sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From my...@apache.org
Subject svn commit: r1578141 [1/2] - in /sling/trunk: ./ bundles/resourceaccesssecurity/ bundles/resourceaccesssecurity/core/ bundles/resourceaccesssecurity/core/src/ bundles/resourceaccesssecurity/core/src/main/ bundles/resourceaccesssecurity/core/src/main/ja...
Date Sun, 16 Mar 2014 19:17:42 GMT
Author: mykee
Date: Sun Mar 16 19:17:41 2014
New Revision: 1578141

URL: http://svn.apache.org/r1578141
Log:
SLING-3435 - ResourceAccessSecurity does not secure access for update operations

Added:
    sling/trunk/bundles/resourceaccesssecurity/core/
    sling/trunk/bundles/resourceaccesssecurity/core/README.txt
    sling/trunk/bundles/resourceaccesssecurity/core/pom.xml
    sling/trunk/bundles/resourceaccesssecurity/core/src/
    sling/trunk/bundles/resourceaccesssecurity/core/src/main/
    sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/
    sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/
    sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/
    sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/
    sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/
    sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
    sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
    sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/
    sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java
    sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
    sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java
    sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ReadOnlyValueMapWrapper.java
    sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
    sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
    sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/package-info.java
    sling/trunk/bundles/resourceaccesssecurity/core/src/test/
    sling/trunk/bundles/resourceaccesssecurity/core/src/test/java/
    sling/trunk/bundles/resourceaccesssecurity/core/src/test/java/org/
    sling/trunk/bundles/resourceaccesssecurity/core/src/test/java/org/apache/
    sling/trunk/bundles/resourceaccesssecurity/core/src/test/java/org/apache/sling/
    sling/trunk/bundles/resourceaccesssecurity/core/src/test/java/org/apache/sling/resourceaccesssecurity/
    sling/trunk/bundles/resourceaccesssecurity/core/src/test/java/org/apache/sling/resourceaccesssecurity/impl/
    sling/trunk/bundles/resourceaccesssecurity/core/src/test/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImplTests.java
    sling/trunk/bundles/resourceaccesssecurity/it/
    sling/trunk/bundles/resourceaccesssecurity/it/pom.xml
    sling/trunk/bundles/resourceaccesssecurity/it/src/
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/Init.java
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/gates/
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/gates/AResourceAccessGate.java
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/gates/ApplicationGate1.java
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/gates/ApplicationGate2.java
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/gates/FinalApplicationGate1.java
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/gates/FinalApplicationGate2.java
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/gates/FinalProviderGate1.java
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/gates/FinalProviderGate2.java
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/gates/ProviderGate1.java
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/gates/ProviderGate2.java
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/providers/
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/providers/SimpleModifiableResourceProvider.java
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/providers/SimpleResourceProvider.java
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/providers/secured/
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/providers/secured/SecuredReadAndUpdateResourceProvider.java
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/providers/secured/SecuredReadResourceProvider.java
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/providers/unsecured/
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/providers/unsecured/UnsecuredReadAndUpdateProvider.java
    sling/trunk/bundles/resourceaccesssecurity/it/src/main/java/org/apache/sling/resourceaccesssecurity/it/impl/providers/unsecured/UnsecuredReadProvider.java
    sling/trunk/bundles/resourceaccesssecurity/it/src/test/
    sling/trunk/bundles/resourceaccesssecurity/it/src/test/java/
    sling/trunk/bundles/resourceaccesssecurity/it/src/test/java/org/
    sling/trunk/bundles/resourceaccesssecurity/it/src/test/java/org/apache/
    sling/trunk/bundles/resourceaccesssecurity/it/src/test/java/org/apache/sling/
    sling/trunk/bundles/resourceaccesssecurity/it/src/test/java/org/apache/sling/resourceaccesssecurity/
    sling/trunk/bundles/resourceaccesssecurity/it/src/test/java/org/apache/sling/resourceaccesssecurity/it/
    sling/trunk/bundles/resourceaccesssecurity/it/src/test/java/org/apache/sling/resourceaccesssecurity/it/ResourceAccessSecurityTestBase.java
    sling/trunk/bundles/resourceaccesssecurity/it/src/test/java/org/apache/sling/resourceaccesssecurity/it/SecuredProviderResourceAccessSecurityTest.java
    sling/trunk/bundles/resourceaccesssecurity/it/src/test/java/org/apache/sling/resourceaccesssecurity/it/UnsecuredProviderResourceAccessSecurityTest.java
Removed:
    sling/trunk/bundles/resourceaccesssecurity/README.txt
    sling/trunk/bundles/resourceaccesssecurity/pom.xml
    sling/trunk/bundles/resourceaccesssecurity/src/
Modified:
    sling/trunk/pom.xml

Added: sling/trunk/bundles/resourceaccesssecurity/core/README.txt
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core/README.txt?rev=1578141&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/core/README.txt (added)
+++ sling/trunk/bundles/resourceaccesssecurity/core/README.txt Sun Mar 16 19:17:41 2014
@@ -0,0 +1,27 @@
+Apache Sling Resource Access Security
+
+This bundle provides in implementation of the ResourceAccessSecurity
+
+Getting Started
+===============
+
+This component uses a Maven 3 (http://maven.apache.org/) build
+environment. It requires a Java 5 JDK (or higher) and Maven (http://maven.apache.org/)
+3.0.3 or later. We recommend to use the latest Maven version.
+
+If you have Maven 3 installed, you can compile and
+package the jar using the following command:
+
+    mvn package
+
+See the Maven 3 documentation for other build features.
+
+The latest source code for this component is available in the
+Subversion (http://subversion.apache.org/) source repository of
+the Apache Software Foundation. If you have Subversion installed,
+you can checkout the latest source using the following command:
+
+    svn checkout http://svn.apache.org/repos/asf/sling/trunk/resourceresolver/core
+
+See the Subversion documentation for other source control features.
+

