Merge branch 'release/2.0.6'

accesscontroltool-bundle/pom.xml

@@ -11,7 +11,7 @@
     <parent>
         <groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
         <artifactId>accesscontroltool</artifactId>
-        <version>2.0.5</version>
+        <version>2.0.6</version>
     </parent>
 
     <!-- ====================================================================== -->

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aceinstaller/BaseAceBeanInstaller.java

@@ -89,7 +89,8 @@ public void installPathBasedACEs(
             orderedAceBeanSetFromConfig.addAll(aceBeanSetFromConfig);
 
             Set<String> principalsToRemoveAcesForAtThisPath = acConfiguration.getAuthorizablesConfig()
-                    .removeUnmanagedPrincipalNamesAtPath(path, principalsToRemoveAcesFor);
+                    .removeUnmanagedPrincipalNamesAtPath(path, principalsToRemoveAcesFor,
+                            acConfiguration.getGlobalConfiguration().getDefaultUnmanagedAcePathsRegex());
             installAcl(orderedAceBeanSetFromConfig, path, principalsToRemoveAcesForAtThisPath, session, history);
 
             if (intermediateSaves && session.hasPendingChanges()) {
@@ -100,7 +101,7 @@ public void installPathBasedACEs(
 
         if (history.getMissingParentPathsForInitialContent() > 0) {
             history.addWarning(LOG, "There were " + history.getMissingParentPathsForInitialContent()
-                    + " parent paths missing for creation of intial content (those paths were skipped, see verbose log for details)");
+                    + " parent paths missing for creation of initial content (those paths were skipped, see verbose log for details)");
         }
 
         history.addMessage(LOG, "ACL Update Statistics: Changed=" + history.getCountAclsChanged() + " Unchanged=" + history.getCountAclsUnchanged()

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImpl.java

@@ -224,8 +224,11 @@ private Set<String> removeRegularUsers(Set<String> allMembersFromRepo, UserManag
     private Set<String> removeExternalMembersUnmanagedByConfiguration(AcConfiguration acConfiguration, AuthorizableConfigBean authorizableConfigBean,
             Set<String> relevantMembersInRepo, InstallationLogger installLog) {
         Set<String> relevantMembers = new HashSet<String>(relevantMembersInRepo);
-        Pattern unmanagedExternalMembersRegex = acConfiguration.getGlobalConfiguration()
-                .getDefaultUnmanagedExternalMembersRegex();
+
+        Pattern unmanagedExternalMembersRegex = authorizableConfigBean.getUnmanagedExternalMembersRegex();
+        if (unmanagedExternalMembersRegex == null) {
+            unmanagedExternalMembersRegex = acConfiguration.getGlobalConfiguration().getDefaultUnmanagedExternalMembersRegex();
+        }
 
         Set<String> unmanagedMembers = new HashSet<String>();
         if (unmanagedExternalMembersRegex != null) {
@@ -413,13 +416,13 @@ private void applyGroupMembershipConfigIsMemberOf(InstallationLogger installLog,
             AuthorizableConfigBean authorizableConfigBean, UserManager userManager, Session session,
             Set<String> authorizablesFromConfigurations) throws RepositoryException, AuthorizableCreatorException {
         String[] memberOf = authorizableConfigBean.getMemberOf();
-        String authorizableId = authorizableConfigBean.getAuthorizableId();
 
-        Authorizable currentGroupFromRepository = userManager.getAuthorizable(authorizableId);
+        Authorizable currentGroupFromRepository = userManager.getAuthorizable(authorizableConfigBean.getAuthorizableId());
         Set<String> membershipGroupsFromConfig = getMembershipGroupsFromConfig(memberOf);
         Set<String> membershipGroupsFromRepository = getMembershipGroupsFromRepository(currentGroupFromRepository);
 
-        applyGroupMembershipConfigIsMemberOf(authorizableId, acConfiguration, installLog, userManager, session, membershipGroupsFromConfig,
+        applyGroupMembershipConfigIsMemberOf(authorizableConfigBean, acConfiguration, installLog, userManager, session,
+                membershipGroupsFromConfig,
                 membershipGroupsFromRepository, authorizablesFromConfigurations);
     }
 
