Index: oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java (revision 1882148) +++ oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java (date 1601480669000) @@ -28,15 +28,6 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; -import org.apache.felix.scr.annotations.Activate; -import org.apache.felix.scr.annotations.Component; -import org.apache.felix.scr.annotations.ConfigurationPolicy; -import org.apache.felix.scr.annotations.Modified; -import org.apache.felix.scr.annotations.Properties; -import org.apache.felix.scr.annotations.Property; -import org.apache.felix.scr.annotations.Reference; -import org.apache.felix.scr.annotations.ReferenceCardinality; -import org.apache.felix.scr.annotations.Service; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.namepath.NamePathMapper; @@ -50,7 +41,6 @@ import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider; import org.apache.jackrabbit.oak.spi.mount.Mounts; import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; -import org.apache.jackrabbit.oak.spi.security.CompositeConfiguration; import org.apache.jackrabbit.oak.spi.security.ConfigurationBase; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.Context; @@ -66,44 +56,54 @@ import org.apache.jackrabbit.oak.spi.state.NodeStore; import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter; import org.jetbrains.annotations.NotNull; +import org.osgi.service.component.annotations.Activate; +import org.osgi.service.component.annotations.Component; +import org.osgi.service.component.annotations.ConfigurationPolicy; +import org.osgi.service.component.annotations.Modified; +import org.osgi.service.component.annotations.Reference; +import org.osgi.service.component.annotations.ReferenceCardinality; +import org.osgi.service.metatype.annotations.AttributeDefinition; +import org.osgi.service.metatype.annotations.Designate; +import org.osgi.service.metatype.annotations.ObjectClassDefinition; import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME; -@Component(metatype = true, - label = "Apache Jackrabbit Oak CUG Configuration", - description = "Authorization configuration dedicated to setup and evaluate 'Closed User Group' permissions.", - policy = ConfigurationPolicy.REQUIRE) -@Service({AuthorizationConfiguration.class, SecurityConfiguration.class}) -@Properties({ - @Property(name = CugConstants.PARAM_CUG_SUPPORTED_PATHS, - label = "Supported Paths", - description = "Paths under which CUGs can be created and will be evaluated.", - cardinality = Integer.MAX_VALUE), - @Property(name = CugConstants.PARAM_CUG_ENABLED, - label = "CUG Evaluation Enabled", - description = "Flag to enable the evaluation of the configured CUG policies.", - boolValue = false), - @Property(name = CompositeConfiguration.PARAM_RANKING, - label = "Ranking", - description = "Ranking of this configuration in a setup with multiple authorization configurations.", - intValue = 200), - @Property(name = OAK_SECURITY_NAME, - propertyPrivate = true, - value = "org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugConfiguration") -}) +@Component( + service = {AuthorizationConfiguration.class, SecurityConfiguration.class}, + property = OAK_SECURITY_NAME + "=org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugConfiguration", + configurationPolicy = ConfigurationPolicy.REQUIRE) +@Designate(ocd = CugConfiguration.Configuration.class) public class CugConfiguration extends ConfigurationBase implements AuthorizationConfiguration, CugConstants { + @ObjectClassDefinition(name = "Apache Jackrabbit Oak CUG Configuration", + description = "Authorization configuration dedicated to setup and evaluate 'Closed User Group' permissions.") + @interface Configuration { + @AttributeDefinition( + name = "Supported Paths", + description = "Paths under which CUGs can be created and will be evaluated.", + cardinality = Integer.MAX_VALUE) + String[] cugSupportedPaths() default {}; + + @AttributeDefinition( + name = "CUG Evaluation Enabled", + description = "Flag to enable the evaluation of the configured CUG policies.") + boolean cugEnabled() default false; + + @AttributeDefinition( + name = "Ranking", + description = "Ranking of this configuration in a setup with multiple authorization configurations.") + int