Merge branch 'release/1.9.2'

accesscontroltool-bundle/pom.xml

@@ -11,7 +11,7 @@
     <parent>
         <groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
         <artifactId>accesscontroltool</artifactId>
-        <version>1.9.1</version>
+        <version>1.9.2</version>
     </parent>
 
     <!-- ====================================================================== -->

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aceservice/AceService.java

@@ -11,15 +11,23 @@
 import java.util.Map;
 import java.util.Set;
 
-import javax.jcr.Session;
-
 import biz.netcentric.cq.tools.actool.authorizableutils.AuthorizableInstallationHistory;
 import biz.netcentric.cq.tools.actool.installationhistory.AcInstallationHistoryPojo;
 
 public interface AceService {
 
+    /** Applies the full configuration as stored at the path configured at PID biz.netcentric.cq.tools.actool.aceservice.impl.AceServiceImpl
+     * to the repository.
+     * 
+     * @return the history */
     public AcInstallationHistoryPojo execute();
 
+    /** Applies parts of the history
+     * 
+     * @param restrictedToPaths only apply ACLs to root paths as given
+     * @return the history */
+    public AcInstallationHistoryPojo execute(String[] restrictedToPaths);
+
     /** method that indicates whether the service is ready for installation (if at least one configurations was found in repository)
      *
      * @return {@code true} if ready, otherwise {@code false} */
@@ -62,13 +70,13 @@ public interface AceService {
 
     /** Common entry point for JMX and install hook.
      * 
-     * @param session
      * @param history
      * @param configurationFileContentsByFilename
      * @param authorizableInstallationHistorySet
+     * @param restrictedToPaths only apply ACLs to root paths as given
      * @throws Exception */
-    public void installConfigurationFiles(Session session, AcInstallationHistoryPojo history,
+    public void installConfigurationFiles(AcInstallationHistoryPojo history,
             Map<String, String> configurationFileContentsByFilename,
-            Set<AuthorizableInstallationHistory> authorizableInstallationHistorySet) throws Exception;
+            Set<AuthorizableInstallationHistory> authorizableInstallationHistorySet, String[] restrictedToPaths) throws Exception;
 
 }

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aceservicejmx/AceServiceMBean.java

@@ -24,38 +24,43 @@ public interface AceServiceMBean {
 
     boolean isReadyToStart();
 
-    @Description("executes the installation of the ACE configuration(s)")
+    @Description("Executes the installation of the ACE configuration(s)")
     String execute();
 
-    @Description("purges the AccessControlList of the given path, if existing")
+    @Description("Executes the installation of the ACE configuration(s), but restricted to given paths")
+    String execute(
+            @Name("paths") @Description("comma separated list of paths to apply the configuration to, other paths will be skipped") String restrictedToPaths);
+
+    @Description("Purges the AccessControlList of the given path, if existing")
+
     String purgeACL(@Name("path") final String path);
 
-    @Description("purges all AccessControlLists under the given path and its subpaths, if existing")
+    @Description("Purges all AccessControlLists under the given path and its subpaths, if existing")
     String purgeACLs(@Name("path") final String path);
 
-    @Description("purges all authorizables contained in configuration files and all their ACEs from the system")
+    @Description("Purges all authorizables contained in configuration files and all their ACEs from the system")
     public String purgeAllAuthorizablesFromConfigurations();
 
-    @Description("provides status and links to the saved history logs")
+    @Description("Provides status and links to the saved history logs")
     String[] getSavedLogs() throws RepositoryException;
 
-    @Description("shows execution status of the AC Tool")
+    @Description("Shows execution status of the AC Tool")
     public boolean isExecuting();
 
-    @Description("returns a configuration dump containing all groups and all ACLs ordered by path")
+    @Description("Returns a configuration dump containing all groups and all ACLs ordered by path")
     public String pathBasedDump();
 
-    @Description("returns a configuration dump containing all groups and all ACEs ordered by groups")
+    @Description("Returns a configuration dump containing all groups and all ACEs ordered by groups (can be used as template for AC Tool configuration file)")
     public String groupBasedDump();
 
-    @Description("returns links to the existing configuration files in CRX")
+    @Description("Returns links to the existing configuration files in CRX")
     public String[] getConfigurationFiles();
 
-    @Description("returns history log which matches the provided number")
+    @Description("Returns history log which matches the provided number")
     public String showHistoryLog(
             @Name("historyLogNumber") @Description("number of history log") final String historyLogNumber);
 
-    @Description("purges authorizable(s) and respective ACEs from the system. Several authorizable ids have to be comma separated.")
+    @Description("Purges authorizable(s) and respective ACEs from the system.")
     public String purgeAuthorizables(
-            @Name("authorizableIds") String authorizableIds);
+            @Name("authorizableIds") @Description("Authorizable IDs to be purged. Several authorizable ids have to be comma separated.") String authorizableIds);
 }

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aceservicejmx/impl/AceServiceMBeanImpl.java

@@ -12,6 +12,7 @@
 
 import javax.management.NotCompliantMBeanException;
 
