Switch to repoinit for user/ACL creation
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1769247 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/slingshot/README.txt b/slingshot/README.txt
index 53b811f..f9caa92 100644
--- a/slingshot/README.txt
+++ b/slingshot/README.txt
@@ -32,8 +32,8 @@
The Sling Container can be launched by running the following command in the
launchpad/builder/target directory:
java -jar org.apache.sling.launchpad-<version>-standalone.jar
-so if the current version is 7, the command should be:
- java -jar org.apache.sling.launchpad-7-standalone.jar
+so if the current version is 8, the command should be:
+ java -jar org.apache.sling.launchpad-8-standalone.jar
Deploy the Demo
diff --git a/slingshot/pom.xml b/slingshot/pom.xml
index 2e89caa..d6d470a 100644
--- a/slingshot/pom.xml
+++ b/slingshot/pom.xml
@@ -23,7 +23,7 @@
<parent>
<groupId>org.apache.sling</groupId>
<artifactId>sling</artifactId>
- <version>28</version>
+ <version>29</version>
<relativePath/>
</parent>
@@ -37,7 +37,6 @@
<properties>
<!-- If you set this to true, the scripts are mounted through the file resource provider! -->
<fileMount>false</fileMount>
- <sling.java.version>7</sling.java.version>
</properties>
<build>
@@ -72,6 +71,26 @@
</configuration>
</plugin>
<plugin>
+ <groupId>org.apache.sling</groupId>
+ <artifactId>slingstart-maven-plugin</artifactId>
+ <version>1.6.1-SNAPSHOT</version>
+ <extensions>true</extensions>
+ <executions>
+ <execution>
+ <id>attach-prov-model</id>
+ <goals>
+ <goal>attach-slingfeature</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <setFeatureVersions>true</setFeatureVersions>
+ <attach>
+ <type>jar</type>
+ </attach>
+ </configuration>
+ </plugin>
+ <plugin>
<groupId>org.apache.rat</groupId>
<artifactId>apache-rat-plugin</artifactId>
<configuration>
diff --git a/slingshot/src/main/java/org/apache/sling/sample/slingshot/impl/SetupService.java b/slingshot/src/main/java/org/apache/sling/sample/slingshot/impl/SetupService.java
index c04f9e5..7fc91d4 100644
--- a/slingshot/src/main/java/org/apache/sling/sample/slingshot/impl/SetupService.java
+++ b/slingshot/src/main/java/org/apache/sling/sample/slingshot/impl/SetupService.java
@@ -17,32 +17,20 @@
package org.apache.sling.sample.slingshot.impl;
import java.io.IOException;
-import java.security.Principal;
-import java.util.Dictionary;
import java.util.HashMap;
-import java.util.Hashtable;
import java.util.Map;
import javax.jcr.RepositoryException;
-import javax.jcr.Session;
-import javax.jcr.security.Privilege;
-import org.apache.jackrabbit.api.security.principal.PrincipalManager;
-import org.apache.jackrabbit.api.security.user.Authorizable;
-import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.sling.api.resource.LoginException;
import org.apache.sling.api.resource.ModifiableValueMap;
import org.apache.sling.api.resource.PersistenceException;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
-import org.apache.sling.jcr.base.util.AccessControlUtil;
import org.apache.sling.sample.slingshot.SlingshotConstants;
import org.apache.sling.sample.slingshot.model.User;
import org.osgi.framework.BundleContext;
-import org.osgi.framework.InvalidSyntaxException;
-import org.osgi.service.cm.Configuration;
-import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
@@ -60,9 +48,6 @@
@Reference
private ResourceResolverFactory factory;
- @Reference
- private ConfigurationAdmin configAdmin;
-
private static final String[] USERS = new String[] {"slingshot1", "slingshot2"};
private static final String[] FOLDERS = new String[] {
@@ -75,10 +60,8 @@
logger.info("Setting up SlingShot...");
ResourceResolver resolver = null;
try {
- resolver = this.factory.getAdministrativeResourceResolver(null);
- setupUsers(bc, resolver);
+ resolver = this.factory.getServiceResourceResolver(null);
setupContent(resolver);
- setupACL(resolver);
} finally {
if ( resolver != null ) {
resolver.close();
@@ -87,94 +70,6 @@
logger.info("Finished setting up SlingShot");
}
- private void setupACL(final ResourceResolver resolver) throws RepositoryException {
- final Session session = resolver.adaptTo(Session.class);
-
- // create default slingshot users
- for(final String principalId : USERS) {
- // user home
