pkcs; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import static org.junit.jupiter.api.Assertions.assertThrows; import java.io.IOException; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/ConfigFilesRetrieverImplTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/ConfigFilesRetrieverImplTest.java index 8900ee117..c1177c2a4 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/ConfigFilesRetrieverImplTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/ConfigFilesRetrieverImplTest.java @@ -1,12 +1,18 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * + +package biz.netcentric.cq.tools.actool.configreader; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.configreader; import static org.hamcrest.MatcherAssert.assertThat; import static org.junit.jupiter.api.Assertions.assertFalse; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/TestAceBean.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/TestAceBean.java index 8b880afbc..bfd2ca3ac 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/TestAceBean.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/TestAceBean.java @@ -1,12 +1,18 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * + +package biz.netcentric.cq.tools.actool.configreader; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.configreader; import biz.netcentric.cq.tools.actool.configmodel.AceBean; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/TestAuthorizableConfigBean.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/TestAuthorizableConfigBean.java index eba3471ad..94e70dd35 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/TestAuthorizableConfigBean.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/TestAuthorizableConfigBean.java @@ -1,12 +1,18 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * + +package biz.netcentric.cq.tools.actool.configreader; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.configreader; import biz.netcentric.cq.tools.actool.configmodel.AuthorizableConfigBean; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/TestUserConfigsCreatorTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/TestUserConfigsCreatorTest.java index b83c63ffe..e8ee46dd7 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/TestUserConfigsCreatorTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/TestUserConfigsCreatorTest.java @@ -1,4 +1,17 @@ package biz.netcentric.cq.tools.actool.configreader; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ import static org.junit.jupiter.api.Assertions.assertEquals; import java.util.Map; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/TestYamlConfigReader.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/TestYamlConfigReader.java index 8ec8a405c..9d39d7551 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/TestYamlConfigReader.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/TestYamlConfigReader.java @@ -1,12 +1,18 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * + +package biz.netcentric.cq.tools.actool.configreader; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.configreader; import java.util.Map; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/VirtualGroupProcessorTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/VirtualGroupProcessorTest.java index 0d2899cc1..9bdfb6c58 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/VirtualGroupProcessorTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/VirtualGroupProcessorTest.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.configreader; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import static biz.netcentric.cq.tools.actool.configreader.YamlConfigurationMergerTest.getAcConfigurationForFile; import static biz.netcentric.cq.tools.actool.configreader.YamlConfigurationMergerTest.getConfigurationMerger; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigReaderTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigReaderTest.java index 5c159fbf8..9802c85e4 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigReaderTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigReaderTest.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.configreader; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.configreader; import static org.junit.jupiter.api.Assertions.assertArrayEquals; import static org.junit.jupiter.api.Assertions.assertEquals; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigurationMergerTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigurationMergerTest.java index 692e1b196..58548eace 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigurationMergerTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigurationMergerTest.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.configreader; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.configreader; import static org.junit.jupiter.api.Assertions.assertArrayEquals; import static org.junit.jupiter.api.Assertions.assertEquals; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroElEvaluatorTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroElEvaluatorTest.java index f2f822abd..e44a37e4d 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroElEvaluatorTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroElEvaluatorTest.