Package org.apache.sling.oak.server

Source Code of org.apache.sling.oak.server.OakSlingRepositoryManager

/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The SF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
*     http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.apache.sling.oak.server;

import static com.google.common.collect.ImmutableSet.of;
import static java.util.Collections.singleton;
import static org.apache.jackrabbit.oak.plugins.index.IndexConstants.INDEX_DEFINITIONS_NAME;
import static org.apache.jackrabbit.oak.plugins.index.IndexUtils.createIndexDefinition;

import java.util.Arrays;
import java.util.Dictionary;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import java.util.TreeMap;
import java.util.concurrent.Executor;

import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.Privilege;
import javax.security.auth.login.Configuration;

import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Deactivate;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.ReferencePolicy;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.Oak;
import org.apache.jackrabbit.oak.api.ContentRepository;
import org.apache.jackrabbit.oak.osgi.OsgiWhiteboard;
import org.apache.jackrabbit.oak.plugins.commit.ConflictValidatorProvider;
import org.apache.jackrabbit.oak.plugins.commit.JcrConflictHandler;
import org.apache.jackrabbit.oak.plugins.index.aggregate.AggregateIndexProvider;
import org.apache.jackrabbit.oak.plugins.index.aggregate.NodeAggregator;
import org.apache.jackrabbit.oak.plugins.index.aggregate.SimpleNodeAggregator;
import org.apache.jackrabbit.oak.plugins.index.lucene.LuceneIndexProvider;
import org.apache.jackrabbit.oak.plugins.index.lucene.util.LuceneIndexHelper;
import org.apache.jackrabbit.oak.plugins.name.NameValidatorProvider;
import org.apache.jackrabbit.oak.plugins.name.NamespaceEditorProvider;
import org.apache.jackrabbit.oak.plugins.nodetype.TypeEditorProvider;
import org.apache.jackrabbit.oak.plugins.nodetype.write.InitialContent;
import org.apache.jackrabbit.oak.plugins.observation.CommitRateLimiter;
import org.apache.jackrabbit.oak.plugins.version.VersionEditorProvider;
import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
import org.apache.jackrabbit.oak.spi.commit.EditorHook;
import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.oak.spi.state.NodeStore;
import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardIndexEditorProvider;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardIndexProvider;
import org.apache.jackrabbit.oak.spi.xml.ImportBehavior;
import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.apache.sling.commons.threads.ThreadPool;
import org.apache.sling.commons.threads.ThreadPoolManager;
import org.apache.sling.jcr.api.NamespaceMapper;
import org.apache.sling.jcr.api.SlingRepository;
import org.apache.sling.jcr.base.AbstractSlingRepository2;
import org.apache.sling.jcr.base.AbstractSlingRepositoryManager;
import org.apache.sling.serviceusermapping.ServiceUserMapper;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
import org.osgi.framework.Constants;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
* A Sling repository implementation that wraps the Oak OSGi repository
* implementation from the Oak project.
*/
@Component(
        immediate = true,
        metatype = true,
        name = "org.apache.sling.oak.server.OakSlingRepository",
        label = "Apache Sling Embedded JCR Repository (Oak)",
        description = "Configuration to launch an embedded JCR Repository "
            + "and provide it as a SlingRepository and a standard JCR "
            + "Repository. In addition, if the registration URL is not "
            + "empty, the repository is registered as defined.")
@Reference(
        name = "namespaceMapper",
        referenceInterface = NamespaceMapper.class,
        cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE,
        policy = ReferencePolicy.DYNAMIC)
public class OakSlingRepositoryManager extends AbstractSlingRepositoryManager {

    private final Logger log = LoggerFactory.getLogger(getClass());

    private static final int DEFAULT_OBSERVATION_QUEUE_LENGTH = 1000;
    private static final boolean DEFAULT_COMMIT_RATE_LIMIT = false;

    // For backwards compatibility loginAdministrative is still enabled
    // In future releases, this default may change to false.
    public static final boolean DEFAULT_LOGIN_ADMIN_ENABLED = true;

    @Property(
            label = "Default Workspace",
            description = "Name of the workspace to use by default if not is given in any of the login methods. This name is used "
                + "to implement the SlingRepository.getDefaultWorkspace() "
                + "method. If this name is empty, a null value is used in "
                + "JCR calls so that the default workspace provided by the JCR repository is used.")
    public static final String PROPERTY_DEFAULT_WORKSPACE = "defaultWorkspace";