@@ -479,7 +482,7 @@ private Set<String> getMembershipGroupsFromConfig(String[] memberOf) {
     }
 
     @SuppressWarnings("unchecked")
-    void applyGroupMembershipConfigIsMemberOf(String authorizableId,
+    void applyGroupMembershipConfigIsMemberOf(AuthorizableConfigBean authorizableConfigBean,
             AcConfiguration acConfiguration,
             InstallationLogger installLog, UserManager userManager, Session session,
             Set<String> membershipGroupsFromConfig,
@@ -491,6 +494,7 @@ void applyGroupMembershipConfigIsMemberOf(String authorizableId,
         membershipGroupsFromConfig.remove(PRINCIPAL_EVERYONE);
         membershipGroupsFromRepository.remove(PRINCIPAL_EVERYONE);
 
+        String authorizableId = authorizableConfigBean.getAuthorizableId();
         installLog.addVerboseMessage(LOG, "Authorizable " + authorizableId + " isMemberOf(repo)=" + membershipGroupsFromRepository);
         installLog.addVerboseMessage(LOG, "Authorizable " + authorizableId + " isMemberOf(conifg)=" + membershipGroupsFromConfig);
 
@@ -508,8 +512,10 @@ void applyGroupMembershipConfigIsMemberOf(String authorizableId,
                 validatedMembershipGroupsFromConfig);
         Set<String> unmanagedMembers = new HashSet<String>();
 
-        Pattern unmanagedExternalIsMemberOfRegex = acConfiguration.getGlobalConfiguration()
-                .getDefaultUnmanagedExternalIsMemberOfRegex();
+        Pattern unmanagedExternalIsMemberOfRegex = authorizableConfigBean.getUnmanagedExternalIsMemberOfRegex();
+        if (unmanagedExternalIsMemberOfRegex == null) {
+            unmanagedExternalIsMemberOfRegex = acConfiguration.getGlobalConfiguration().getDefaultUnmanagedExternalIsMemberOfRegex();
+        }
 
         Iterator<String> toBeRemovedMembersIt = toBeRemovedMembers.iterator();
         while (toBeRemovedMembersIt.hasNext()) {

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AuthorizableConfigBean.java

@@ -11,6 +11,7 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
+import java.util.regex.Pattern;
 
 import org.apache.commons.lang.StringUtils;
 
@@ -42,12 +43,15 @@ public class AuthorizableConfigBean implements AcDumpElement {
     private String migrateFrom;
 
     private String unmanagedAcePathsRegex;
+    private Pattern unmanagedExternalIsMemberOfRegex;
+    private Pattern unmanagedExternalMembersRegex;
 
     private boolean isGroup = true;
     private boolean isSystemUser = false;
 
     private String disabled;
 
+
     public String getAuthorizableId() {
         return authorizableId;
     }
@@ -248,6 +252,22 @@ public void setUnmanagedAcePathsRegex(String unmanagedAcePathsRegex) {
         this.unmanagedAcePathsRegex = unmanagedAcePathsRegex;
     }
 
+    public Pattern getUnmanagedExternalIsMemberOfRegex() {
+        return unmanagedExternalIsMemberOfRegex;
+    }
+
+    public void setUnmanagedExternalIsMemberOfRegex(String unmanagedExternalIsMemberOfRegex) {
+        this.unmanagedExternalIsMemberOfRegex = GlobalConfiguration.stringToRegex(unmanagedExternalIsMemberOfRegex);
+    }
+
+    public Pattern getUnmanagedExternalMembersRegex() {
+        return unmanagedExternalMembersRegex;
+    }
+
+    public void setUnmanagedExternalMembersRegex(String unmanagedExternalMembersRegex) {
+        this.unmanagedExternalMembersRegex = GlobalConfiguration.stringToRegex(unmanagedExternalMembersRegex);
+    }
+
     @Override
     public String toString() {
         final StringBuilder sb = new StringBuilder();
@@ -259,10 +279,11 @@ public String toString() {
         return sb.toString();
     }
 
