SLING-5281: allow execution with calling user session
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1713432 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/src/main/java/org/apache/sling/distribution/test/Init.java b/src/main/java/org/apache/sling/distribution/test/Init.java
index 409b3b2..9721595 100644
--- a/src/main/java/org/apache/sling/distribution/test/Init.java
+++ b/src/main/java/org/apache/sling/distribution/test/Init.java
@@ -25,8 +25,11 @@
import org.apache.felix.scr.annotations.Reference;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import javax.jcr.security.Privilege;
+
+import org.apache.jackrabbit.commons.JcrUtils;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.sling.jcr.api.SlingRepository;
import org.slf4j.Logger;
@@ -48,41 +51,66 @@
public void activate() throws Exception {
try {
- final String userName = "testDistributionUser";
+ final String defaultAgentUserName = "distribution-agent-user";
+ final String serviceUserName = "testDistributionUser";
+ final String distributorUserName = "testDistributorUser";
+
Session session = slingRepository.loginAdministrative(null);
JackrabbitSession jackrabittSession = (JackrabbitSession) session;
UserManager userManager = jackrabittSession.getUserManager();
- Authorizable user = userManager.getAuthorizable(userName);
+ Authorizable serviceUser = userManager.getAuthorizable(serviceUserName);
- if (user == null) {
+ if (serviceUser == null) {
try {
- user = userManager.createSystemUser(userName, null);
- log.error("created system user", user);
+ serviceUser = userManager.createSystemUser(serviceUserName, null);
+ log.info("created system user {}", serviceUserName);
} catch (Throwable t) {
- user = userManager.createUser(userName, "123");
- log.error("created regular user", user);
-
+ serviceUser = userManager.createUser(serviceUserName, "123");
+ log.info("created regular user {}", serviceUserName);
}
}
- if (user != null) {
- AccessControlUtils.addAccessControlEntry(session, "/", user.getPrincipal(), new String[]{ Privilege.JCR_ALL }, true);
+ if (serviceUser != null) {
+ AccessControlUtils.addAccessControlEntry(session, "/var/sling/distribution/packages", serviceUser.getPrincipal(), new String[]{ Privilege.JCR_ALL }, true);
+ AccessControlUtils.addAccessControlEntry(session, "/content", serviceUser.getPrincipal(), new String[]{ Privilege.JCR_ALL }, true);
+ AccessControlUtils.addAccessControlEntry(session, null, serviceUser.getPrincipal(), new String[]{ Privilege.JCR_ALL }, true);
- AccessControlUtils.addAccessControlEntry(session, null, user.getPrincipal(), new String[]{ Privilege.JCR_ALL }, true);
-
- session.save();
-
- session.logout();
}
+ Authorizable distributorUser = userManager.getAuthorizable(distributorUserName);
+
+ if (distributorUser == null) {
+ distributorUser = userManager.createUser(distributorUserName, "123");
+ log.info("created regular user {}", distributorUserName);
+ }
+
+ JcrUtils.getOrCreateByPath("/content", "sling:Folder", session);
+
+ if (distributorUser != null) {
+ AccessControlUtils.addAccessControlEntry(session, "/var/sling/distribution/packages", distributorUser.getPrincipal(), new String[]{ Privilege.JCR_ALL }, true);
+ AccessControlUtils.addAccessControlEntry(session, "/content", distributorUser.getPrincipal(), new String[]{ Privilege.JCR_ALL }, true);
+ AccessControlUtils.addAccessControlEntry(session, "/libs/sling/distribution", distributorUser.getPrincipal(), new String[]{ Privilege.JCR_ALL }, true);
+
+ AccessControlUtils.addAccessControlEntry(session, null, distributorUser.getPrincipal(), new String[]{ Privilege.JCR_ALL }, true);
+
+ }
+
+ Authorizable defaultAgentUser = userManager.getAuthorizable(defaultAgentUserName);
+
+ if (defaultAgentUser == null) {
+ defaultAgentUser = userManager.createUser(defaultAgentUserName, "123");
+ log.info("created regular user {}", defaultAgentUserName);
+ ((User) distributorUser).getImpersonation().grantImpersonation(defaultAgentUser.getPrincipal());
+ ((User) serviceUser).getImpersonation().grantImpersonation(defaultAgentUser.getPrincipal());
+ }
+
+ session.save();
+ session.logout();
} catch (Throwable t) {
log.error("cannot create user", t);
}
-
-
-
}
diff --git a/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.author/impersonate-publish-reverse/org.apache.sling.distribution.agent.impl.ReverseDistributionAgentFactory-impersonate-publish-reverse.json b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.author/impersonate-publish-reverse/org.apache.sling.distribution.agent.impl.ReverseDistributionAgentFactory-impersonate-publish-reverse.json
new file mode 100644
index 0000000..2f63e6f
--- /dev/null
+++ b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.author/impersonate-publish-reverse/org.apache.sling.distribution.agent.impl.ReverseDistributionAgentFactory-impersonate-publish-reverse.json
@@ -0,0 +1,17 @@
+{
+ "jcr:primaryType": "sling:OsgiConfig",
+
+ "name": "impersonate-publish-reverse",
+
+ "requestAuthorizationStrategy.target" : "(name=privilegeRead)",
+
+ "packageBuilder.target": "(name=vlt)",
+
+ "transportSecretProvider.target" : "(name=publishAdmin)",
+
+ "packageExporter.endpoints": [
+ "http://localhost:4503/libs/sling/distribution/services/exporters/impersonate-reverse"
+ ],
+
+ "triggers.target": "(name=impersonate-publish-reverse-scheduled)"
+}
\ No newline at end of file
diff --git a/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.author/impersonate-publish-reverse/org.apache.sling.distribution.trigger.impl.ScheduledDistributionTriggerFactory-impersonate-publish-reverse-scheduled.json b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.author/impersonate-publish-reverse/org.apache.sling.distribution.trigger.impl.ScheduledDistributionTriggerFactory-impersonate-publish-reverse-scheduled.json
