Merge branch 'release/2.0.7'

.travis.yml

@@ -0,0 +1,2 @@
+# standard maven build with travis
+language: java

accesscontroltool-bundle/pom.xml

@@ -11,7 +11,7 @@
     <parent>
         <groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
         <artifactId>accesscontroltool</artifactId>
-        <version>2.0.6</version>
+        <version>2.0.7</version>
     </parent>
 
     <!-- ====================================================================== -->
@@ -25,11 +25,11 @@
     <dependencies>
         <dependency>
             <groupId>org.osgi</groupId>
-            <artifactId>org.osgi.compendium</artifactId>
+            <artifactId>osgi.cmpn</artifactId>
         </dependency>
         <dependency>
             <groupId>org.osgi</groupId>
-            <artifactId>org.osgi.core</artifactId>
+            <artifactId>osgi.core</artifactId>
         </dependency>
         <dependency>
             <groupId>org.apache.sling</groupId>
@@ -44,7 +44,7 @@
             <artifactId>org.apache.felix.scr.annotations</artifactId>
         </dependency>
         <dependency>
-            <groupId>biz.aQute</groupId>
+            <groupId>biz.aQute.bnd</groupId>
             <artifactId>bndlib</artifactId>
         </dependency>
         <dependency>
@@ -57,7 +57,7 @@
         </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>
-            <artifactId>servlet-api</artifactId>
+            <artifactId>javax.servlet-api</artifactId>
         </dependency>
         <dependency>
             <groupId>javax.jcr</groupId>
@@ -103,10 +103,6 @@
             <groupId>com.day.cq</groupId>
             <artifactId>cq-commons</artifactId>
         </dependency>
-        <dependency>
-            <groupId>com.adobe.granite</groupId>
-            <artifactId>com.adobe.granite.crypto</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.yaml</groupId>
             <artifactId>snakeyaml</artifactId>
@@ -133,7 +129,7 @@
         <dependency>
             <groupId>org.hamcrest</groupId>
             <artifactId>hamcrest-library</artifactId>
-            <version>1.3</version>
+            <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.apache.jackrabbit</groupId>
@@ -146,84 +142,89 @@
         <dependency>
             <groupId>org.apache.jackrabbit.vault</groupId>
             <artifactId>org.apache.jackrabbit.vault</artifactId>
-            <version>3.1.18</version>
         </dependency>
-
         <dependency>
-          <groupId>org.apache.tomcat</groupId>
-          <artifactId>el-api</artifactId>
-          <version>6.0.53</version>
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>el-api</artifactId>
+            <version>6.0.53</version>
         </dependency>
         <dependency>
-          <groupId>org.apache.tomcat</groupId>
-          <artifactId>jasper-el</artifactId>
-          <version>6.0.53</version>
-        </dependency> 
-        
+            <groupId>org.apache.tomcat</groupId>
+            <artifactId>jasper-el</artifactId>
+            <version>6.0.53</version>
+        </dependency>
+
         <dependency>
             <groupId>org.apache.jackrabbit</groupId>
             <artifactId>oak-core</artifactId>
             <version>1.2.7</version>
-        </dependency>        
-        
+        </dependency>
+
         <dependency>
-          <groupId>org.apache.jackrabbit</groupId>
-          <artifactId>oak-auth-external</artifactId>
-          <version>1.2.7</version>
-          <optional>true</optional>
-        </dependency> 
-            
+            <groupId>org.apache.jackrabbit</groupId>
+            <artifactId>oak-auth-external</artifactId>
+            <version>1.2.7</version>
+            <optional>true</optional>
+        </dependency>
+
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-log4j12</artifactId>
-            <version>1.5.10</version>
             <scope>test</scope>
-        </dependency>          
-        
+        </dependency>
+
         <dependency>
             <groupId>org.apache.sling</groupId>
             <artifactId>org.apache.sling.hc.core</artifactId>
             <version>1.1.0</version>
             <scope>provided</scope>
             <optional>true</optional>
-        </dependency>        
+        </dependency>
         <dependency>
             <groupId>org.apache.sling</groupId>
             <artifactId>org.apache.sling.hc.annotations</artifactId>
             <version>1.0.2</version>
             <scope>provided</scope>
         </dependency>
-
+
+        <!-- use the uber-jar always as last dependency because a lot of classes are provided also by other artifacts
+             It is only used here as replacement for com.adobe.granite:com.adobe.granite.crypto:3.0.0 whose pom.xml is not publicly available -->
+        <dependency>
+            <groupId>com.adobe.aem</groupId>
+            <artifactId>uber-jar</artifactId>
+            <classifier>obfuscated-apis</classifier>
+        </dependency>
+
     </dependencies>
 