-    public boolean managesPath(String path) {
-        if (StringUtils.isNotBlank(unmanagedAcePathsRegex)
+    public boolean managesPath(String path, String defaultUnmanagedAcePathsRegex) {
+        String effectiveUnmanagedAcePathsRegex = StringUtils.defaultIfEmpty(unmanagedAcePathsRegex, defaultUnmanagedAcePathsRegex);
+        if (StringUtils.isNotBlank(effectiveUnmanagedAcePathsRegex)
                 && StringUtils.isNotBlank(path) /* not supporting repository permissions here */) {
-            boolean pathIsManaged = !path.matches(unmanagedAcePathsRegex);
+            boolean pathIsManaged = !path.matches(effectiveUnmanagedAcePathsRegex);
             return pathIsManaged;
         } else {
             return true; // default

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AuthorizablesConfig.java

@@ -63,12 +63,12 @@ public String getPrincipalNameForAuthorizableId(String authorizableId) {
         return principalName;
     }
 
-    public Set<String> removeUnmanagedPrincipalNamesAtPath(String path, Set<String> principals) {
+    public Set<String> removeUnmanagedPrincipalNamesAtPath(String path, Set<String> principals, String defaultUnmanagedAcePathsRegex) {
 
         Set<String> filteredPrincipals = new HashSet<String>();
         for (String principal : principals) {
             AuthorizableConfigBean authorizableConfig = getAuthorizableConfigByPrincipalName(principal);
-            if (authorizableConfig.managesPath(path)) {
+            if (authorizableConfig.managesPath(path, defaultUnmanagedAcePathsRegex)) {
                 filteredPrincipals.add(principal);
             }
         }

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/GlobalConfiguration.java

@@ -25,6 +25,7 @@ public class GlobalConfiguration {
 
     public static final String KEY_DEFAULT_UNMANAGED_EXTERNAL_ISMEMBEROF_REGEX = "defaultUnmanagedExternalIsMemberOfRegex";
     public static final String KEY_DEFAULT_UNMANAGED_EXTERNAL_MEMBERS_REGEX = "defaultUnmanagedExternalMembersRegex";
+    public static final String KEY_DEFAULT_UNMANAGED_ACE_PATHS_REGEX = "defaultUnmanagedAcePathsRegex";
 
     @Deprecated
     public static final String KEY_KEEP_EXISTING_MEMBERSHIPS_FOR_GROUP_NAMES_REGEX = "keepExistingMembershipsForGroupNamesRegEx";
@@ -34,6 +35,7 @@ public class GlobalConfiguration {
 
     private Pattern defaultUnmanagedExternalIsMemberOfRegex;
     private Pattern defaultUnmanagedExternalMembersRegex;
+    private String defaultUnmanagedAcePathsRegex;
 
     public GlobalConfiguration() {
     }
@@ -47,7 +49,9 @@ public GlobalConfiguration(Map<String, ?> globalConfigMap) {
                         + " (since v2.0.0) - please adjust your configuration.");
 
             }
-
+
+            setDefaultUnmanagedAcePathsRegex((String) globalConfigMap.get(KEY_DEFAULT_UNMANAGED_ACE_PATHS_REGEX));
+
             setDefaultUnmanagedExternalIsMemberOfRegex((String) globalConfigMap.get(KEY_DEFAULT_UNMANAGED_EXTERNAL_ISMEMBEROF_REGEX));
             setDefaultUnmanagedExternalMembersRegex((String) globalConfigMap.get(KEY_DEFAULT_UNMANAGED_EXTERNAL_MEMBERS_REGEX));
 