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.configreader; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertThrows; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroProcessorTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroProcessorTest.java index 81b66cf8a..fe9a881b5 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroProcessorTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroProcessorTest.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.configreader; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.configreader; import static biz.netcentric.cq.tools.actool.configreader.YamlConfigReaderTest.getYamlList; import static org.junit.jupiter.api.Assertions.assertEquals; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/extensions/OakRepository.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/extensions/OakRepository.java index b79737cfb..8b1a72830 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/extensions/OakRepository.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/extensions/OakRepository.java @@ -8,6 +8,19 @@ */ package biz.netcentric.cq.tools.actool.extensions; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import java.io.IOException; import java.io.UncheckedIOException; import java.nio.file.Files; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/AcHelperTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/AcHelperTest.java index 1f71ad2be..e151be581 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/AcHelperTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/AcHelperTest.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.helper; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.helper; import static biz.netcentric.cq.tools.actool.helper.AcHelper.ACE_ORDER_ACTOOL_BEST_PRACTICE; import static biz.netcentric.cq.tools.actool.helper.AcHelper.ACE_ORDER_NONE; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/AceWrapperTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/AceWrapperTest.java index b32fa8e9d..7fe983f2b 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/AceWrapperTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/AceWrapperTest.java @@ -1,12 +1,18 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * + +package biz.netcentric.cq.tools.actool.helper; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.helper; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNull; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/ContentHelperIT.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/ContentHelperIT.java index feef67bae..d980be6fb 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/ContentHelperIT.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/ContentHelperIT.java @@ -8,6 +8,19 @@ */ package biz.netcentric.cq.tools.actool.helper; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertThrows; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/ContentHelperTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/ContentHelperTest.java index 82165dfe5..728f1f13f 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/ContentHelperTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/ContentHelperTest.java @@ -1,12 +1,18 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * + +package biz.netcentric.cq.tools.actool.helper; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.helper; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/QueryHelperIT.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/QueryHelperIT.java index 11a5af4e5..5d10e3c13 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/QueryHelperIT.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/QueryHelperIT.java @@ -8,6 +8,19 @@ */ package biz.netcentric.cq.tools.actool.helper; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertTrue; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/QueryHelperTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/QueryHelperTest.java index a0c01aa58..6f73df8b4 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/QueryHelperTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/QueryHelperTest.java @@ -8,6 +8,19 @@ */ package biz.netcentric.cq.tools.actool.helper; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertThrows; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/ValidatorsTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/ValidatorsTest.java index 0118ba251..451c114d0 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/ValidatorsTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/helper/ValidatorsTest.java @@ -1,83 +1,88 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.helper; - -import static org.junit.jupiter.api.Assertions.assertFalse; -import static org.junit.jupiter.api.Assertions.assertTrue; - -import java.util.List; -import