new file mode 100644
index 0000000..042b021
--- /dev/null
+++ b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.author/impersonate-publish-reverse/org.apache.sling.distribution.trigger.impl.ScheduledDistributionTriggerFactory-impersonate-publish-reverse-scheduled.json
@@ -0,0 +1,9 @@
+{
+ "jcr:primaryType": "sling:OsgiConfig",
+
+ "name": "impersonate-publish-reverse-scheduled",
+ "action": "pull",
+ "seconds": "30",
+
+ "serviceName" : "distributionService"
+}
\ No newline at end of file
diff --git a/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.author/impersonate-publish/org.apache.sling.distribution.agent.impl.ForwardDistributionAgentFactory-impersonate-publish.json b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.author/impersonate-publish/org.apache.sling.distribution.agent.impl.ForwardDistributionAgentFactory-impersonate-publish.json
new file mode 100644
index 0000000..cd4201f
--- /dev/null
+++ b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.author/impersonate-publish/org.apache.sling.distribution.agent.impl.ForwardDistributionAgentFactory-impersonate-publish.json
@@ -0,0 +1,13 @@
+{
+ "jcr:primaryType": "sling:OsgiConfig",
+
+ "name": "impersonate-publish",
+
+ "packageBuilder.target": "(name=vlt)",
+
+ "transportSecretProvider.target" : "(name=publishAdmin)",
+
+ "packageImporter.endpoints": [
+ "http://localhost:4503/libs/sling/distribution/services/importers/default"
+ ]
+}
\ No newline at end of file
diff --git a/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/impersonate-reverse/org.apache.sling.distribution.agent.impl.QueueDistributionAgentFactory-impersonate-reverse.json b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/impersonate-reverse/org.apache.sling.distribution.agent.impl.QueueDistributionAgentFactory-impersonate-reverse.json
new file mode 100644
index 0000000..07d266d
--- /dev/null
+++ b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/impersonate-reverse/org.apache.sling.distribution.agent.impl.QueueDistributionAgentFactory-impersonate-reverse.json
@@ -0,0 +1,13 @@
+{
+ "jcr:primaryType": "sling:OsgiConfig",
+ "name": "impersonate-reverse",
+
+ "serviceName" : "distributionService",
+
+ "requestAuthorizationStrategy.target" : "(name=privilegeRead)",
+
+ "packageBuilder.target" : "(name=vlt)",
+
+ "triggers.target": "(name=reverse-userGeneratedContent)"
+
+}
\ No newline at end of file
diff --git a/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/impersonate-reverse/org.apache.sling.distribution.packaging.impl.exporter.AgentDistributionPackageExporterFactory-impersonate-reverse.json b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/impersonate-reverse/org.apache.sling.distribution.packaging.impl.exporter.AgentDistributionPackageExporterFactory-impersonate-reverse.json
new file mode 100644
index 0000000..478cc0e
--- /dev/null
+++ b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/impersonate-reverse/org.apache.sling.distribution.packaging.impl.exporter.AgentDistributionPackageExporterFactory-impersonate-reverse.json
@@ -0,0 +1,6 @@
+{
+ "jcr:primaryType": "sling:OsgiConfig",
+ "name": "impersonate-reverse",
+
+ "agent.target": "(name=impersonate-reverse)"
+}
\ No newline at end of file
diff --git a/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/org.apache.sling.distribution.packaging.impl.exporter.AgentDistributionPackageExporterFactory-reverse.json b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/reverse/org.apache.sling.distribution.packaging.impl.exporter.AgentDistributionPackageExporterFactory-reverse.json
similarity index 100%
rename from src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/org.apache.sling.distribution.packaging.impl.exporter.AgentDistributionPackageExporterFactory-reverse.json
rename to src/main/resources/SLING-CONTENT/libs/sling/distribution/install.publish/reverse/org.apache.sling.distribution.packaging.impl.exporter.AgentDistributionPackageExporterFactory-reverse.json
diff --git a/src/main/resources/SLING-CONTENT/libs/sling/distribution/install/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-distributionAgentService.json b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-distributionAgentService.json
new file mode 100644
index 0000000..b03aab2
--- /dev/null
+++ b/src/main/resources/SLING-CONTENT/libs/sling/distribution/install/org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-distributionAgentService.json
@@ -0,0 +1,5 @@
+{
+ "jcr:primaryType": "sling:OsgiConfig",
+ "user.default": "",
+ "user.mapping": "org.apache.sling.distribution.core:defaultAgentService=distribution-agent-user"
+}
diff --git a/src/main/resources/SLING-CONTENT/libs/sling/distribution/services.json b/src/main/resources/SLING-CONTENT/libs/sling/distribution/services.json
new file mode 100644
index 0000000..68baa9c
--- /dev/null
+++ b/src/main/resources/SLING-CONTENT/libs/sling/distribution/services.json
@@ -0,0 +1,3 @@
+{
+ "jcr:primaryType": "sling:Folder"
+}
\ No newline at end of file
diff --git a/src/main/resources/SLING-CONTENT/libs/sling/distribution/settings.json b/src/main/resources/SLING-CONTENT/libs/sling/distribution/settings.json
new file mode 100644
index 0000000..68baa9c
--- /dev/null
+++ b/src/main/resources/SLING-CONTENT/libs/sling/distribution/settings.json
@@ -0,0 +1,3 @@
+{
+ "jcr:primaryType": "sling:Folder"
+}
\ No newline at end of file