- final String resourcePath = SlingshotConstants.APP_ROOT_PATH + "/users/" + principalId;
- modifyAce(session, resourcePath, principalId, Privilege.JCR_ALL, true);
-
- // ugc path
- final String ugcPath = resourcePath + "/ugc";
- modifyAce(session, ugcPath,
- InternalConstants.SERVICE_USER_NAME, Privilege.JCR_ALL, true);
- }
- }
-
- private void modifyAce(final Session jcrSession,
- final String resourcePath,
- final String principalId,
- final String privilege,
- final boolean granted)
- throws RepositoryException {
- final PrincipalManager principalManager = AccessControlUtil.getPrincipalManager(jcrSession);
- final Principal principal = principalManager.getPrincipal(principalId);
-
- final String[] grantedPrivilegeNames;
- final String[] deniedPrivilegeNames;
- if ( granted ) {
- grantedPrivilegeNames = new String[] {privilege};
- deniedPrivilegeNames = null;
- } else {
- grantedPrivilegeNames = null;
- deniedPrivilegeNames = new String[] {privilege};
- }
-
- AccessControlUtil.replaceAccessControlEntry(jcrSession, resourcePath, principal,
- grantedPrivilegeNames,
- deniedPrivilegeNames,
- null,
- null);
- if (jcrSession.hasPendingChanges()) {
- jcrSession.save();
- }
- }
-
- private void setupUsers(final BundleContext bc, final ResourceResolver resolver) throws RepositoryException, IOException {
- final Session session = resolver.adaptTo(Session.class);
- final UserManager um = AccessControlUtil.getUserManager(session);
- for(final String userName : USERS) {
- Authorizable user = um.getAuthorizable(userName);
- if ( user == null ) {
- logger.info("Creating user {}", userName);
- um.createUser(userName, userName);
- session.save();
- }
- }
-
- // create a service user
- Authorizable user = um.getAuthorizable(InternalConstants.SERVICE_USER_NAME);
- if ( user == null ) {
- logger.info("Creating service user {}", InternalConstants.SERVICE_USER_NAME);
- um.createSystemUser(InternalConstants.SERVICE_USER_NAME, null);
- session.save();
- }
-
- // check for service user config
- boolean exists = false;
- try {
- final Configuration[] configs = this.configAdmin.listConfigurations("(&("
- + ConfigurationAdmin.SERVICE_FACTORYPID + "=org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended"
- + ")(user.mapping=" + bc.getBundle().getSymbolicName() + "*"
- + "))");
- if ( configs != null && configs.length > 0 ) {
- exists = true;
- }
- } catch (final InvalidSyntaxException e) {
- exists = false;
- }
- if ( !exists ) {
- logger.info("Creating service user mapping");
- final Configuration c = this.configAdmin.createFactoryConfiguration("org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended", null);
- final Dictionary<String, Object> dict = new Hashtable<String, Object>();
- dict.put("user.mapping", bc.getBundle().getSymbolicName() + "=" + InternalConstants.SERVICE_USER_NAME);
-
- c.update(dict);
- }
- }
-
private void setupContent(final ResourceResolver resolver) throws PersistenceException {
final Resource root = resolver.getResource(SlingshotConstants.APP_ROOT_PATH);
if ( root != null ) {
diff --git a/slingshot/src/main/provisioning/model.txt b/slingshot/src/main/provisioning/model.txt
new file mode 100644
index 0000000..7bccba8
--- /dev/null
+++ b/slingshot/src/main/provisioning/model.txt
@@ -0,0 +1,50 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+# The feature for Apache Sling - Slingshot Sample App
+#
+[feature name=slingshot]
+
+[configurations]
+ org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-sling.slingshot
+ user.mapping=[
+ "org.apache.sling.sample.slingshot\=slingshot-service"
+ ]
+
+[:repoinit]
+ create service user slingshot-service
+ create user slingshot1 with password slingshot1
+ create user slingshot2 with password slingshot2
+
+ create path (sling:Folder) /slingshot
+ create path (sling:Folder) /slingshot/users
+ create path (sling:Folder) /slingshot/users/slingshot1
+ create path (sling:Folder) /slingshot/users/slingshot2
+
+ set ACL for slingshot-service
+ allow jcr:read,rep:write on /slingshot
+ end
+
+ set ACL for slingshot1
+ allow jcr:read,rep:write on /slingshot/users/slingshot1
+ end
+
+ set ACL for slingshot2
+ allow jcr:read,rep:write on /slingshot/users/slingshot2
+ end
+
\ No newline at end of file