     <!-- ====================================================================== -->
     <!-- B U I L D D E F I N I T I O N -->
     <!-- ====================================================================== -->
     <build>
         <plugins>
-        
+
             <plugin>
-              <groupId>org.apache.felix</groupId>
-              <artifactId>maven-bundle-plugin</artifactId>
-              <configuration>
-                <instructions>
-                    <Embed-Dependency>el-api,jasper-el</Embed-Dependency>
-                    <!-- Required to support 6.1 and 6.2 -->
-                    <Export-Package>
-                        biz.netcentric.cq.tools.actool.api,
-                        biz.netcentric.cq.tools.actool.installhook,
-                        biz.netcentric.cq.tools.actool.aceservice,
-                        biz.netcentric.cq.tools.actool.installationhistory
-                    </Export-Package>
-                    <Import-Package>
-                        org.apache.jackrabbit.oak.spi.security.authentication.external;version="[1.0,3)",
-                        *
-                    </Import-Package>              
-                    
-                </instructions>
-                
-              </configuration>
-            </plugin>        
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-bundle-plugin</artifactId>
+                <configuration>
+                    <instructions>
+                        <Embed-Dependency>el-api,jasper-el</Embed-Dependency>
+                        <!-- Required to support 6.1 and 6.2 -->
+                        <Export-Package>
+                            biz.netcentric.cq.tools.actool.api,
+                            biz.netcentric.cq.tools.actool.installhook,
+                            biz.netcentric.cq.tools.actool.aceservice,
+                            biz.netcentric.cq.tools.actool.installationhistory
+                        </Export-Package>
+                        <Import-Package>
+                            org.apache.jackrabbit.oak.spi.security.authentication.external;version="[1.0,3)",
+                            *
+                        </Import-Package>
+
+                    </instructions>
+
+                </configuration>
+            </plugin>
             <plugin>
                 <groupId>org.apache.felix</groupId>
                 <artifactId>maven-scr-plugin</artifactId>

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImpl.java

@@ -102,7 +102,6 @@ private void installAuthorizableConfigurationBean(final Session session,
         LOG.debug("- start installation of authorizable: {}", authorizableId);
 
         UserManager userManager = AccessControlUtils.getUserManagerAutoSaveDisabled(session);
-        ValueFactory vf = session.getValueFactory();
 