Added: sling/trunk/bundles/resourceaccesssecurity/core/pom.xml
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core/pom.xml?rev=1578141&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/core/pom.xml (added)
+++ sling/trunk/bundles/resourceaccesssecurity/core/pom.xml Sun Mar 16 19:17:41 2014
@@ -0,0 +1,141 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.sling</groupId>
+        <artifactId>sling</artifactId>
+        <version>18</version>
+        <relativePath>../../../parent/pom.xml</relativePath>
+    </parent>
+
+    <artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+    <packaging>bundle</packaging>
+
+    <name>Apache Sling Resource Access Security</name>
+    <description>
+        This bundle provides in implementation of the ResourceAccessSecurity service
+    </description>
+
+    <scm>
+        <connection>
+            scm:svn:http://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
+        </connection>
+        <developerConnection>
+            scm:svn:https://svn.apache.org/repos/asf/sling/trunk/bundles/resourceaccesssecurity/core
+        </developerConnection>
+        <url>
+            http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core
+        </url>
+    </scm>
+
+    <properties>
+        <site.javadoc.exclude>**.internal.**</site.javadoc.exclude>
+        <sling.java.version>6</sling.java.version>
+    </properties>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-scr-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.sling</groupId>
+                <artifactId>maven-sling-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>generate-adapter-metadata</id>
+                        <phase>process-classes</phase>
+                        <goals>
+                            <goal>generate-adapter-metadata</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-bundle-plugin</artifactId>
+                <extensions>true</extensions>
+                <configuration>
+                    <instructions>
+                    </instructions>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+    
+    <dependencies>
+        <dependency>
+            <groupId>javax.jcr</groupId>
+            <artifactId>jcr</artifactId>
+            <version>2.0</version>
+        </dependency>
+        <dependency>
+            <groupId>org.osgi</groupId>
+            <artifactId>org.osgi.core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.osgi</groupId>
+            <artifactId>org.osgi.compendium</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.api</artifactId>
+            <version>2.5.0</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.commons.osgi</artifactId>
+            <version>2.2.0</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+           <groupId>commons-collections</groupId>
+           <artifactId>commons-collections</artifactId>
+           <version>3.2.1</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>adapter-annotations</artifactId>
+            <version>1.0.0</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- Testing -->
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-core</artifactId>
+            <version>1.9.5</version>
+            <scope>test</scope>
+        </dependency>
+     </dependencies>
+</project>

Added: sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java?rev=1578141&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java (added)
+++ sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/AllowingResourceAccessGate.java Sun Mar 16 19:17:41 2014
@@ -0,0 +1,129 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity;
+
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ResourceResolver;
+import org.apache.sling.api.security.AccessSecurityException;
+
+/**
+ * This abstract implementation of the <code>ResourceAccessGate</code> can be
+ * used to implement own resource access gates.
+ * This implementation simply allows operations, restricting implementations
+ * just need to overwrite the operations they want to restrict.
+ */
+public abstract class AllowingResourceAccessGate implements ResourceAccessGate {
+
+    @Override
+    public GateResult canRead(final Resource resource) {
+        return GateResult.DONTCARE;
+    }
+
+    @Override
+    public GateResult canCreate(final String absPathName,
+            final ResourceResolver resourceResolver) {
+        return GateResult.DONTCARE;
+    }
+
+    @Override
+    public GateResult canUpdate(final Resource resource) {
+        return GateResult.DONTCARE;
+    }
+
+    @Override
+    public GateResult canDelete(final Resource resource) {
+        return GateResult.DONTCARE;
+    }
+
+    @Override
+    public GateResult canExecute(final Resource resource) {
+        return GateResult.DONTCARE;
+    }
+
+    @Override
+    public GateResult canReadValue(final Resource resource, final String valueName) {
+        return GateResult.DONTCARE;
+    }
+
+    @Override
+    public GateResult canCreateValue(final Resource resource, final String valueName) {
+        return GateResult.DONTCARE;
+    }
+
+    @Override
+    public GateResult canUpdateValue(final Resource resource, final String valueName) {
+        return GateResult.DONTCARE;
+    }
+
+    @Override
+    public GateResult canDeleteValue(final Resource resource, final String valueName) {
+        return GateResult.DONTCARE;
+    }
+
+    @Override
+    public String transformQuery(final String query, final String language,
+            final ResourceResolver resourceResolver) throws AccessSecurityException {
+        return query;
+    }
+
+    @Override
+    public boolean hasReadRestrictions(final ResourceResolver resourceResolver) {
+        return false;
+    }
+
+    @Override
+    public boolean hasCreateRestrictions(final ResourceResolver resourceResolver) {
+        return false;
+    }
+
+    @Override
+    public boolean hasUpdateRestrictions(final ResourceResolver resourceResolver) {
+        return false;
+    }
+
+    @Override
+    public boolean hasDeleteRestrictions(final ResourceResolver resourceResolver) {
+        return false;
+    }
+
+    @Override
+    public boolean hasExecuteRestrictions(final ResourceResolver resourceResolver) {
+        return false;
+    }
+
+    @Override
+    public boolean canReadAllValues(final Resource resource) {
+        return true;
+    }
+
+    @Override
+    public boolean canCreateAllValues(final Resource resource) {
+        return true;
+    }
+
+    @Override
+    public boolean canUpdateAllValues(final Resource resource) {
+        return true;
+    }
+
+    @Override
+    public boolean canDeleteAllValues(final Resource resource) {
+        return true;
+    }
+}