java.util.stream.Collectors; -import java.util.stream.Stream; - -import org.junit.jupiter.api.Test; - -import biz.netcentric.cq.tools.actool.aem.AcToolCqActions; -import biz.netcentric.cq.tools.actool.validators.Validators; - -public class ValidatorsTest { - - @Test - public void isValidAuthorizableNameTest() { - - assertTrue(Validators.isValidAuthorizableId("group-A")); - assertTrue(Validators.isValidAuthorizableId("group_A")); - assertTrue(Validators.isValidAuthorizableId("group.6")); - assertTrue(Validators.isValidAuthorizableId("Group-1")); - assertTrue(Validators.isValidAuthorizableId("Group-99")); - assertTrue(Validators.isValidAuthorizableId("Group..9.9")); - assertTrue(Validators.isValidAuthorizableId("group A")); - assertTrue(Validators.isValidAuthorizableId("group -A")); - - assertTrue(Validators.isValidAuthorizableId("group,A")); - assertTrue(Validators.isValidAuthorizableId("group:A")); - assertTrue(Validators.isValidAuthorizableId("group;A")); - - // even unicode characters are fine - assertTrue(Validators.isValidAuthorizableId("group-\\u00F8\\u00FCa")); - // only empty string not allowed - assertFalse(Validators.isValidAuthorizableId("")); - assertFalse(Validators.isValidAuthorizableId(null)); - } - - @Test - public void isValidActionTest() { - List actionStrings = Stream.of(AcToolCqActions.CqActions.values()).map(Enum::name).collect(Collectors.toList()); - - for (String action : actionStrings) { - assertTrue(Validators.isValidAction(action)); - } - - assertFalse(Validators.isValidAction("write")); - assertFalse(Validators.isValidAction("Read")); - assertFalse(Validators.isValidAction("aclEdit")); - assertFalse(Validators.isValidAction("jcr:all")); - assertFalse(Validators.isValidAction("jcr:read")); - assertFalse(Validators.isValidAction(null)); - } - - @Test - public void isValidPermissionTest() { - - assertTrue(Validators.isValidPermission("allow")); - assertTrue(Validators.isValidPermission("deny")); - - assertFalse(Validators.isValidPermission("Allow")); - assertFalse(Validators.isValidPermission("Deny")); - assertFalse(Validators.isValidPermission("write")); - - assertFalse(Validators.isValidPermission(null)); - } - - @Test - public void isValidRepGlobTest() { - assertTrue(Validators.isValidRegex("*/jcr:content*")); - assertTrue(Validators.isValidRegex("*/content/*")); - assertFalse(Validators.isValidRegex("[")); - } -} \ No newline at end of file +package biz.netcentric.cq.tools.actool.helper; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.util.List; +import java.util.stream.Collectors; +import java.util.stream.Stream; + +import org.junit.jupiter.api.Test; + +import biz.netcentric.cq.tools.actool.aem.AcToolCqActions; +import biz.netcentric.cq.tools.actool.validators.Validators; + +public class ValidatorsTest { + + @Test + public void isValidAuthorizableNameTest() { + + assertTrue(Validators.isValidAuthorizableId("group-A")); + assertTrue(Validators.isValidAuthorizableId("group_A")); + assertTrue(Validators.isValidAuthorizableId("group.6")); + assertTrue(Validators.isValidAuthorizableId("Group-1")); + assertTrue(Validators.isValidAuthorizableId("Group-99")); + assertTrue(Validators.isValidAuthorizableId("Group..9.9")); + assertTrue(Validators.isValidAuthorizableId("group A")); + assertTrue(Validators.isValidAuthorizableId("group -A")); + + assertTrue(Validators.isValidAuthorizableId("group,A")); + assertTrue(Validators.isValidAuthorizableId("group:A")); + assertTrue(Validators.isValidAuthorizableId("group;A")); + + // even unicode characters are fine + assertTrue(Validators.isValidAuthorizableId("group-\\u00F8\\u00FCa")); + // only empty string not allowed + assertFalse(Validators.isValidAuthorizableId("")); + assertFalse(Validators.isValidAuthorizableId(null)); + } + + @Test + public void isValidActionTest() { + List actionStrings = Stream.of(AcToolCqActions.CqActions.values()).map(Enum::name).collect(Collectors.toList()); + + for (String action : actionStrings) { + assertTrue(Validators.isValidAction(action)); + } + + assertFalse(Validators.isValidAction("write")); + assertFalse(Validators.isValidAction("Read")); + assertFalse(Validators.isValidAction("aclEdit")); + assertFalse(Validators.isValidAction("jcr:all")); + assertFalse(Validators.isValidAction("jcr:read")); + assertFalse(Validators.isValidAction(null)); + } + + @Test + public void isValidPermissionTest() { + + assertTrue(Validators.isValidPermission("allow")); + assertTrue(Validators.isValidPermission("deny")); + + assertFalse(Validators.isValidPermission("Allow")); + assertFalse(Validators.isValidPermission("Deny")); + assertFalse(Validators.isValidPermission("write")); + + assertFalse(Validators.isValidPermission(null)); + } + + @Test + public void isValidRepGlobTest() { + assertTrue(Validators.isValidRegex("*/jcr:content*")); + assertTrue(Validators.isValidRegex("*/content/*")); + assertFalse(Validators.isValidRegex("[")); + } +} diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/impl/AcInstallationServiceImplTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/impl/AcInstallationServiceImplTest.java index f0b40d941..aebb927c2 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/impl/AcInstallationServiceImplTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/impl/AcInstallationServiceImplTest.