         // if current authorizable from config doesn't exist yet
         Authorizable authorizableToInstall = userManager.getAuthorizable(authorizableId);
@@ -181,7 +180,10 @@ void applyGroupMembershipConfigMembers(AcConfiguration acConfiguration, Authoriz
                                 "Member " + member + " does not exist and cannot be added as external member to group "
                                         + authorizableConfigBean.getAuthorizableId());
                     }
-                    installedGroup.addMember(memberGroup);
+                    if (!installedGroup.addMember(memberGroup)) {
+                        throw new IllegalStateException(
+                                "Member " + member + " cannot be added as external member to group '" + installedGroup.getID() + "'. Is this maybe a protected group like 'everyone'?");
+                    }
                     installLog.addVerboseMessage(LOG,
                             "Adding " + member + " as external member to group " + authorizableConfigBean.getAuthorizableId());
                 }
@@ -193,9 +195,13 @@ void applyGroupMembershipConfigMembers(AcConfiguration acConfiguration, Authoriz
                         "Removing " + membersToRemove.size() + " external members to group " + authorizableConfigBean.getAuthorizableId());
                 for (String member : membersToRemove) {
                     Authorizable memberGroup = userManager.getAuthorizable(member);
-                    installedGroup.removeMember(memberGroup);
-                    installLog.addVerboseMessage(LOG,
+                    if (!installedGroup.removeMember(memberGroup)) {
+                        throw new IllegalStateException(
+                                "Member " + member + " cannot be removed from group '" + installedGroup.getID() + "'. Is this maybe a protected group like 'everyone'?");
+                    } else {
+                        installLog.addVerboseMessage(LOG,
                             "Removing " + member + " as external member to group " + authorizableConfigBean.getAuthorizableId());
+                    }
                 }
             }
         }
@@ -296,7 +302,10 @@ private void migrateFromOldGroup(AuthorizableConfigBean authorizableConfigBean,
                     + authorizableConfigBean.getMigrateFrom() + " to group " + authorizableId);
             Group currentGroup = (Group) userManager.getAuthorizable(authorizableId);
             for (Authorizable user : usersFromGroupToTakeOver) {
-                currentGroup.addMember(user);
+                if (!currentGroup.addMember(user)) {
+                    throw new IllegalStateException(
+                            "Member " + user + " cannot be added as external member to group '" + currentGroup.getID() + "'. Is this maybe a protected group like 'everyone'?");
+                }
             }
         }
 
@@ -371,7 +380,10 @@ private void handleRecreationOfAuthorizableIfNecessary(final Session session,
                 Group newGroup = (Group) newAuthorizable;
                 // add members of deleted group
                 for (Authorizable authorizable : membersOfDeletedGroup) {
-                    newGroup.addMember(authorizable);
+                    if (!newGroup.addMember(authorizable)) {
+                        throw new IllegalStateException(
+                                "Member " + authorizable + " cannot be added as external member to group '" + newGroup.getID() + "'. Is this maybe a protected group like 'everyone'?");
+                    }
                     countMovedMembersOfGroup++;
                 }
             }
@@ -542,13 +554,21 @@ void applyGroupMembershipConfigIsMemberOf(AuthorizableConfigBean authorizableCon
         for (String groupId : toBeAddedMembers) {
             LOG.debug("Membership Change: Adding {} to members of group {} in repository", authorizableId, groupId);
             Authorizable targetAuthorizable = userManager.getAuthorizable(groupId);
-            ((Group) targetAuthorizable).addMember(currentAuthorizable);
+            Group group = (Group) targetAuthorizable;
+            if (!(group.addMember(currentAuthorizable))) {
+                throw new IllegalStateException(
+                        "Member " + currentAuthorizable + " cannot be added as external member to group '" + group.getID() + "'. Is this maybe a protected group like 'everyone'?");
+            }
         }
 
         for (String groupId : toBeRemovedMembers) {
             LOG.debug("Membership Change: Removing {} from members of group {} in repository", authorizableId, groupId);
             Authorizable targetAuthorizable = userManager.getAuthorizable(groupId);
-            ((Group) targetAuthorizable).removeMember(currentAuthorizable);
+            Group group = (Group) targetAuthorizable;
+            if (!group.removeMember(currentAuthorizable)) {
+                throw new IllegalStateException(
+                        "Member " + currentAuthorizable.getID() + " cannot be removed from group '" + group.getID() + "'. Is this maybe a protected group like 'everyone'?");
+            }
         }
 
         if (!toBeAddedMembers.isEmpty() && !toBeAddedMembers.isEmpty()) {
@@ -617,6 +637,11 @@ void setAuthorizableProperties(Authorizable authorizable, AuthorizableConfigBean
             ContentHelper.importContent(session, authorizable.getPath() + "/preferences", preferencesContent);
         }
 
+        String socialContent = principalConfigBean.getSocialContent();
+        if (StringUtils.isNotBlank(socialContent)) {
+            ContentHelper.importContent(session, authorizable.getPath() + "/social", socialContent);
+        }
+
         ValueFactory vf = session.getValueFactory();
 
