SLING-5135 - use two configurable sets of whitelisted BSNs: default and additional
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1765984 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/src/main/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelistImpl.java b/src/main/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelistImpl.java
index a97304f..e7a6710 100644
--- a/src/main/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelistImpl.java
+++ b/src/main/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelistImpl.java
@@ -74,22 +74,35 @@
private Pattern whitelistRegexp;
@Property(
- label="Whitelisted BSNs",
- description="List of bundle symbolic names for which loginAdministrative() is allowed",
+ label="Default whitelisted BSNs",
+ description="Default list of bundle symbolic names for which loginAdministrative() is allowed",
value = {})
- public static final String PROP_WHITELISTED_BSN = "whitelisted.bundle.symbolic.names";
+ public static final String PROP_DEFAULT_WHITELISTED_BSN = "default.whitelisted.bundle.symbolic.names";
+
+ @Property(
+ label="Additional whitelisted BSNs",
+ description="Additional list of bundle symbolic names for which loginAdministrative() is allowed",
+ value = {})
+ public static final String PROP_ADDITIONAL_WHITELISTED_BSN = "additional.whitelisted.bundle.symbolic.names";
+
private Set<String> whitelistedBsn;
public void activate(Map<String, Object> config) {
bypassWhitelist = PropertiesUtil.toBoolean(config.get(PROP_BYPASS_WHITELIST), DEFAULT_BYPASS);
whitelistedBsn = new TreeSet<String>();
- final Object bsns = config.get(PROP_WHITELISTED_BSN);
- if(bsns == null) {
+
+ final Object defBsns = config.get(PROP_DEFAULT_WHITELISTED_BSN);
+ if(defBsns == null) {
whitelistedBsn.addAll(Arrays.asList(DefaultWhitelist.WHITELISTED_BSN));
} else {
- whitelistedBsn.addAll(Arrays.asList(PropertiesUtil.toStringArray(bsns)));
+ whitelistedBsn.addAll(Arrays.asList(PropertiesUtil.toStringArray(defBsns)));
}
+ final Object addBsns = config.get(PROP_ADDITIONAL_WHITELISTED_BSN);
+ if(addBsns != null) {
+ whitelistedBsn.addAll(Arrays.asList(PropertiesUtil.toStringArray(addBsns)));
+ }
+
final String regexp = PropertiesUtil.toString(config.get(PROP_WHITELIST_REGEXP), "");
if(regexp.trim().length() > 0) {
whitelistRegexp = Pattern.compile(regexp);
diff --git a/src/test/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelistImplTest.java b/src/test/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelistImplTest.java
index 474454a..e621be4 100644
--- a/src/test/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelistImplTest.java
+++ b/src/test/java/org/apache/sling/jcr/base/internal/LoginAdminWhitelistImplTest.java
@@ -84,11 +84,11 @@
}
@Test
- public void testConfiguredWhitelist() {
+ public void testDefaultConfigOnly() {
final String [] allowed = {
"bundle1", "bundle2"
};
- config.put(LoginAdminWhitelistImpl.PROP_WHITELISTED_BSN, allowed);
+ config.put(LoginAdminWhitelistImpl.PROP_DEFAULT_WHITELISTED_BSN, allowed);
whitelist.activate(config);
assertAdminLogin("bundle1", true);
@@ -102,11 +102,48 @@
}
@Test
+ public void testAdditionalConfigOnly() {
+ final String [] allowed = {
+ "bundle5", "bundle6"
+ };
+ config.put(LoginAdminWhitelistImpl.PROP_ADDITIONAL_WHITELISTED_BSN, allowed);
+ whitelist.activate(config);
+
+ assertAdminLogin("bundle5", true);
+ assertAdminLogin("bundle6", true);
+ assertAdminLogin("foo.1.bar", false);
+
+ for(String bsn : DefaultWhitelist.WHITELISTED_BSN) {
+ assertAdminLogin(bsn, true);
+ }
+
+ for(String bsn : randomBsn()) {
+ assertAdminLogin(bsn, false);
+ }
+ }
+
+ @Test
+ public void testDefaultAndAdditionalConfig() {
+ config.put(LoginAdminWhitelistImpl.PROP_DEFAULT_WHITELISTED_BSN, new String [] { "defB"});
+ config.put(LoginAdminWhitelistImpl.PROP_ADDITIONAL_WHITELISTED_BSN, new String [] { "addB"});
+ whitelist.activate(config);
+
+ assertAdminLogin("defB", true);
+ assertAdminLogin("addB", true);
+ assertAdminLogin("foo.1.bar", false);
+ assertAdminLogin(TYPICAL_DEFAULT_ALLOWED_BSN, false);
+
+ for(String bsn : randomBsn()) {
+ assertAdminLogin(bsn, false);
+ }
+ }
+
+ @Test
public void testRegexpWhitelist() {
final String [] allowed = {
"bundle3", "bundle4"
};
- config.put(LoginAdminWhitelistImpl.PROP_WHITELISTED_BSN, allowed);
+ config.put(LoginAdminWhitelistImpl.PROP_DEFAULT_WHITELISTED_BSN, allowed);
config.put(LoginAdminWhitelistImpl.PROP_WHITELIST_REGEXP, "foo.*bar");
whitelist.activate(config);