configurationRanking() default 200; + } + /** * Reference to services implementing {@link org.apache.jackrabbit.oak.spi.security.authorization.cug.CugExclude}. */ - @Reference(cardinality = ReferenceCardinality.MANDATORY_UNARY) private CugExclude exclude; /** * Reference to service implementing {@link MountInfoProvider} to make the * CUG authorization model multiplexing aware. */ - @Reference private MountInfoProvider mountInfoProvider = Mounts.defaultMountInfoProvider(); private Set supportedPaths = ImmutableSet.of(); @@ -206,6 +206,7 @@ activate(properties); } + @Reference(name="mountInfoProvider") public void bindMountInfoProvider(MountInfoProvider mountInfoProvider) { this.mountInfoProvider = mountInfoProvider; } @@ -216,6 +217,7 @@ this.mountInfoProvider = null; } + @Reference(name="exclude", cardinality = ReferenceCardinality.MANDATORY) public void bindExclude(CugExclude exclude) { this.exclude = exclude; } Index: oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeImpl.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeImpl.java (revision 1882148) +++ oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeImpl.java (date 1601480619000) @@ -21,35 +21,36 @@ import java.util.Map; import java.util.Set; import com.google.common.collect.ImmutableSet; -import org.apache.felix.scr.annotations.Activate; -import org.apache.felix.scr.annotations.Component; -import org.apache.felix.scr.annotations.Modified; -import org.apache.felix.scr.annotations.Properties; -import org.apache.felix.scr.annotations.Property; -import org.apache.felix.scr.annotations.Service; import org.apache.jackrabbit.oak.commons.PropertiesUtil; import org.apache.jackrabbit.oak.spi.security.authorization.cug.CugExclude; import org.jetbrains.annotations.NotNull; +import org.osgi.service.component.annotations.Activate; +import org.osgi.service.component.annotations.Component; +import org.osgi.service.component.annotations.Modified; +import org.osgi.service.metatype.annotations.AttributeDefinition; +import org.osgi.service.metatype.annotations.Designate; +import org.osgi.service.metatype.annotations.ObjectClassDefinition; /** * Extension of the default {@link org.apache.jackrabbit.oak.spi.security.authorization.cug.CugExclude} * implementation that allow to specify additional principal names to be excluded * from CUG evaluation. */ -@Component(metatype = true, - immediate = true, - label = "Apache Jackrabbit Oak CUG Exclude List", - description = "Exclude principal(s) from CUG evaluation. In addition to the " + - "principals defined by the default CugExclude ('AdminPrincipal', 'SystemPrincipal', 'SystemUserPrincipal' classes), " + - "this component allows to optionally configure additional principals by name.") -@Service({CugExclude.class}) -@Properties({ - @Property(name = "principalNames", - label = "Principal Names", +@Component(service = CugExclude.class, immediate = true) +@Designate(ocd = CugExcludeImpl.Configuration.class) +public class CugExcludeImpl extends CugExclude.Default { + + @ObjectClassDefinition(name = "Apache Jackrabbit Oak CUG Exclude List", + description = "Exclude principal(s) from CUG evaluation. In addition to the " + + "principals defined by the default CugExclude ('AdminPrincipal', 'SystemPrincipal', 'SystemUserPrincipal' classes), " + + "this component allows to optionally configure additional principals by name.") + @interface Configuration { + @AttributeDefinition( + name = "Principal Names", description = "Name(s) of additional principal(s) that are excluded from CUG evaluation.", cardinality = Integer.MAX_VALUE) -}) -public class CugExcludeImpl extends CugExclude.Default { + String[] principalNames() default {}; + } private Set principalNames = Collections.emptySet(); Index: oak-authorization-cug/pom.xml IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/pom.xml (revision 1882148) +++ oak-authorization-cug/pom.xml (date 1601478503000) @@ -87,6 +87,7 @@ oak-core ${project.version} + com.google.guava @@ -123,14 +124,17 @@ provided - org.apache.felix - org.apache.felix.scr.annotations + org.osgi + org.osgi.annotation provided org.osgi - org.osgi.annotation - provided + org.osgi.service.component.annotations + + + org.osgi + org.osgi.service.metatype.annotations