+import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang.time.StopWatch;
 import org.apache.felix.scr.annotations.Component;
 import org.apache.felix.scr.annotations.Properties;
@@ -21,13 +22,13 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.adobe.granite.jmx.annotation.AnnotatedStandardMBean;
+
 import biz.netcentric.cq.tools.actool.aceservice.AceService;
 import biz.netcentric.cq.tools.actool.aceservicejmx.AceServiceMBean;
 import biz.netcentric.cq.tools.actool.dumpservice.Dumpservice;
 import biz.netcentric.cq.tools.actool.installationhistory.AcHistoryService;
 
-import com.adobe.granite.jmx.annotation.AnnotatedStandardMBean;
-
 @Service
 @Component(immediate = true)
 @Properties({
@@ -57,6 +58,15 @@ public String execute() {
         return aceService.execute().toString();
     }
 
+    @Override
+    public String execute(String paths) {
+        String[] restrictedToPaths = null;
+        if (StringUtils.isNotBlank(paths)) {
+            restrictedToPaths = paths.split(",");
+        }
+        return aceService.execute(restrictedToPaths).toString();
+    }
+
     @Override
     public boolean isReadyToStart() {
         return aceService.isReadyToStart();

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/acls/AceBeanInstaller.java

@@ -25,7 +25,10 @@ public interface AceBeanInstaller {
      *
      * @param pathBasedAceMapFromConfig map containing the ACE data from the merged configurations path based
      * @param session the jcr session
-     * @param history history object */
-    void installPathBasedACEs(final Map<String, Set<AceBean>> pathBasedAceMapFromConfig, final Session session, final AcInstallationHistoryPojo history) throws Exception;
+     * @param history history object
+     * @param authorizablesToRemoveAcesFor
+     * @param intermediateSaves whether the session should be saved after each path (for each ACL) */
+    void installPathBasedACEs(final Map<String, Set<AceBean>> pathBasedAceMapFromConfig, final Session session,
+            final AcInstallationHistoryPojo history, Set<String> authorizablesToRemoveAcesFor, boolean intermediateSaves) throws Exception;
 
 }

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/acls/AceBeanInstallerImpl.java

@@ -58,15 +58,22 @@ public class AceBeanInstallerImpl implements AceBeanInstaller {
     public void installPathBasedACEs(
             final Map<String, Set<AceBean>> pathBasedAceMapFromConfig,
             final Session session,
-            final AcInstallationHistoryPojo history) throws Exception {
+            final AcInstallationHistoryPojo history, Set<String> authorizablesToRemoveAcesFor,
+            boolean intermediateSaves) throws Exception {
 
         final Set<String> paths = pathBasedAceMapFromConfig.keySet();
 
-        LOG.debug("Paths in merged config = {}", paths);
 
         final String msg = "Found " + paths.size() + "  paths in config";
         LOG.debug(msg);
         history.addVerboseMessage(msg);
+        LOG.trace("Paths with ACEs: {}", paths);
+
+        if (intermediateSaves) {
+            final String messageSave = "Will save ACL for each path to session due to configuration option intermediateSaves=true - rollback functionality is disabled.";
+            LOG.info(messageSave);
+            history.addMessage(messageSave);
+        }
 
         // loop through all nodes from config
         for (final String path : paths) {
@@ -90,19 +97,21 @@ public void installPathBasedACEs(
                     new AcePermissionComparator());
             orderedAceBeanSetFromConfig.addAll(aceBeanSetFromConfig);
 
-            // remove ACL of that path from ACLs from repo so that after the
-            // loop has ended only paths are left which are not contained in
-            // current config
-            for (final AceBean bean : orderedAceBeanSetFromConfig) {
-                AccessControlUtils.deleteAllEntriesForAuthorizableFromACL(session,
-                        path, bean.getPrincipalName());
-                final String message = "deleted all ACEs of authorizable "
-                        + bean.getPrincipalName()
-                        + " from ACL of path: " + path;
-                LOG.debug(message);
-                history.addVerboseMessage(message);
-            }
+            // Remove all config contained auhtorizables from ACL of this path
+            int countRemoved = AccessControlUtils.deleteAllEntriesForAuthorizableFromACL(session,
+                    path, authorizablesToRemoveAcesFor.toArray(new String[authorizablesToRemoveAcesFor.size()]));
+            final String message = "Deleted " + countRemoved + " ACEs for configured authorizables from path " + path;
+            LOG.debug(message);
+            history.addVerboseMessage(message);
+
             writeAcBeansToRepository(session, history, orderedAceBeanSetFromConfig);
+
+            if (intermediateSaves) {
+                final String messageSave = "Saved session for path " + path;
+                LOG.debug(messageSave);
+                history.addVerboseMessage(messageSave);
+                session.save();
+            }
         }
     }
 

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableutils/AuthorizableCreatorException.java

@@ -12,4 +12,8 @@ public class AuthorizableCreatorException extends Exception {
     public AuthorizableCreatorException(String message) {
         super(message);
     }
+
+    public AuthorizableCreatorException(Throwable e) {
+        super(e);
+    }
 }