         String name = principalConfigBean.getName();
@@ -637,11 +662,20 @@ void setAuthorizableProperties(Authorizable authorizable, AuthorizableConfigBean
                 authorizable.setProperty("profile/givenName", vf.createValue(givenName));
                 authorizable.setProperty("profile/familyName", vf.createValue(familyName));
             }
+        } else {
+            if (StringUtils.isBlank(profileContent)) {
+                authorizable.removeProperty("profile/givenName");
+                authorizable.removeProperty("profile/familyName");
+            }
         }
 
         String description = principalConfigBean.getDescription();
         if (StringUtils.isNotBlank(description)) {
             authorizable.setProperty("profile/aboutMe", vf.createValue(description));
+        } else {
+            if (StringUtils.isBlank(profileContent)) {
+                authorizable.removeProperty("profile/aboutMe");
+            }
         }
 
         String disabled = principalConfigBean.getDisabled();
@@ -711,7 +745,10 @@ private void addMembersToReferencingAuthorizables(Authorizable authorizable, Aut
                 LOG.debug("start adding {} to assignedGroups", authorizableId);
                 for (String referencingAuthorizableToBeChangedId : referencingAuthorizablesToBeChanged) {
                     Group referencingAuthorizableToBeChanged = (Group) userManager.getAuthorizable(referencingAuthorizableToBeChangedId);
-                    referencingAuthorizableToBeChanged.addMember(authorizable);
+                    if (!referencingAuthorizableToBeChanged.addMember(authorizable)) {
+                        throw new IllegalStateException(
+                                "Member " + authorizable + " cannot be added as external member to group '" + referencingAuthorizableToBeChanged.getID() + "'. Is this maybe a protected group like 'everyone'?");
+                    }
                     LOG.debug("added to {} ", referencingAuthorizableToBeChanged);
                 }
             }

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configmodel/AuthorizableConfigBean.java

@@ -39,6 +39,7 @@ public class AuthorizableConfigBean implements AcDumpElement {
 
     private String profileContent;
     private String preferencesContent;
+    private String socialContent;
 
     private String migrateFrom;
 
@@ -124,6 +125,14 @@ public void setPreferencesContent(String preferencesContent) {
         this.preferencesContent = preferencesContent;
     }
 
+    public String getSocialContent() {
+        return socialContent;
+    }
+
+    public void setSocialContent(String socialContent) {
+        this.socialContent = socialContent;
+    }
+
     public void setMemberOfString(final String memberOfString) {
         memberOfStringFromConfig = memberOfString;
     }
@@ -164,13 +173,7 @@ public String getMemberOfString() {
         if (isMemberOf == null) {
             return "";
         }
-
-        final StringBuilder memberOfString = new StringBuilder();
-
-        for (final String group : isMemberOf) {
-            memberOfString.append(group).append(",");
-        }
-        return StringUtils.chop(memberOfString.toString());
+        return StringUtils.join(isMemberOf, ",");
     }
 
     public void setMemberOf(final String[] memberOf) {

accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/configreader/YamlConfigReader.java

@@ -77,6 +77,7 @@ public class YamlConfigReader implements ConfigReader {
 
     private static final String USER_CONFIG_PROFILE_CONTENT = "profileContent";
     private static final String USER_CONFIG_PREFERENCES_CONTENT = "preferencesContent";
+    private static final String USER_CONFIG_SOCIAL_CONTENT = "socialContent";
 
     private static final String USER_CONFIG_DISABLED = "disabled";
 
@@ -382,6 +383,8 @@ protected void setupAuthorizableBean(
                 currentPrincipalDataMap, USER_CONFIG_PROFILE_CONTENT));
         authorizableConfigBean.setPreferencesContent(getMapValueAsString(
                 currentPrincipalDataMap, USER_CONFIG_PREFERENCES_CONTENT));
+        authorizableConfigBean.setSocialContent(getMapValueAsString(
+                currentPrincipalDataMap, USER_CONFIG_SOCIAL_CONTENT));
 
         if (currentPrincipalDataMap.containsKey(USER_CONFIG_DISABLED)) {
             authorizableConfigBean.setDisabled(getMapValueAsString(currentPrincipalDataMap, USER_CONFIG_DISABLED));