    @Property(
            boolValue = DEFAULT_LOGIN_ADMIN_ENABLED,
            label = "Enable Administrator Login",
            description = "Whether to enable or disable the SlingRepository.loginAdministrative "
                + "method. The default is 'true'. See "
                + "http://sling.apache.org/documentation/the-sling-engine/service-authentication.html "
                + "for information on deprecating and disabling the loginAdministrative method.")
    public static final String PROPERTY_LOGIN_ADMIN_ENABLED = "admin.login.enabled";

    @Property(
            intValue = DEFAULT_OBSERVATION_QUEUE_LENGTH,
            label = "Observation queue length",
            description = "Maximum number of pending revisions in a observation listener queue")
    private static final String OBSERVATION_QUEUE_LENGTH = "oak.observation.queue-length";

    @Property(
            boolValue = DEFAULT_COMMIT_RATE_LIMIT,
            label = "Commit rate limiter",
            description = "Limit the commit rate once the number of pending revisions in the observation " +
                    "queue exceed 90% of its capacity.")
    private static final String COMMIT_RATE_LIMIT = "oak.observation.limit-commit-rate";

    public static final String DEFAULT_ADMIN_USER = "admin";

    @Property(
            value = DEFAULT_ADMIN_USER,
            label = "Administator",
            description = "The user name of the administrative user. This user"
                + "name is used to implement the SlingRepository.loginAdministrative(String)"
                + "method. It is intended for this user to provide full read/write access to repository.")
    public static final String PROPERTY_ADMIN_USER = "admin.name";

    @Reference
    private ServiceUserMapper serviceUserMapper;

    @Reference
    private NodeStore nodeStore;

    private ComponentContext componentContext;

    private Map<Long, NamespaceMapper> namespaceMapperRefs = new TreeMap<Long, NamespaceMapper>();

    private NamespaceMapper[] namespaceMappers;

    private String adminUserName;

    @Reference
    private ThreadPoolManager threadPoolManager = null;

    private ThreadPool threadPool;

    private ServiceRegistration oakExecutorServiceReference;

    private final WhiteboardIndexProvider indexProvider = new WhiteboardIndexProvider();

    private final WhiteboardIndexEditorProvider indexEditorProvider = new WhiteboardIndexEditorProvider();

    private int observationQueueLength;

    private CommitRateLimiter commitRateLimiter;

    @Property(
            boolValue=true,
            label="Allow anonymous reads",
            description="If true, the anonymous user has read access to the whole repository (for backwards compatibility)")
    public static final String ANONYMOUS_READ_PROP = "anonymous.read.all";

    @Override
    protected ServiceUserMapper getServiceUserMapper() {
        return this.serviceUserMapper;
    }

    @Override
    protected NamespaceMapper[] getNamespaceMapperServices() {
        return this.namespaceMappers;
    }

    @Override
    protected Repository acquireRepository() {
        final SecurityProvider securityProvider = new SecurityProviderImpl(buildSecurityConfig());
        this.adminUserName = securityProvider.getConfiguration(UserConfiguration.class).getParameters().getConfigValue(
            UserConstants.PARAM_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID);

        final Whiteboard whiteboard = new OsgiWhiteboard(this.getComponentContext().getBundleContext());
        this.indexProvider.start(whiteboard);
        this.indexEditorProvider.start(whiteboard);
        this.oakExecutorServiceReference = this.componentContext.getBundleContext().registerService(
                Executor.class.getName(), new Executor() {
            @Override
            public void execute(Runnable command) {
                threadPool.execute(command);
            }
        }, new Hashtable<String, Object>());

        final Oak oak = new Oak(nodeStore)
        .with(new InitialContent())
        .with(new ExtraSlingContent())

        .with(JcrConflictHandler.JCR_CONFLICT_HANDLER)
        .with(new EditorHook(new VersionEditorProvider()))

        .with(securityProvider)

        .with(new NameValidatorProvider())
        .with(new NamespaceEditorProvider())
        .with(new TypeEditorProvider())
//        .with(new RegistrationEditorProvider())
        .with(new ConflictValidatorProvider())

        // index stuff
        .with(indexProvider)
        .with(indexEditorProvider)
//        .with(new PropertyIndexEditorProvider())

//        .with(new PropertyIndexProvider())
//        .with(new NodeTypeIndexProvider())

//        .with(new LuceneIndexEditorProvider())
        .with(AggregateIndexProvider.wrap(new LuceneIndexProvider()
                .with(getNodeAggregator())))