@@ -75,6 +79,13 @@ public GlobalConfiguration(Map<String, ?> globalConfigMap) {
 
     public void merge(GlobalConfiguration otherGlobalConfig) {
 
+        if (otherGlobalConfig.getDefaultUnmanagedAcePathsRegex() != null) {
+            if (defaultUnmanagedAcePathsRegex == null) {
+                defaultUnmanagedAcePathsRegex = otherGlobalConfig.getDefaultUnmanagedAcePathsRegex();
+            } else {
+                throw new IllegalArgumentException("Duplicate config for " + KEY_DEFAULT_UNMANAGED_ACE_PATHS_REGEX);
+            }
+        }
         if (otherGlobalConfig.getDefaultUnmanagedExternalIsMemberOfRegex() != null) {
             if (defaultUnmanagedExternalIsMemberOfRegex == null) {
                 defaultUnmanagedExternalIsMemberOfRegex = otherGlobalConfig.getDefaultUnmanagedExternalIsMemberOfRegex();
@@ -139,7 +150,15 @@ public void setDefaultUnmanagedExternalMembersRegex(String defaultUnmanagedExter
         this.defaultUnmanagedExternalMembersRegex = stringToRegex(defaultUnmanagedExternalMembersRegex);
     }
 
-    private Pattern stringToRegex(String regex) {
+    public String getDefaultUnmanagedAcePathsRegex() {
+        return defaultUnmanagedAcePathsRegex;
+    }
+
+    public void setDefaultUnmanagedAcePathsRegex(String defaultUnmanagedAcePathsRegex) {
+        this.defaultUnmanagedAcePathsRegex = defaultUnmanagedAcePathsRegex;
+    }
+
+    static Pattern stringToRegex(String regex) {
         return StringUtils.isNotBlank(regex) ? Pattern.compile(regex) : null;
     }
 

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigReader.java

@@ -70,6 +70,8 @@ public class YamlConfigReader implements ConfigReader {
     private static final String GROUP_CONFIG_PROPERTY_MIGRATE_FROM = "migrateFrom";
 
     private static final String GROUP_CONFIG_PROPERTY_UNMANAGED_ACE_PATHS_REGEX = "unmanagedAcePathsRegex";
+    private static final String GROUP_CONFIG_PROPERTY_UNMANAGED_EXTERNAL_ISMEMBEROF_REGEX = "unmanagedExternalIsMemberOfRegex";
+    private static final String GROUP_CONFIG_PROPERTY_UNMANAGED_EXTERNAL_MEMBERS_REGEX = "unmanagedExternalMembersRegex";
 
     private static final String USER_CONFIG_PROPERTY_IS_SYSTEM_USER = "isSystemUser";
 
@@ -364,6 +366,10 @@ protected void setupAuthorizableBean(
 
         authorizableConfigBean.setUnmanagedAcePathsRegex(getMapValueAsString(currentPrincipalDataMap,
                 GROUP_CONFIG_PROPERTY_UNMANAGED_ACE_PATHS_REGEX));
+        authorizableConfigBean.setUnmanagedExternalIsMemberOfRegex(getMapValueAsString(currentPrincipalDataMap,
+                GROUP_CONFIG_PROPERTY_UNMANAGED_EXTERNAL_ISMEMBEROF_REGEX));
+        authorizableConfigBean.setUnmanagedExternalMembersRegex(getMapValueAsString(currentPrincipalDataMap,
+                GROUP_CONFIG_PROPERTY_UNMANAGED_EXTERNAL_MEMBERS_REGEX));
 
         authorizableConfigBean.setIsGroup(isGroupSection);
         authorizableConfigBean.setIsSystemUser(Boolean.valueOf(getMapValueAsString(currentPrincipalDataMap,

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlMacroElEvaluator.java

@@ -109,7 +109,8 @@ public ElFunctionMapper() {
                         StringUtils.class.getMethod("contains", new Class<?>[] { String.class, String.class }),
                         StringUtils.class.getMethod("endsWith", new Class<?>[] { String.class, String.class }),
                         StringUtils.class.getMethod("startsWith", new Class<?>[] { String.class, String.class }),
-                        StringUtils.class.getMethod("replace", new Class<?>[] { String.class, String.class, String.class })
+                        StringUtils.class.getMethod("replace", new Class<?>[] { String.class, String.class, String.class }),
+                        StringUtils.class.getMethod("length", new Class<?>[] { String.class })
                 };
                 for (Method method : exportedMethods) {
                     functionMap.put(method.getName(), method);

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/InstallationLogger.java

@@ -11,10 +11,6 @@ public interface InstallationLogger extends InstallationLog {
 
     void addVerboseMessage(Logger log, String message);
 