Added: sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java?rev=1578141&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java (added)
+++ sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/ResourceAccessGate.java Sun Mar 16 19:17:41 2014
@@ -0,0 +1,215 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity;
+
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ResourceResolver;
+import org.apache.sling.api.security.AccessSecurityException;
+
+import aQute.bnd.annotation.ConsumerType;
+
+/**
+ * The <code>ResourceAccessGate</code> defines a service API which might be used
+ * to make some restrictions to accessing resources.
+ *
+ * Implementations of this service interface must be registered like
+ * ResourceProvider with a path (like provider.roots). If different
+ * ResourceAccessGateService services match a path, not only the
+ * ResourceAccessGateService with the longest path will be called, but all of
+ * them, that's in contrast to the ResourceProvider, but in this case more
+ * logical (and secure!). The gates will be called in the order of the
+ * service ranking.
+ * If one of the gates grants access for a given operation access will be granted.
+ *
+ * service properties:
+ * <ul>
+ * <li><b>path</b>: regexp to define on which paths the service should be called
+ * (default .*)</li>
+ * <li><b>operations</b>: set of operations on which the service should be
+ * called ("read,create,update,delete,execute", default all of them)</li>
+ * <li><b>finaloperations</b>: set of operations on which the service answer is
+ * final and no further service should be called (default none of them), except
+ * the GateResult is {@link GateResult.DONTCARE}</li>
+ * </ul>
+ *
+ * The resource access gate can either have the context {@link #PROVIDER_CONTEXT},
+ * in this case the gate is only applied to resource providers requesting the
+ * security checks. Or the context can be {@link #APPLICATION_CONTEXT}. In this
+ * case the access gate is invoked for the whole resource tree.
+ * This is indicated by the required service property {@link #CONTEXT}. If the
+ * property is missing or invalid, the service is ignored.
+ */
+@ConsumerType
+public interface ResourceAccessGate {
+
+    /**
+     * The service name to use when registering implementations of this
+     * interface as services (value is
+     * "org.apache.sling.api.resource.ResourceAccessGate").
+     */
+    String SERVICE_NAME = ResourceAccessGate.class.getName();
+
+    /**
+     * The name of the service registration property containing the context
+     * of this service. Allowed values are {@link #APPLICATION_CONTEXT} and
+     * {@link #PROVIDER_CONTEXT}.
+     * This property is required and has no default value.
+     * (value is "access.context")
+     */
+    String CONTEXT = "access.context";
+
+    /**
+     * Allowed value for the {@link #CONTEXT} service registration property.
+     * Services marked with this context are applied to all resources.
+     */
+    String APPLICATION_CONTEXT = "application";
+
+    /**
+     * Allowed value for the {@link #CONTEXT} service registration property.
+     * Services marked with this context are only applied to resource
+     * providers which indicate the additional checks with the
+     * {@link org.apache.sling.api.resource.ResourceProvider#USE_RESOURCE_ACCESS_SECURITY}
+     * property.
+     */
+    String PROVIDER_CONTEXT = "provider";
+
+    /**
+     * The name of the service registration property containing the path as a
+     * regular expression for which the service should be called (value is
+     * "path").
+     */
+    String PATH = "path";
+
+    /**
+     * The name of the service registration property containing the operations
+     * for which the service should be called, defaults to all the operations
+     * (value is "operations").
+     */
+    String OPERATIONS = "operations";
+
+    /**
+     * The name of the service registration property containing the operations
+     * for which the service should be called and no further service should be
+     * called after this, except the services returns DONTCARE as result,
+     * default is empty (non of them are final) (value is "finaloperations").
+     */
+    String FINALOPERATIONS = "finaloperations";
+
+    /**
+     * <code>GateResult</code> defines 3 possible states which can be returned
+     * by the different canXXX methods of this interface.
+     * <ul>
+     * <li>GRANTED: means no restrictions</li>
+     * <li>DENIED: means no permission for the requested action</li>
+     * <li>DONTCARE: means that the implementation of the service has no
+     * information or can't decide and therefore neither can't grant or deny
+     * access</li>
+     * </ul>
+     */
+    public enum GateResult {
+        GRANTED, DENIED, DONTCARE
+    };
+
+    public enum Operation {
+        READ("read"), CREATE("create"), UPDATE("update"), DELETE("delete"), EXECUTE(
+                "execute");
+
+        private String text;
+
+        Operation(String text) {
+            this.text = text;
+        }
+
+        public static Operation fromString(String opAsString) {
+            Operation returnValue = null;
+
+            for (Operation op : Operation.values()) {
+                if (opAsString.equals(op.getText())) {
+                    returnValue = op;
+                    break;
+                }
+            }
+
+            return returnValue;
+        }
+
+        public String getText() {
+            return this.text;
+        }
+    }
+
+    public GateResult canRead(Resource resource);
+
+    public GateResult canCreate(String absPathName,
+            ResourceResolver resourceResolver);
+
+    public GateResult canUpdate(Resource resource);
+
+    public GateResult canDelete(Resource resource);
+
+    public GateResult canExecute(Resource resource);
+
+    public GateResult canReadValue(Resource resource, String valueName);
+
+    public GateResult canCreateValue(Resource resource, String valueName);
+
+    public GateResult canUpdateValue(Resource resource, String valueName);
+
+    public GateResult canDeleteValue(Resource resource, String valueName);
+
+    /**
+     * Allows to transform the query based on the current user's credentials.
+     * Can be used to narrow down queries to omit results that the current user
+     * is not allowed to see anyway, speeding up downstream access control.
+     *
+     * Query transformations are not critical with respect to access control as
+     * results are checked using the canRead.. methods anyway.
+     *
+     * @param query
+     *            the query
+     * @param language
+     *            the language in which the query is expressed
+     * @param resourceResolver
+     *            the resource resolver which resolves the query
+     * @return the transformed query
+     * @throws AccessSecurityException
+     */
+    public String transformQuery(String query, String language,
+            ResourceResolver resourceResolver) throws AccessSecurityException;
+
+    /* for convenience (and performance) */
+    public boolean hasReadRestrictions(ResourceResolver resourceResolver);
+
+    public boolean hasCreateRestrictions(ResourceResolver resourceResolver);
+
+    public boolean hasUpdateRestrictions(ResourceResolver resourceResolver);
+
+    public boolean hasDeleteRestrictions(ResourceResolver resourceResolver);
+
+    public boolean hasExecuteRestrictions(ResourceResolver resourceResolver);
+
+    public boolean canReadAllValues(Resource resource);
+
+    public boolean canCreateAllValues(Resource resource);
+
+    public boolean canUpdateAllValues(Resource resource);
+
+    public boolean canDeleteAllValues(Resource resource);
+
+}

Added: sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java?rev=1578141&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java (added)
+++ sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/AccessGateResourceWrapper.java Sun Mar 16 19:17:41 2014
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import java.util.List;
+import java.util.Map;
+
+import org.apache.sling.api.resource.ModifiableValueMap;
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ResourceWrapper;
+import org.apache.sling.api.resource.ValueMap;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+
+/**
+ * The <code>AccessGateResourceWrapper</code> wraps a <code>Resource</code> and
+ * intercepts calls to adaptTo to wrap the adapted <code>ValueMap</code> or
+ * also a <code>ModifiableValueMap</code> to enforce access rules defined
+ * by implementations of <code>ResourceAccessGate</code>
+ *
+ */
+public class AccessGateResourceWrapper extends ResourceWrapper {
+
+    private final List<ResourceAccessGate> accessGatesForReadValues;
+    private final boolean modifiable;
+
+    /**
+     * Creates a new wrapper instance delegating all method calls to the given
+     * <code>resource</code>, but intercepts the calls with checks to the
+     * applied ResourceAccessGate instances for read and/or update values.
+     * 
+     * @param resource resource to protect
+     * @param accessGatesForReadForValues list of access gates to ask when reading values. If 
+     *      the list is <code>null</code> or empty there are no read restrictions
+     * @param modifiable if <code>true</code> the resource can be updated
+     */
+    public AccessGateResourceWrapper(final Resource resource,
+                                     final List<ResourceAccessGate> accessGatesForReadForValues,
+                                     final boolean modifiable ) {
+        super( resource );
+        this.accessGatesForReadValues = accessGatesForReadForValues;
+        this.modifiable = modifiable;
+    }
+
+    /**
+     * Returns the value of calling <code>adaptTo</code> on the
+     * {@link #getResource() wrapped resource}.
+     */
+    @SuppressWarnings("unchecked")
+    @Override
+    public <AdapterType> AdapterType adaptTo(Class<AdapterType> type) {
+        // we do not support the deprecated PersistableValueMap
+        AdapterType adapter = getResource().adaptTo(type);
+
+        if (adapter != null && !modifiable) {
+            if (type == ModifiableValueMap.class) {
+                adapter = null;
+            }
+            else if (type == Map.class || type == ValueMap.class) {
+                // protect also against accidental modifications when changes are done in an adapted map
+                adapter = (AdapterType) new ReadOnlyValueMapWrapper((Map) adapter);
+            }
+        }
+
+
+        return adapter;
+
+
+    }
+
+
+}