        .with(getDefaultWorkspace())
        .withAsyncIndexing()
        .with(whiteboard)
        ;
       
        if (commitRateLimiter != null) {
            oak.with(commitRateLimiter);
        }

        final ContentRepository contentRepository = oak.createContentRepository();
        return new JcrRepositoryHacks(contentRepository, whiteboard, securityProvider, observationQueueLength, commitRateLimiter);
    }

    @Override
    protected void setup(BundleContext bundleContext, SlingRepository repository) {
        super.setup(bundleContext, repository);

        final Object o = this.getComponentContext().getProperties().get(ANONYMOUS_READ_PROP);
        if(o != null) {
            if(Boolean.valueOf(o.toString())) {
                log.warn("{} is true, granting anonymous user read access on /", ANONYMOUS_READ_PROP);
                Session s = null;
                try {
                    // TODO do we need to go via PrivilegeManager for the names? See OAK-1016 example.
                    s = repository.loginAdministrative(getDefaultWorkspace());
                    final String [] privileges = new String[] { Privilege.JCR_READ };
                    AccessControlUtils.addAccessControlEntry(
                            s,
                            "/",
                            EveryonePrincipal.getInstance(),
                            privileges,
                            true);
                    s.save();
                } catch (RepositoryException re) {
                    log.error("TODO: Failed setting up anonymous access", re);
                } finally {
                    if (s != null) {
                        s.logout();
                    }
                }
            } else {
                log.warn("TODO: should disable anonymous access when {} becomes false", ANONYMOUS_READ_PROP);
            }
        }
    }

    @SuppressWarnings("unchecked")
    @Override
    protected Dictionary<String, Object> getServiceRegistrationProperties() {
        return this.getComponentContext().getProperties();
    }

    @Override
    protected AbstractSlingRepository2 create(Bundle usingBundle) {
        return new OakSlingRepository(this, usingBundle, this.adminUserName);
    }

    @Override
    protected void destroy(AbstractSlingRepository2 repositoryServiceInstance) {
        // nothing to do, just drop the reference
    }

    @Override
    protected void disposeRepository(Repository repository) {
        this.indexProvider.stop();
        this.indexEditorProvider.stop();
        this.oakExecutorServiceReference.unregister();
        this.oakExecutorServiceReference = null;
        ((JcrRepositoryHacks) repository).shutdown();
        this.adminUserName = null;
    }

    private ComponentContext getComponentContext() {
        return componentContext;
    }

    @Activate
    private void activate(ComponentContext componentContext) {
        // FIXME GRANITE-2315
        Configuration.setConfiguration(ConfigurationUtil.getJackrabbit2Configuration(ConfigurationParameters.EMPTY));
        this.componentContext = componentContext;

        @SuppressWarnings("unchecked")
        Dictionary<String, Object> properties = componentContext.getProperties();
        final String defaultWorkspace = PropertiesUtil.toString(properties.get(PROPERTY_DEFAULT_WORKSPACE), "oak.sling");
        final boolean disableLoginAdministrative = !PropertiesUtil.toBoolean(
            properties.get(PROPERTY_LOGIN_ADMIN_ENABLED), DEFAULT_LOGIN_ADMIN_ENABLED);

        this.adminUserName = PropertiesUtil.toString(properties.get(PROPERTY_ADMIN_USER), DEFAULT_ADMIN_USER);
        this.observationQueueLength = getObservationQueueLength(componentContext);
        this.commitRateLimiter = getCommitRateLimiter(componentContext);
        this.threadPool = threadPoolManager.get("oak-observation");
        super.start(componentContext.getBundleContext(), defaultWorkspace, disableLoginAdministrative);
    }

    @Deactivate
    private void deactivate() {
        super.stop();
        this.componentContext = null;
        this.namespaceMapperRefs.clear();
        this.namespaceMappers = null;
        this.threadPoolManager.release(this.threadPool);
        this.threadPool = null;
        this.tearDown();
    }

    @SuppressWarnings("unused")
    private void bindNamespaceMapper(final NamespaceMapper namespaceMapper, final Map<String, Object> props) {
        synchronized (this.namespaceMapperRefs) {
            this.namespaceMapperRefs.put((Long)props.get(Constants.SERVICE_ID), namespaceMapper);
            this.namespaceMappers = this.namespaceMapperRefs.values().toArray(
                    new NamespaceMapper[this.namespaceMapperRefs.size()]);
        }
    }