-    void addError(final String error);
-
-    void addError(Logger log, String error);
-
     void addError(String error, Throwable e);
 
     void addError(Logger log, String error, Throwable e);

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/PersistableInstallationLogger.java

@@ -138,20 +138,10 @@ public void addError(Logger log, String error, Throwable e) {
         addError(error, e);
     }
 
-    @Override
-    public void addError(Logger log, String error) {
-        log.error(error);
-        addError(error);
-    }
-
     public void addError(final String error, Throwable e) {
-        addError(error + " / e=" + e);
-    }
-
-    @Override
-    public void addError(final String error) {
+        String fullErrorValue = error + " / e=" + e;
         errors.add(new HistoryEntry(msgIndex, new Timestamp(
-                new Date().getTime()), MSG_IDENTIFIER_ERROR + error));
+                new Date().getTime()), MSG_IDENTIFIER_ERROR + fullErrorValue));
         success = false;
         msgIndex++;
     }

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/history/ProgressTrackerListenerInstallationLogger.java

@@ -24,12 +24,6 @@ protected void addMessage(String message) {
         super.addMessage(message);
     }
 
-    @Override
-    public void addError(String error) {
-        listener.onError(ProgressTrackerListener.Mode.TEXT, MSG_IDENTIFIER_ERROR + error, null);
-        super.addError(error);
-    }
-
     @Override
     public void addError(String error, Throwable t) {
         Exception e;

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/AcInstallationServiceImpl.java

@@ -214,8 +214,7 @@ public void installConfigurationFiles(PersistableInstallationLogger installLog,
             LOG.info("Successfully applied AC Tool configuration in " + msHumanReadable(executionTime));
             installLog.setExecutionTime(executionTime);
         } catch (Exception e) {
-            // TODO: separate exception
-            installLog.addError(e.toString()); // ensure exception is added to installLog before it's persisted in log in finally clause
+            installLog.addError("Could not process yaml files", e); // ensure exception is added to installLog before it's persisted in log in finally clause
             throw e; // handling is different depending on JMX or install hook case
         } finally {
             try {
@@ -255,9 +254,9 @@ private void removeAcesForPathsNotInConfig(InstallationLogger installLog, Sessio
                 acConfiguration.getAceConfig());
 
         for (String relevantPath : relevantPathsForCleanup) {
-            // TODO: why is acconfiguration retrieved from log?
             Set<String> principalsToRemoveAcesForAtThisPath = acConfiguration.getAuthorizablesConfig()
-                    .removeUnmanagedPrincipalNamesAtPath(relevantPath, principalsInConfig);
+                    .removeUnmanagedPrincipalNamesAtPath(relevantPath, principalsInConfig,
+                            acConfiguration.getGlobalConfiguration().getDefaultUnmanagedAcePathsRegex());
 
             // delete ACE if principal *is* in config, but the path *is not* in config
             int countRemoved = AccessControlUtils.deleteAllEntriesForPrincipalsFromACL(session,

accesscontroltool-bundle/src/test/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImplTest.java

@@ -161,7 +161,11 @@ public Set<String> answer(InvocationOnMock invocation) throws Throwable {
             }).when(cut).validateAssignedGroups(userManager, acConfiguration.getAuthorizablesConfig(), null, TESTGROUP, configuredGroups, status);
 
             Set<String> authorizablesInConfig = new HashSet<String>(asList(GROUP1));
-            cut.applyGroupMembershipConfigIsMemberOf(TESTGROUP, acConfiguration, status, userManager, null, configuredGroups, groupsInRepo,
+
+            AuthorizableConfigBean authorizableConfigBean = new AuthorizableConfigBean();
+            authorizableConfigBean.setAuthorizableId(TESTGROUP);
+            cut.applyGroupMembershipConfigIsMemberOf(authorizableConfigBean, acConfiguration, status, userManager, null, configuredGroups,
+                    groupsInRepo,
                     authorizablesInConfig);
 
             verifyZeroInteractions(group2); // in configuredGroups and in groupsInRepo