Added: sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java?rev=1578141&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java (added)
+++ sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ApplicationResourceAccessSecurityImpl.java Sun Mar 16 19:17:41 2014
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Property;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.ReferenceCardinality;
+import org.apache.felix.scr.annotations.ReferencePolicy;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.sling.api.security.ResourceAccessSecurity;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+
+@Component
+@Service(value=ResourceAccessSecurity.class)
+@Property(name=ResourceAccessSecurity.CONTEXT, value=ResourceAccessSecurity.APPLICATION_CONTEXT)
+@Reference(name="ResourceAccessGate", referenceInterface=ResourceAccessGate.class,
+           cardinality=ReferenceCardinality.MANDATORY_MULTIPLE,
+           policy=ReferencePolicy.DYNAMIC,
+           target="(" + ResourceAccessGate.CONTEXT + "=" + ResourceAccessGate.APPLICATION_CONTEXT + ")")
+public class ApplicationResourceAccessSecurityImpl extends ResourceAccessSecurityImpl {
+
+    public ApplicationResourceAccessSecurityImpl() {
+        super(true);
+    }
+}

Added: sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java?rev=1578141&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java (added)
+++ sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ProviderResourceAccessSecurityImpl.java Sun Mar 16 19:17:41 2014
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Property;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.ReferenceCardinality;
+import org.apache.felix.scr.annotations.ReferencePolicy;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.sling.api.security.ResourceAccessSecurity;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+
+@Component
+@Service(value=ResourceAccessSecurity.class)
+@Property(name=ResourceAccessSecurity.CONTEXT, value=ResourceAccessSecurity.PROVIDER_CONTEXT)
+@Reference(name="ResourceAccessGate", referenceInterface=ResourceAccessGate.class,
+           cardinality=ReferenceCardinality.MANDATORY_MULTIPLE,
+           policy=ReferencePolicy.DYNAMIC,
+           target="(" + ResourceAccessGate.CONTEXT + "=" + ResourceAccessGate.PROVIDER_CONTEXT + ")")
+public class ProviderResourceAccessSecurityImpl extends ResourceAccessSecurityImpl {
+
+    public ProviderResourceAccessSecurityImpl() {
+        super(false);
+    }
+}

Added: sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ReadOnlyValueMapWrapper.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ReadOnlyValueMapWrapper.java?rev=1578141&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ReadOnlyValueMapWrapper.java (added)
+++ sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ReadOnlyValueMapWrapper.java Sun Mar 16 19:17:41 2014
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import java.util.Map;
+
+import org.apache.sling.api.resource.ValueMap;
+import org.apache.sling.api.wrappers.ValueMapDecorator;
+
+/**
+ *  Wrapper class that does protect the underlying map from modifications.
+ */
+public class ReadOnlyValueMapWrapper extends ValueMapDecorator
+        implements ValueMap {
+
+    /**
+     * Creates a new wrapper around a given map.
+     *
+     * @param base wrapped object
+     */
+    public ReadOnlyValueMapWrapper(Map<String, Object> base) {
+        super(base);
+    }
+
+    @Override
+    public Object put(String key, Object value) {
+        // TODO we probably should log this as a warning
+        return null;
+    }
+
+    @Override
+    public Object remove(Object key) {
+        // TODO we probably should log this as a warning
+        return null;
+    }
+
+    @Override
+    public void putAll(Map<? extends String, ?> t) {
+        // TODO we probably should log this as a warning
+    }
+
+    @Override
+    public void clear() {
+        // TODO we probably should log this as a warning
+    }
+}

Added: sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java?rev=1578141&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java (added)
+++ sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessGateHandler.java Sun Mar 16 19:17:41 2014
@@ -0,0 +1,122 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import java.util.HashSet;
+import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.apache.sling.commons.osgi.PropertiesUtil;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+import org.osgi.framework.ServiceReference;
+
+public class ResourceAccessGateHandler implements Comparable<ResourceAccessGateHandler> {
+
+    private final ResourceAccessGate resourceAccessGate;
+
+    private final ServiceReference reference;
+
+    private final Pattern pathPattern;
+    private final Set<ResourceAccessGate.Operation> operations = new HashSet<ResourceAccessGate.Operation>();
+    private final Set<ResourceAccessGate.Operation> finalOperations = new HashSet<ResourceAccessGate.Operation>();
+
+    /**
+     * constructor
+     */
+    public ResourceAccessGateHandler ( final ServiceReference resourceAccessGateRef ) {
+        this.reference = resourceAccessGateRef;
+
+        resourceAccessGate = (ResourceAccessGate) resourceAccessGateRef.getBundle().
+                getBundleContext().getService(resourceAccessGateRef);
+        // extract the service property "path"
+        final String path = (String) resourceAccessGateRef.getProperty(ResourceAccessGate.PATH);
+        if ( path != null ) {
+            pathPattern = Pattern.compile(path);
+        } else {
+            pathPattern = Pattern.compile(".*");
+        }
+
+        // extract the service property "operations"
+        final String ops = PropertiesUtil.toString( resourceAccessGateRef.getProperty(ResourceAccessGate.OPERATIONS), null );
+        if ( ops != null && ops.length() > 0 ) {
+            final String[] opsArray = ops.split( "," );
+            for (final String opAsString : opsArray) {
+                final ResourceAccessGate.Operation operation = ResourceAccessGate.Operation.fromString(opAsString);
+                if ( operation != null ) {
+                    operations.add(operation);
+                }
+            }
+        } else {
+           for (final ResourceAccessGate.Operation op : ResourceAccessGate.Operation.values() ) {
+               operations.add(op);
+           }
+        }
+
+        // extract the service property "finaloperations"
+        final String finalOps = PropertiesUtil.toString(resourceAccessGateRef.getProperty(ResourceAccessGate.FINALOPERATIONS), null );
+        if ( finalOps != null && finalOps.length() > 0 ) {
+            final String[] finOpsArray = finalOps.split( "," );
+            for (final String opAsString : finOpsArray) {
+                final ResourceAccessGate.Operation operation = ResourceAccessGate.Operation.fromString(opAsString);
+                if ( operation != null ) {
+                    finalOperations.add(operation);
+                }
+            }
+        }
+
+    }
+
+    public boolean matches ( final String path, final ResourceAccessGate.Operation operation ) {
+        boolean returnValue = false;
+
+        if ( operations.contains( operation ) ) {
+            final Matcher match = pathPattern.matcher(path);
+            returnValue = match.matches();
+        }
+
+        return returnValue;
+    }
+
+    public boolean isFinalOperation( final ResourceAccessGate.Operation operation ) {
+        return finalOperations.contains(operation);
+    }
+
+    public ResourceAccessGate getResourceAccessGate () {
+        return resourceAccessGate;
+    }
+
+    @Override
+    public int compareTo(final ResourceAccessGateHandler o) {
+        return this.reference.compareTo(o.reference);
+    }
+
+    @Override
+    public boolean equals(final Object obj) {
+        if ( obj instanceof ResourceAccessGateHandler ) {
+            return ((ResourceAccessGateHandler)obj).reference.equals(this.reference);
+        }
+        return false;
+    }
+
+    @Override
+    public int hashCode() {
+        return this.reference.hashCode();
+    }
+}