    @SuppressWarnings("unused")
    private void unbindNamespaceMapper(final NamespaceMapper namespaceMapper, final Map<String, Object> props) {
        synchronized (this.namespaceMapperRefs) {
            this.namespaceMapperRefs.remove(props.get(Constants.SERVICE_ID));
            this.namespaceMappers = this.namespaceMapperRefs.values().toArray(
                    new NamespaceMapper[this.namespaceMapperRefs.size()]);
        }
    }

    private static NodeAggregator getNodeAggregator() {
        return new SimpleNodeAggregator()
            .newRuleWithName("nt:file", Arrays.asList(new String [] {"jcr:content"}))
            ;
    }


    private static final class ExtraSlingContent implements RepositoryInitializer {


        @Override
        public void initialize(NodeBuilder root) {
            if (root.hasChildNode(INDEX_DEFINITIONS_NAME)) {
                NodeBuilder index = root.child(INDEX_DEFINITIONS_NAME);

                // jcr:
                property(index, "jcrLanguage", "jcr:language");
                property(index, "jcrLockOwner", "jcr:lockOwner");

                // sling:
                property(index, "slingAlias", "sling:alias");
                property(index, "slingResource", "sling:resource");
                property(index, "slingResourceType", "sling:resourceType");
                property(index, "slingVanityPath", "sling:vanityPath");

                // various
                property(index, "event.job.topic", "event.job.topic");
                property(index, "extensionType", "extensionType");
                property(index, "lockCreated", "lock.created");
                property(index, "status", "status");
                property(index, "type", "type");

                // lucene full-text index
                if (!index.hasChildNode("lucene")) {
                    LuceneIndexHelper.newLuceneIndexDefinition(
                            index, "lucene", LuceneIndexHelper.JR_PROPERTY_INCLUDES,
                            of(
                               "jcr:createdBy",
                               "jcr:lastModifiedBy",
                               "sling:alias",
                               "sling:resourceType",
                               "sling:vanityPath"),
                            "async");
                }

            }
        }

        /**
         * A convenience method to create a non-unique property index.
         */
        private static void property(NodeBuilder index, String indexName, String propertyName) {
            if (!index.hasChildNode(indexName)) {
                createIndexDefinition(index, indexName, true, false, singleton(propertyName), null);
            }
        }

    }

    // TODO: use proper osgi configuration (once that works in oak)
    private static ConfigurationParameters buildSecurityConfig() {
        Map<String, Object> userConfig = new HashMap<String, Object>();
        userConfig.put(UserConstants.PARAM_GROUP_PATH, "/home/groups");
        userConfig.put(UserConstants.PARAM_USER_PATH, "/home/users");
        userConfig.put(UserConstants.PARAM_DEFAULT_DEPTH, 1);
        userConfig.put(AccessControlAction.USER_PRIVILEGE_NAMES, new String[] { PrivilegeConstants.JCR_ALL });
        userConfig.put(AccessControlAction.GROUP_PRIVILEGE_NAMES, new String[] { PrivilegeConstants.JCR_READ });
        userConfig.put(ProtectedItemImporter.PARAM_IMPORT_BEHAVIOR, ImportBehavior.NAME_BESTEFFORT);

        Map<String, Object> config = new HashMap<String, Object>();
        config.put(
                UserConfiguration.NAME,
                ConfigurationParameters.of(userConfig));
        return ConfigurationParameters.of(config);
    }

    private static int getObservationQueueLength(ComponentContext context) {
        Dictionary<?, ?> properties = context.getProperties();
        Object value = properties.get(OBSERVATION_QUEUE_LENGTH);
        if (isNullOrEmpty(value)) {
            value = context.getBundleContext().getProperty(OBSERVATION_QUEUE_LENGTH);
        }
        try {
            return Integer.parseInt(String.valueOf(value));
        } catch (NumberFormatException e) {
            return DEFAULT_OBSERVATION_QUEUE_LENGTH;
        }
    }

    private static CommitRateLimiter getCommitRateLimiter(ComponentContext context) {
        Dictionary<?, ?> properties = context.getProperties();
        Object value = properties.get(COMMIT_RATE_LIMIT);
        if (isNullOrEmpty(value)) {
            value = context.getBundleContext().getProperty(COMMIT_RATE_LIMIT);
        }
        return Boolean.parseBoolean(String.valueOf(value))
            ? new CommitRateLimiter()
            : null;
    }

    private static boolean isNullOrEmpty(Object value) {
        return (value == null || value.toString().trim().length() == 0);
    }
}
TOP

Related Classes of org.apache.sling.oak.server.OakSlingRepositoryManager

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.