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.impl; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import static org.junit.jupiter.api.Assertions.assertTrue; import static org.mockito.Mockito.when; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/impl/AceServiceImplTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/impl/AceServiceImplTest.java index 3534c67db..e07ab5206 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/impl/AceServiceImplTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/impl/AceServiceImplTest.java @@ -1,12 +1,18 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * + +package biz.netcentric.cq.tools.actool.impl; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.impl; import static org.junit.jupiter.api.Assertions.assertArrayEquals; import static org.junit.jupiter.api.Assertions.assertFalse; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/ims/IMSUserManagementIT.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/ims/IMSUserManagementIT.java index 3aa4a96fa..97eed2dc8 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/ims/IMSUserManagementIT.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/ims/IMSUserManagementIT.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.ims; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/slingsettings/ExtendedSlingSettingsServiceImplTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/slingsettings/ExtendedSlingSettingsServiceImplTest.java index da4d0ace3..5df6f507f 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/slingsettings/ExtendedSlingSettingsServiceImplTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/slingsettings/ExtendedSlingSettingsServiceImplTest.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.slingsettings; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import static org.junit.jupiter.api.Assertions.assertEquals; import java.util.Collections; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/BeanValidatorsTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/BeanValidatorsTest.java index 155f0e171..09fc07052 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/BeanValidatorsTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/BeanValidatorsTest.java @@ -1,119 +1,124 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * - * All rights reserved. This program and the accompanying materials - * are made available under the terms of the Eclipse Public License v1.0 - * which accompanies this distribution, and is available at - * http://www.eclipse.org/legal/epl-v10.html - */ -package biz.netcentric.cq.tools.actool.validators; - -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.mockito.Mockito.doReturn; -import static org.mockito.Mockito.doThrow; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.withSettings; -import static org.mockito.MockitoAnnotations.initMocks; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.LinkedHashMap; -import java.util.List; -import java.util.Set; - -import javax.jcr.RepositoryException; -import javax.jcr.Session; -import javax.jcr.security.AccessControlList; -import javax.jcr.security.AccessControlManager; -import javax.jcr.security.AccessControlPolicy; - -import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; -import org.apache.sling.jcr.api.SlingRepository; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.mockito.InjectMocks; -import org.mockito.Mock; - -import biz.netcentric.cq.tools.actool.configmodel.AceBean; -import biz.netcentric.cq.tools.actool.configmodel.AuthorizableConfigBean; -import biz.netcentric.cq.tools.actool.configreader.ConfigReader; -import biz.netcentric.cq.tools.actool.configreader.TestAceBean; -import biz.netcentric.cq.tools.actool.configreader.TestAuthorizableConfigBean; -import biz.netcentric.cq.tools.actool.configreader.TestYamlConfigReader; -import biz.netcentric.cq.tools.actool.validators.exceptions.AcConfigBeanValidationException; -import biz.netcentric.cq.tools.actool.validators.impl.AceBeanValidatorImpl; -import biz.netcentric.cq.tools.actool.validators.impl.AuthorizableValidatorImpl; - -public class BeanValidatorsTest { - - @Mock - SlingRepository repository; - - @Mock - Session session; - - @Mock - AccessControlList accessControlPolicy; - - @Mock - AccessControlManager accessControlManager; - - @Mock - AuthorizableValidator authorizableValidator; - - @InjectMocks - ConfigReader yamlConfigReader = new TestYamlConfigReader(); - - List aclList; - Set groupsFromConfig; - List aceBeanList = new ArrayList(); - List authorizableBeanList = new ArrayList(); - - @BeforeEach - public void setup() throws IOException, RepositoryException, - AcConfigBeanValidationException { - - initMocks(this); - doReturn(session).when(repository).loginService(null, null); - - accessControlPolicy = mock(AccessControlList.class, - withSettings().extraInterfaces(JackrabbitAccessControlList.class)); - doReturn(new String[]{"rep:glob"}).when((JackrabbitAccessControlList) accessControlPolicy).getRestrictionNames(); - doReturn(accessControlManager).when(session).getAccessControlManager(); - doReturn(new AccessControlPolicy[]{accessControlPolicy}).when(accessControlManager).getPolicies("/"); - - doThrow(new RepositoryException("invalid permission")).when(accessControlManager).privilegeFromName("read"); - doThrow(new RepositoryException("invalid permission")).when(accessControlManager).privilegeFromName("jcr_all"); - - final List yamlList = ValidatorTestHelper.getYamlList("testconfig.yaml"); - final AuthorizableValidator authorizableValidator = new AuthorizableValidatorImpl("/home/groups", "/home/users"); - authorizableValidator.disable(); - groupsFromConfig = yamlConfigReader.getGroupConfigurationBeans(yamlList, authorizableValidator).getAuthorizableIds(); - - ValidatorTestHelper.createAuthorizableTestBeans(yamlList, yamlConfigReader, authorizableBeanList); - ValidatorTestHelper.createAceTestBeans(yamlList, yamlConfigReader, groupsFromConfig, aceBeanList, session); - } - - @Test - public void testAuthorizableBeans() { - final AuthorizableValidator authorizableValidator = new AuthorizableValidatorImpl("/home/groups", "/home/users"); - for (final AuthorizableConfigBean authorizableBean : authorizableBeanList) { - assertEquals( - ValidatorTestHelper.getSimpleValidationException(authorizableBean, - authorizableValidator), - ((TestAuthorizableConfigBean) authorizableBean).getAssertedExceptionString()); - } - } - - @Test - public void testAceBeans() { - final AceBeanValidator aceBeanValidator = new AceBeanValidatorImpl(groupsFromConfig); - for (final AceBean aceBean : aceBeanList) { - assertEquals( - ((TestAceBean) aceBean).getAssertedExceptionString(), - ValidatorTestHelper.getSimpleValidationException(aceBean, aceBeanValidator, accessControlManager), - "Problem in bean " + aceBean); - } - } - -} +package biz.netcentric.cq.tools.actool.validators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.mockito.Mockito.doReturn; +import static org.mockito.Mockito.doThrow; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.withSettings; +import static org.mockito.MockitoAnnotations.initMocks; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Set; + +import javax.jcr.RepositoryException; +import javax.jcr.Session; +import javax.jcr.security.AccessControlList; +import javax.jcr.security.AccessControlManager; +import javax.jcr.security.AccessControlPolicy; + +import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; +import org.apache.sling.jcr.api.SlingRepository; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.mockito.InjectMocks; +import org.mockito.Mock; + +import biz.netcentric.cq.tools.actool.configmodel.AceBean; +import biz.netcentric.cq.tools.actool.configmodel.AuthorizableConfigBean; +import biz.netcentric.cq.tools.actool.configreader.ConfigReader; +import biz.netcentric.cq.tools.actool.configreader.TestAceBean; +import biz.netcentric.cq.tools.actool.configreader.TestAuthorizableConfigBean; +import biz.netcentric.cq.tools.actool.configreader.TestYamlConfigReader; +import biz.netcentric.cq.tools.actool.validators.exceptions.AcConfigBeanValidationException; +import biz.netcentric.cq.tools.actool.validators.impl.AceBeanValidatorImpl; +import biz.netcentric.cq.tools.actool.validators.impl.AuthorizableValidatorImpl; + +public class BeanValidatorsTest { + + @Mock + SlingRepository repository; + + @Mock + Session session; + + @Mock + AccessControlList accessControlPolicy; + + @Mock + AccessControlManager accessControlManager; + + @Mock + AuthorizableValidator authorizableValidator; + + @InjectMocks + ConfigReader yamlConfigReader = new TestYamlConfigReader(); + + List aclList; + Set groupsFromConfig; + List aceBeanList = new ArrayList(); + List authorizableBeanList = new ArrayList(); + + @BeforeEach + public void setup() throws IOException, RepositoryException, + AcConfigBeanValidationException { + + initMocks(this); + doReturn(session).when(repository).loginService(null, null); + + accessControlPolicy = mock(AccessControlList.class, + withSettings().extraInterfaces(JackrabbitAccessControlList.class)); + doReturn(new String[]{"rep:glob"}).when((JackrabbitAccessControlList) accessControlPolicy).getRestrictionNames(); + doReturn(accessControlManager).when(session).getAccessControlManager(); + doReturn(new AccessControlPolicy[]{accessControlPolicy}).when(accessControlManager).getPolicies("/"); + + doThrow(new RepositoryException("invalid permission")).when(accessControlManager).privilegeFromName("read"); + doThrow(new RepositoryException("invalid permission")).when(accessControlManager).privilegeFromName("jcr_all"); + + final List yamlList = ValidatorTestHelper.getYamlList("testconfig.yaml"); + final AuthorizableValidator