Added: sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java?rev=1578141&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java (added)
+++ sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImpl.java Sun Mar 16 19:17:41 2014
@@ -0,0 +1,347 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.List;
+import java.util.NoSuchElementException;
+
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ResourceResolver;
+import org.apache.sling.api.security.AccessSecurityException;
+import org.apache.sling.api.security.ResourceAccessSecurity;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate.GateResult;
+import org.osgi.framework.ServiceReference;
+
+public abstract class ResourceAccessSecurityImpl implements ResourceAccessSecurity {
+
+    private List<ResourceAccessGateHandler> allHandlers = Collections.emptyList();
+
+    private final boolean defaultAllow;
+
+    public ResourceAccessSecurityImpl(final boolean defaultAllow) {
+        this.defaultAllow = defaultAllow;
+    }
+
+    /**
+     * This method returns either an iterator delivering the matching handlers
+     * or <code>null</code>.
+     */
+    private Iterator<ResourceAccessGateHandler> getMatchingResourceAccessGateHandlerIterator(
+            final String path, final ResourceAccessGate.Operation operation) {
+        //
+        // TODO: maybe caching some frequent paths with read operation would be
+        // a good idea
+        //
+        final List<ResourceAccessGateHandler> handlers = allHandlers;
+        if (handlers.size() > 0) {
+
+            final Iterator<ResourceAccessGateHandler> iter = handlers.iterator();
+            return new Iterator<ResourceAccessGateHandler>() {
+
+                private ResourceAccessGateHandler next;
+
+                {
+                    peek();
+                }
+
+                private void peek() {
+                    this.next = null;
+                    while ( iter.hasNext() && next == null ) {
+                        final ResourceAccessGateHandler handler = iter.next();
+                        if (handler.matches(path, operation)) {
+                            next = handler;
+                        }
+                    }
+                }
+
+                @Override
+                public boolean hasNext() {
+                    return next != null;
+                }
+
+                @Override
+                public ResourceAccessGateHandler next() {
+                    if ( next == null ) {
+                        throw new NoSuchElementException();
+                    }
+                    final ResourceAccessGateHandler handler = this.next;
+                    peek();
+                    return handler;
+                }
+
+                @Override
+                public void remove() {
+                    throw new UnsupportedOperationException();
+                }
+            };
+        }
+
+        return null;
+    }
+
+    @Override
+    public Resource getReadableResource(final Resource resource) {
+        Resource returnValue = (this.defaultAllow ? resource : null);
+
+        final Iterator<ResourceAccessGateHandler> accessGateHandlers = getMatchingResourceAccessGateHandlerIterator(
+                resource.getPath(), ResourceAccessGate.Operation.READ);
+
+        GateResult finalGateResult = null;
+        List<ResourceAccessGate> accessGatesForReadValues = null;
+        boolean canReadAllValues = false;
+
+
+        if ( accessGateHandlers != null ) {
+
+            while ( accessGateHandlers.hasNext() ) {
+                final ResourceAccessGateHandler resourceAccessGateHandler  = accessGateHandlers.next();
+
+                final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canRead(resource);
+                if (!canReadAllValues && gateResult == GateResult.GRANTED) {
+                    if (resourceAccessGateHandler.getResourceAccessGate().canReadAllValues(resource)) {
+                        canReadAllValues = true;
+                        accessGatesForReadValues = null;
+                    } else {
+                        if (accessGatesForReadValues == null) {
+                            accessGatesForReadValues = new ArrayList<ResourceAccessGate>();
+                        }
+                        accessGatesForReadValues.add(resourceAccessGateHandler.getResourceAccessGate());
+                    }
+                }
+                if (finalGateResult == null) {
+                    finalGateResult = gateResult;
+                } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+                    finalGateResult = gateResult;
+                }
+                // stop checking if the operation is final and the result not GateResult.DONTCARE
+                if (gateResult != GateResult.DONTCARE  && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.READ)) {
+                    break;
+                }
+            }
+
+
+            // return null if access is denied or no ResourceAccessGate is present
+            if (finalGateResult == null || finalGateResult == GateResult.DENIED) {
+                returnValue = null;
+            } else if (finalGateResult == GateResult.DONTCARE) {
+                returnValue = (this.defaultAllow ? resource : null);
+            } else if (finalGateResult == GateResult.GRANTED ) {
+                returnValue = resource;
+            }
+        }
+
+        boolean canUpdateResource = canUpdate(resource);
+
+        // wrap Resource if read access is not or partly (values) not granted
+        if (returnValue != null) {
+            if( !canReadAllValues || !canUpdateResource ) {
+                returnValue = new AccessGateResourceWrapper(returnValue,
+                        accessGatesForReadValues,
+                        canUpdateResource);
+            }
+        }
+
+        return returnValue;
+    }
+
+    @Override
+    public boolean canCreate(final String path,
+            final ResourceResolver resolver) {
+        final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
+                path, ResourceAccessGate.Operation.CREATE);
+        boolean result = this.defaultAllow;
+        if ( handlers != null ) {
+            GateResult finalGateResult = null;
+
+            while ( handlers.hasNext() ) {
+                final ResourceAccessGateHandler resourceAccessGateHandler  = handlers.next();
+
+                final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canCreate(path, resolver);
+                if (finalGateResult == null) {
+                    finalGateResult = gateResult;
+                } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+                    finalGateResult = gateResult;
+                }
+                if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE && 
+                        resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.CREATE)) {
+                    break;
+                }
+            }
+
+            if ( finalGateResult == GateResult.GRANTED ) {
+                result = true;
+            } else if ( finalGateResult == GateResult.DENIED ) {
+                result = false;
+            }
+        }
+        return result;
+    }
+
+    @Override
+    public boolean canUpdate(final Resource resource) {
+        final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
+                resource.getPath(), ResourceAccessGate.Operation.UPDATE);
+        boolean result = this.defaultAllow;
+        if ( handlers != null ) {
+            GateResult finalGateResult = null;
+
+            while ( handlers.hasNext() ) {
+                final ResourceAccessGateHandler resourceAccessGateHandler  = handlers.next();
+
+                final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canUpdate(resource);
+                if (finalGateResult == null) {
+                    finalGateResult = gateResult;
+                } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+                    finalGateResult = gateResult;
+                }
+                if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE && 
+                        resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.UPDATE)) {
+                    break;
+                }
+            }
+
+            if ( finalGateResult == GateResult.GRANTED ) {
+                result = true;
+            } else if ( finalGateResult == GateResult.DENIED ) {
+                result = false;
+            }
+        }
+        return result;
+    }
+
+    @Override
+    public boolean canDelete(final Resource resource) {
+        final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
+                resource.getPath(), ResourceAccessGate.Operation.DELETE);
+        boolean result = this.defaultAllow;
+        if ( handlers != null ) {
+            GateResult finalGateResult = null;
+
+            while ( handlers.hasNext() ) {
+                final ResourceAccessGateHandler resourceAccessGateHandler  = handlers.next();
+
+                final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canDelete(resource);
+                if (finalGateResult == null) {
+                    finalGateResult = gateResult;
+                } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+                    finalGateResult = gateResult;
+                }
+                if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE && 
+                        resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.DELETE)) {
+                    break;
+                }
+            }
+
+            if ( finalGateResult == GateResult.GRANTED ) {
+                result = true;
+            } else if ( finalGateResult == GateResult.DENIED ) {
+                result = false;
+            }
+        }
+        return result;
+    }
+
+    @Override
+    public boolean canExecute(final Resource resource) {
+        final Iterator<ResourceAccessGateHandler> handlers = getMatchingResourceAccessGateHandlerIterator(
+                resource.getPath(), ResourceAccessGate.Operation.EXECUTE);
+        boolean result = this.defaultAllow;
+        if ( handlers != null ) {
+            GateResult finalGateResult = null;
+
+            while ( handlers.hasNext() ) {
+                final ResourceAccessGateHandler resourceAccessGateHandler  = handlers.next();
+
+                final GateResult gateResult = resourceAccessGateHandler.getResourceAccessGate().canExecute(resource);
+                if (finalGateResult == null) {
+                    finalGateResult = gateResult;
+                } else if (finalGateResult != GateResult.GRANTED && gateResult != GateResult.DONTCARE) {
+                    finalGateResult = gateResult;
+                }
+                if (finalGateResult == GateResult.GRANTED || gateResult != GateResult.DONTCARE && resourceAccessGateHandler.isFinalOperation(ResourceAccessGate.Operation.EXECUTE)) {
+                    break;
+                }
+            }
+
+            if ( finalGateResult == GateResult.GRANTED ) {
+                result = true;
+            } else if ( finalGateResult == GateResult.DENIED ) {
+                result = false;
+            }
+        }
+        return result;
+    }
+
+    @Override
+    public boolean canReadValue(final Resource resource, final String valueName) {
+        // TODO Auto-generated method stub
+        return this.defaultAllow;
+    }
+
+    @Override
+    public boolean canSetValue(final Resource resource, final String valueName) {
+        // TODO Auto-generated method stub
+        return this.defaultAllow;
+    }
+
+    @Override
+    public boolean canDeleteValue(final Resource resource, final String valueName) {
+        // TODO Auto-generated method stub
+        return this.defaultAllow;
+    }
+
+    @Override
+    public String transformQuery(final String query,
+            final String language,
+            final ResourceResolver resourceResolver)
+    throws AccessSecurityException {
+        return query;
+    }
+
+    /**
+     * Add a new resource access gate
+     */
+    protected void bindResourceAccessGate(final ServiceReference ref) {
+        synchronized ( this ) {
+            final List<ResourceAccessGateHandler> newList = new ArrayList<ResourceAccessGateHandler>(this.allHandlers);
+
+            final ResourceAccessGateHandler h = new ResourceAccessGateHandler(ref);
+            newList.add(h);
+            Collections.sort(newList);
+            this.allHandlers = newList;
+        }
+    }
+
+    /**
+     * Remove a resource access gate
+     */
+    protected void unbindResourceAccessGate(final ServiceReference ref) {
+        synchronized ( this ) {
+            final List<ResourceAccessGateHandler> newList = new ArrayList<ResourceAccessGateHandler>(this.allHandlers);
+
+            final ResourceAccessGateHandler h = new ResourceAccessGateHandler(ref);
+            newList.remove(h);
+            this.allHandlers = newList;
+        }
+    }
+}

Added: sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/package-info.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/package-info.java?rev=1578141&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/package-info.java (added)
+++ sling/trunk/bundles/resourceaccesssecurity/core/src/main/java/org/apache/sling/resourceaccesssecurity/package-info.java Sun Mar 16 19:17:41 2014
@@ -0,0 +1,24 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+@Version("1.0.0")
+package org.apache.sling.resourceaccesssecurity;
+
+import aQute.bnd.annotation.Version;
+

Added: sling/trunk/bundles/resourceaccesssecurity/core/src/test/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImplTests.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/core/src/test/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImplTests.java?rev=1578141&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/core/src/test/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImplTests.java (added)
+++ sling/trunk/bundles/resourceaccesssecurity/core/src/test/java/org/apache/sling/resourceaccesssecurity/impl/ResourceAccessSecurityImplTests.java Sun Mar 16 19:17:41 2014
@@ -0,0 +1,189 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.resourceaccesssecurity.impl;
+
+
+import junit.framework.TestCase;
+import org.apache.sling.api.resource.ModifiableValueMap;
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ValueMap;
+import org.apache.sling.api.security.ResourceAccessSecurity;
+import org.apache.sling.resourceaccesssecurity.ResourceAccessGate;
+import org.junit.Before;
+import org.junit.Test;
+import org.osgi.framework.Bundle;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.ServiceReference;
+
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNull;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.verify;
+
+import static org.junit.Assert.assertTrue;
+
+public class ResourceAccessSecurityImplTests {
+
+    ServiceReference serviceReference;
+    ResourceAccessSecurity resourceAccessSecurity;
+    ResourceAccessGate resourceAccessGate;
+
+    @Before
+    public void setUp() {
+        resourceAccessSecurity = new ProviderResourceAccessSecurityImpl();
+    }
+
+
+    @Test
+    public void testCanUpdate(){
+        initMocks("/content", new String[] { "update"} );
+
+        Resource resource = mock(Resource.class);
+        when(resource.getPath()).thenReturn("/content");
+        when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+        assertTrue(resourceAccessSecurity.canUpdate(resource));
+    }
+
+    @Test
+    public void testCannotUpdate(){
+        initMocks("/content", new String[] { "update"} );
+
+        Resource resource = mock(Resource.class);
+        when(resource.getPath()).thenReturn("/content");
+        when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.DENIED);
+        assertFalse(resourceAccessSecurity.canUpdate(resource));
+    }
+
+    @Test
+    public void testCannotUpdateWrongPath(){
+        initMocks("/content", new String[] { "update"} );
+
+        Resource resource = mock(Resource.class);
+        when(resource.getPath()).thenReturn("/wrongcontent");
+        when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+        assertFalse(resourceAccessSecurity.canUpdate(resource));
+    }
+
+    @Test
+    public void testCanUpdateUsingReadableResource(){
+        // one needs to have also read rights to obtain the resource
+
+        initMocks("/content", new String[] { "read", "update"} );
+
+        Resource resource = mock(Resource.class);
+        when(resource.getPath()).thenReturn("/content");
+
+        ModifiableValueMap valueMap = mock(ModifiableValueMap.class);
+        when(resource.adaptTo(ModifiableValueMap.class)).thenReturn(valueMap);
+
+        when(resourceAccessGate.canRead(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+        when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+        Resource readableResource = resourceAccessSecurity.getReadableResource(resource);
+
+        ModifiableValueMap resultValueMap = readableResource.adaptTo(ModifiableValueMap.class);
+
+
+        resultValueMap.put("modified", "value");
+
+        verify(valueMap, times(1)).put("modified", "value");
+    }
+
+
+    @Test
+    public void testCannotUpdateUsingReadableResourceIfCannotRead(){
+        initMocks("/content", new String[] { "read", "update"} );
+
+        Resource resource = mock(Resource.class);
+        when(resource.getPath()).thenReturn("/content");
+
+        ModifiableValueMap valueMap = mock(ModifiableValueMap.class);
+        when(resource.adaptTo(ModifiableValueMap.class)).thenReturn(valueMap);
+
+        when(resourceAccessGate.canRead(resource)).thenReturn(ResourceAccessGate.GateResult.DENIED);
+        when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+        Resource readableResource = resourceAccessSecurity.getReadableResource(resource);
+
+
+        assertNull(readableResource);
+    }
+
+
+    @Test
+    public void testCannotUpdateUsingReadableResourceIfCannotUpdate(){
+        initMocks("/content", new String[] { "read", "update"} );
+
+        Resource resource = mock(Resource.class);
+        when(resource.getPath()).thenReturn("/content");
+
+        ModifiableValueMap valueMap = mock(ModifiableValueMap.class);
+        when(resource.adaptTo(ModifiableValueMap.class)).thenReturn(valueMap);
+
+        when(resourceAccessGate.canRead(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+        when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.DENIED);
+        Resource readableResource = resourceAccessSecurity.getReadableResource(resource);
+
+        ModifiableValueMap resultValueMap = readableResource.adaptTo(ModifiableValueMap.class);
+
+        assertNull(resultValueMap);
+    }
+
+
+    @Test
+    public void testCannotUpdateAccidentallyUsingReadableResourceIfCannotUpdate(){
+        initMocks("/content", new String[] { "read", "update"} );
+
+        Resource resource = mock(Resource.class);
+        when(resource.getPath()).thenReturn("/content");
+
+        ModifiableValueMap valueMap = mock(ModifiableValueMap.class);
+        when(resource.adaptTo(ModifiableValueMap.class)).thenReturn(valueMap);
+
+        when(resourceAccessGate.canRead(resource)).thenReturn(ResourceAccessGate.GateResult.GRANTED);
+        when(resourceAccessGate.canUpdate(resource)).thenReturn(ResourceAccessGate.GateResult.DENIED);
+        Resource readableResource = resourceAccessSecurity.getReadableResource(resource);
+
+        ValueMap resultValueMap = readableResource.adaptTo(ValueMap.class);
+
+        resultValueMap.put("modified", "value");
+
+        verify(valueMap, times(0)).put("modified", "value");
+    }
+
+    private void initMocks(String path, String[] operations){
+        serviceReference = mock(ServiceReference.class);
+        Bundle bundle = mock(Bundle.class);
+        BundleContext bundleContext = mock(BundleContext.class);
+        resourceAccessGate = mock(ResourceAccessGate.class);
+
+        when(serviceReference.getBundle()).thenReturn(bundle);
+        when(bundle.getBundleContext()).thenReturn(bundleContext);
+        when(bundleContext.getService(serviceReference)).thenReturn(resourceAccessGate);
+
+        when(serviceReference.getProperty(ResourceAccessGate.PATH)).thenReturn(path);
+        when(serviceReference.getProperty(ResourceAccessGate.OPERATIONS)).thenReturn(operations);
+
+        ((ProviderResourceAccessSecurityImpl) resourceAccessSecurity).bindResourceAccessGate(serviceReference);
+    }
+
+
+
+}