authorizableValidator = new AuthorizableValidatorImpl("/home/groups", "/home/users"); + authorizableValidator.disable(); + groupsFromConfig = yamlConfigReader.getGroupConfigurationBeans(yamlList, authorizableValidator).getAuthorizableIds(); + + ValidatorTestHelper.createAuthorizableTestBeans(yamlList, yamlConfigReader, authorizableBeanList); + ValidatorTestHelper.createAceTestBeans(yamlList, yamlConfigReader, groupsFromConfig, aceBeanList, session); + } + + @Test + public void testAuthorizableBeans() { + final AuthorizableValidator authorizableValidator = new AuthorizableValidatorImpl("/home/groups", "/home/users"); + for (final AuthorizableConfigBean authorizableBean : authorizableBeanList) { + assertEquals( + ValidatorTestHelper.getSimpleValidationException(authorizableBean, + authorizableValidator), + ((TestAuthorizableConfigBean) authorizableBean).getAssertedExceptionString()); + } + } + + @Test + public void testAceBeans() { + final AceBeanValidator aceBeanValidator = new AceBeanValidatorImpl(groupsFromConfig); + for (final AceBean aceBean : aceBeanList) { + assertEquals( + ((TestAceBean) aceBean).getAssertedExceptionString(), + ValidatorTestHelper.getSimpleValidationException(aceBean, aceBeanValidator, accessControlManager), + "Problem in bean " + aceBean); + } + } + +} diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/ExternalGroupsInIsMemberOfValidatorTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/ExternalGroupsInIsMemberOfValidatorTest.java index fd1c33dd8..0c1776953 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/ExternalGroupsInIsMemberOfValidatorTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/ExternalGroupsInIsMemberOfValidatorTest.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.validators; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import static biz.netcentric.cq.tools.actool.configreader.YamlConfigurationMergerTest.getAcConfigurationForFile; import static biz.netcentric.cq.tools.actool.configreader.YamlConfigurationMergerTest.getConfigurationMerger; import static org.junit.jupiter.api.Assertions.assertEquals; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/GlobalConfigurationValidatorTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/GlobalConfigurationValidatorTest.java index cb9d51a28..d6f216b38 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/GlobalConfigurationValidatorTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/GlobalConfigurationValidatorTest.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.validators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.validators; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertTrue; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/RestrictionValidationTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/RestrictionValidationTest.java index 3e8f50c48..2f0d9fb13 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/RestrictionValidationTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/RestrictionValidationTest.java @@ -1,12 +1,18 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * + +package biz.netcentric.cq.tools.actool.validators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.validators; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.mockito.Mockito.doReturn; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/UnmangedExternalMemberRelationshipCheckerTest.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/UnmangedExternalMemberRelationshipCheckerTest.java index fb3b01478..a5ef479d0 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/UnmangedExternalMemberRelationshipCheckerTest.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/UnmangedExternalMemberRelationshipCheckerTest.java @@ -1,5 +1,18 @@ package biz.netcentric.cq.tools.actool.validators; +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials + * are made available under the terms of the Eclipse Public License v1.0 + * which accompanies this distribution, and is available at + * http://www.eclipse.org/legal/epl-v10.html + * #L% + */ + import static biz.netcentric.cq.tools.actool.configreader.YamlConfigurationMergerTest.getAcConfigurationForFile; import static biz.netcentric.cq.tools.actool.configreader.YamlConfigurationMergerTest.getConfigurationMerger; diff --git a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/ValidatorTestHelper.java b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/ValidatorTestHelper.java index aeb1a094e..9db5de2d5 100644 --- a/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/ValidatorTestHelper.java +++ b/accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/validators/ValidatorTestHelper.java @@ -1,12 +1,18 @@ -/* - * (C) Copyright 2017 Netcentric AG. - * + +package biz.netcentric.cq.tools.actool.validators; + +/*- + * #%L + * Access Control Tool Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.validators; import java.io.IOException; import java.io.InputStream; diff --git a/accesscontroltool-content-package/src/main/META-INF/vault/filter.xml