Added: sling/trunk/bundles/resourceaccesssecurity/it/pom.xml
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/resourceaccesssecurity/it/pom.xml?rev=1578141&view=auto
==============================================================================
--- sling/trunk/bundles/resourceaccesssecurity/it/pom.xml (added)
+++ sling/trunk/bundles/resourceaccesssecurity/it/pom.xml Sun Mar 16 19:17:41 2014
@@ -0,0 +1,359 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    
+    http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.sling</groupId>
+        <artifactId>sling</artifactId>
+        <version>18</version>
+        <relativePath>../../../parent/pom.xml</relativePath>
+    </parent>
+
+    <artifactId>org.apache.sling.resourceaccesssecurity.it</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+    <packaging>bundle</packaging>
+
+    <name>Apache Resource Access Security Integration Tests</name>
+    <description>
+        Project hat tests functionality for org.apache.sling.resourceaccesssecurity and org.apache.sling.jcr.resourcesecurity bundles.
+    </description>
+    
+    <!-- 
+        To keep the instance under test running and run individual tests
+        against it, use:
+        
+            mvn clean verify -DkeepJarRunning=true -Dhttp.port=8080
+            
+        optionally using jar.executor.vm.options to enable remote debugging,
+        and in another console:
+        
+            mvn -o verify -Dtests.to.run=**/**Test.java -Dtest.server.url=http://localhost:8080
+            
+        optionally using -Dmaven.surefire.debug to enable debugging.            
+     -->
+    <properties>
+        <!-- Set this to run the server on a specific port
+        <http.port></http.port>
+         -->
+         
+        <!-- Set this to run tests against an existing server instance -->
+        <keepJarRunning>false</keepJarRunning>
+        
+        <!-- URL of a server against which to run tests -->
+        <!-- <test.server.url>http://localhost:8080</test.server.url> -->
+        <test.server.url />
+        
+         <!-- Set this to run tests against a specific hostname, if test.server.url is not set-->
+         <test.server.hostname />
+
+        <!-- Set this to use a different username for remote execution of sling junit tests -->
+        <test.server.username />
+
+        <!-- Set this to use a different password for remote execution of sling junit tests -->
+        <test.server.password />
+        
+        <!-- Options for the VM that executes our runnable jar -->
+        <!--<jar.executor.vm.options>-Xmx512m -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 -Xnoagent -Djava.compiler=NONE</jar.executor.vm.options>  -->
+         <jar.executor.vm.options>-Xmx512m</jar.executor.vm.options> 
+        
+        <!-- Change this to use longer or shorter timeouts for testing -->
+        <sling.testing.timeout.multiplier>1.0</sling.testing.timeout.multiplier>
+        
+        <!-- Set this to run the executable jar in a specified filesystem folder -->
+        <jar.executor.work.folder />
+        
+        <!-- Options for the jar to execute. $JAREXEC_SERVER_PORT$ is replaced by the
+            selected port number -->
+        <jar.executor.jar.options>-p $JAREXEC_SERVER_PORT$</jar.executor.jar.options>
+        
+        <!-- Change this to run selected tests only -->
+        <tests.to.run>**/**Test.java</tests.to.run>
+    </properties>
+    
+    <scm>
+        <connection>scm:svn:http://svn.apache.org/repos/asf/sling/trunk/testing/samples/integration-tests</connection>
+        <developerConnection> scm:svn:https://svn.apache.org/repos/asf/sling/trunk/testing/samples/integration-tests</developerConnection>
+        <url>http://svn.apache.org/viewvc/sling/trunk/testing/samples/integration-tests</url>
+    </scm>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-scr-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.sling</groupId>
+                <artifactId>maven-sling-plugin</artifactId>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-bundle-plugin</artifactId>
+                <extensions>true</extensions>
+                <configuration>
+                    <instructions>
+                        <Bundle-SymbolicName>org.apache.sling.resourceaccesssecurity.it</Bundle-SymbolicName>
+                        <Sling-Initial-Content>SLING-CONTENT/content/test;path:=/content/test;overwrite:=true,
+                            SLING-CONTENT/libs/test;path:=/libs/test;overwrite:=true</Sling-Initial-Content>
+                        <Export-Package>
+                            org.apache.sling.resourceaccesssecurity.it
+                        </Export-Package>
+                    </instructions>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
+            </plugin>
+
+           <plugin>
+                <artifactId>maven-clean-plugin</artifactId>
+                <configuration>
+                    <filesets>
+                        <fileset>
+                            <directory>${basedir}</directory>
+                            <includes>
+                                <!-- sling folder is the workdir of the executable jar that we test -->
+                                <include>sling/**</include>
+                            </includes>
+                        </fileset>
+                    </filesets>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>copy-runnable-jar</id>
+                        <goals>
+                            <goal>copy-dependencies</goal>
+                        </goals>
+                            <phase>process-resources</phase>
+                        <configuration>
+                            <includeArtifactIds>org.apache.sling.launchpad</includeArtifactIds>
+                            <excludeTransitive>true</excludeTransitive>
+                            <overWriteReleases>false</overWriteReleases>
+                            <overWriteSnapshots>false</overWriteSnapshots>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <!-- 
+                            Consider all dependencies as candidates to be installed
+                            as additional bundles. We use system properties to define
+                            which bundles to install in which order.  
+                        -->
+                        <id>copy-additional-bundles</id>
+                        <goals>
+                            <goal>copy-dependencies</goal>
+                        </goals>
+                            <phase>process-resources</phase>
+                        <configuration>
+                            <outputDirectory>${project.build.directory}/sling/additional-bundles</outputDirectory>
+                            <excludeTransitive>true</excludeTransitive>
+                            <overWriteReleases>false</overWriteReleases>
+                            <overWriteSnapshots>false</overWriteSnapshots>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <!-- Find free ports to run our server -->
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>build-helper-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>reserve-server-port</id>
+                        <goals>
+                            <goal>reserve-network-port</goal>
+                        </goals>
+                        <phase>process-resources</phase>
+                        <configuration>
+                            <portNames>
+                                <portName>http.port</portName>
+                            </portNames>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-surefire-plugin</artifactId>
+                <configuration>
+                    <!-- We run all tests in the integration-tests phase -->
+                    <excludes>
+                        <exclude>**</exclude>
+                    </excludes>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-failsafe-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>integration-test</id>
+                        <goals>
+                            <goal>integration-test</goal>
+                        </goals>
+                    </execution>
+                    <execution>
+                        <id>verify</id>
+                        <goals>
+                            <goal>verify</goal>
+                        </goals>
+                    </execution>
+                </executions>
+                <configuration>
+                    <debugForkedProcess>${maven.surefire.debug}</debugForkedProcess>
+                    <includes>
+                        <include>${tests.to.run}</include>
+                    </includes>
+                    <systemPropertyVariables>
+                        <test.server.url>${test.server.url}</test.server.url>
+                        <test.server.hostname>${test.server.hostname}</test.server.hostname>
+                        <test.server.username>${test.server.username}</test.server.username>
+                        <test.server.password>${test.server.password}</test.server.password>
+                        <server.ready.timeout.seconds>300</server.ready.timeout.seconds>
+                        <jar.executor.server.port>${http.port}</jar.executor.server.port>
+                        <jar.executor.vm.options>${jar.executor.vm.options}</jar.executor.vm.options>
+                        <jar.executor.jar.folder>${project.basedir}/target/dependency</jar.executor.jar.folder>
+                        <jar.executor.jar.name.regexp>org.apache.sling.launchpad.*jar$</jar.executor.jar.name.regexp>
+                        <jar.executor.work.folder>${jar.executor.work.folder}</jar.executor.work.folder>
+                        <jar.executor.jar.options>${jar.executor.jar.options}</jar.executor.jar.options>
+                        <additional.bundles.path>${project.build.directory},${project.build.directory}/sling/additional-bundles</additional.bundles.path>
+                        <keepJarRunning>${keepJarRunning}</keepJarRunning>
+                        <sling.testing.timeout.multiplier>${sling.testing.timeout.multiplier}</sling.testing.timeout.multiplier>
+                        <server.ready.path.1>/:script src="system/sling.js"</server.ready.path.1>
+                        <server.ready.path.2>/.explorer.html:href="/libs/sling/explorer/css/explorer.css"</server.ready.path.2>
+                        <server.ready.path.3>/sling-test/sling/sling-test.html:Sling client library tests</server.ready.path.3>
+                        <start.bundles.timeout.seconds>30</start.bundles.timeout.seconds>
+                        <bundle.install.timeout.seconds>20</bundle.install.timeout.seconds>
+                        
+                        <!-- 
+                            Define additional bundles to install by specifying the beginning of their artifact name.
+                            The bundles are installed in lexical order of these property names.
+                            All bundles must be listed as dependencies in this pom, or they won't be installed. 
+                        -->
+
+                        <sling.additional.bundle.5>org.apache.sling.resourceaccesssecurity-</sling.additional.bundle.5>
+                        <sling.additional.bundle.6>org.apache.sling.jcr.resourcesecurity-</sling.additional.bundle.6>
+                        <sling.additional.bundle.7>${project.build.finalName}.jar</sling.additional.bundle.7>
+                    </systemPropertyVariables>
+                </configuration>
+            </plugin>
+         </plugins>
+    </build>
+
+    <dependencies>
+        <!-- Additional bundles needed by the Sling instance under test -->
+
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.testing.tools</artifactId>
+            <version>1.0.7-SNAPSHOT</version>
+            <scope>provided</scope>
+        </dependency>
+        
+        <!-- sling testing tools bundles requires httpclient -->
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient-osgi</artifactId>
+            <version>4.1.2</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpcore-osgi</artifactId>
+            <version>4.1.2</version>
+            <scope>provided</scope>
+        </dependency>
+        
+        <!-- actual dependencies -->
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.commons.json</artifactId>
+            <version>2.0.6</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.launchpad</artifactId>
+            <classifier>standalone</classifier>
+            <version>7-SNAPSHOT</version>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>1.5.11</version>
+        </dependency>
+        <dependency>
+            <groupId>org.osgi</groupId>
+            <artifactId>org.osgi.core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>commons-io</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>1.4</version>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-simple</artifactId>
+            <version>1.5.11</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.8.2</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.api</artifactId>
+            <version>2.6.1-SNAPSHOT</version>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>2.4</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.jackrabbit</groupId>
+            <artifactId>jackrabbit-api</artifactId>
+            <version>2.7.2</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.jackrabbit</groupId>
+            <artifactId>jackrabbit-jcr-commons</artifactId>
+            <version>2.7.2</version>
+        </dependency>
+        <dependency>
+            <groupId>javax.jcr</groupId>
+            <artifactId>jcr</artifactId>
+            <version>2.0</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.resourceaccesssecurity</artifactId>
+            <version>0.0.1-SNAPSHOT</version>
+        </dependency>
+
+    </dependencies>
+</project>



Mime
View raw message