b/accesscontroltool-content-package/src/main/META-INF/vault/filter.xml index 76bffe6a0..b65e9a702 100644 --- a/accesscontroltool-content-package/src/main/META-INF/vault/filter.xml +++ b/accesscontroltool-content-package/src/main/META-INF/vault/filter.xml @@ -1,6 +1,19 @@ - - - - - - + + + + + + + + diff --git a/accesscontroltool-content-package/src/main/jcr_root/_rep_policy.xml b/accesscontroltool-content-package/src/main/jcr_root/_rep_policy.xml index feac81644..b9020aca0 100644 --- a/accesscontroltool-content-package/src/main/jcr_root/_rep_policy.xml +++ b/accesscontroltool-content-package/src/main/jcr_root/_rep_policy.xml @@ -1,4 +1,17 @@ + + + + + + \ No newline at end of file + jcr:primaryType="rep:AuthorizableFolder"/> diff --git a/accesscontroltool-content-package/src/main/jcr_root/home/users/system/actool/actool-service/.content.xml b/accesscontroltool-content-package/src/main/jcr_root/home/users/system/actool/actool-service/.content.xml index 79e9c4a88..754727811 100644 --- a/accesscontroltool-content-package/src/main/jcr_root/home/users/system/actool/actool-service/.content.xml +++ b/accesscontroltool-content-package/src/main/jcr_root/home/users/system/actool/actool-service/.content.xml @@ -1,7 +1,20 @@ + + \ No newline at end of file + /> diff --git a/accesscontroltool-exampleconfig-package/src/main/META-INF/vault/config.xml b/accesscontroltool-exampleconfig-package/src/main/META-INF/vault/config.xml index 941af6c2e..d4143cc62 100644 --- a/accesscontroltool-exampleconfig-package/src/main/META-INF/vault/config.xml +++ b/accesscontroltool-exampleconfig-package/src/main/META-INF/vault/config.xml @@ -1,3 +1,15 @@ + + + + + diff --git a/accesscontroltool-exampleconfig-package/src/main/META-INF/vault/settings.xml b/accesscontroltool-exampleconfig-package/src/main/META-INF/vault/settings.xml index 68ce84048..f32f50fb0 100644 --- a/accesscontroltool-exampleconfig-package/src/main/META-INF/vault/settings.xml +++ b/accesscontroltool-exampleconfig-package/src/main/META-INF/vault/settings.xml @@ -1,5 +1,18 @@ - - - - - + + + + + + + diff --git a/accesscontroltool-oakindex-package/src/main/META-INF/vault/filter.xml b/accesscontroltool-oakindex-package/src/main/META-INF/vault/filter.xml index 71472b5d0..b2e6793a4 100644 --- a/accesscontroltool-oakindex-package/src/main/META-INF/vault/filter.xml +++ b/accesscontroltool-oakindex-package/src/main/META-INF/vault/filter.xml @@ -1,5 +1,18 @@ - - - - - + + + + + + + diff --git a/accesscontroltool-oakindex-package/src/main/jcr_root/_oak_index/repACL-custom-1.xml b/accesscontroltool-oakindex-package/src/main/jcr_root/_oak_index/repACL-custom-1.xml index 733426cb0..19e5184a2 100644 --- a/accesscontroltool-oakindex-package/src/main/jcr_root/_oak_index/repACL-custom-1.xml +++ b/accesscontroltool-oakindex-package/src/main/jcr_root/_oak_index/repACL-custom-1.xml @@ -1,4 +1,17 @@ + + - - - - - - - - - - + + + + + + + + + + + + + diff --git a/accesscontroltool-startuphook-bundle/src/main/java/biz/netcentric/cq/tools/actool/startuphook/impl/AcToolStartupHookServiceImpl.java b/accesscontroltool-startuphook-bundle/src/main/java/biz/netcentric/cq/tools/actool/startuphook/impl/AcToolStartupHookServiceImpl.java index aeeb142c1..35a32dad5 100644 --- a/accesscontroltool-startuphook-bundle/src/main/java/biz/netcentric/cq/tools/actool/startuphook/impl/AcToolStartupHookServiceImpl.java +++ b/accesscontroltool-startuphook-bundle/src/main/java/biz/netcentric/cq/tools/actool/startuphook/impl/AcToolStartupHookServiceImpl.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.startuphook.impl; + +/*- + * #%L + * Access Control Tool Startup Hook Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.startuphook.impl; import java.util.ArrayList; import java.util.Arrays; diff --git a/accesscontroltool-startuphook-bundle/src/main/java/biz/netcentric/cq/tools/actool/startuphook/impl/StartupBundleActivator.java b/accesscontroltool-startuphook-bundle/src/main/java/biz/netcentric/cq/tools/actool/startuphook/impl/StartupBundleActivator.java index f0b1f44d9..ce9e4090f 100644 --- a/accesscontroltool-startuphook-bundle/src/main/java/biz/netcentric/cq/tools/actool/startuphook/impl/StartupBundleActivator.java +++ b/accesscontroltool-startuphook-bundle/src/main/java/biz/netcentric/cq/tools/actool/startuphook/impl/StartupBundleActivator.java @@ -1,12 +1,17 @@ -/* - * (C) Copyright 2015 Netcentric AG. - * +package biz.netcentric.cq.tools.actool.startuphook.impl; + +/*- + * #%L + * Access Control Tool Startup Hook Bundle + * %% + * Copyright (C) 2015 - 2024 Cognizant Netcentric + * %% * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at * http://www.eclipse.org/legal/epl-v10.html + * #L% */ -package biz.netcentric.cq.tools.actool.startuphook.impl; import org.apache.sling.jcr.api.SlingRepository; import org.osgi.framework.BundleActivator; diff --git a/pom.xml b/pom.xml index 9fa86b892..dc6dd7b13 100644 --- a/pom.xml +++ b/pom.xml @@ -448,7 +448,6 @@ epl_only_v1 test/resources/**,it/** - false