Skip to content

Latest commit

 

History

History
134 lines (112 loc) · 10.8 KB

File metadata and controls

134 lines (112 loc) · 10.8 KB

AEM FileVault Content Package Namespace Validators

Build Status License Maven Central SonarCloud Quality Gate Status SonarCloud Coverage

Overview

Validates that FileVault content packages stick to certain namespacing rules. This is helpful to make sure that separate AEM applications may run in parallel on the same server without stepping on each other toes. This is particularly useful with multiple teams working on the same AEM environment (also outlined in Considerations for a multi-team setup).

There are several validators included in this artifact, all relate to namespacing rules for certain aspects of AEM:

  1. FileVault Content Package Filter (root attribute of each filter element)
  2. FileVault Content Package ID (both group and optionally name package properties)
  3. Oak Authorizables(rep:principalName and optionally rep:authorizableId properties of users/groups)
  4. Oak Query Index Definition (path restrictions for Lucene or Property index definitions)
  5. OSGi Configuration
  6. Sling Resource Type and Resource Super Type (sling:resourceType and sling:resourceSuperType properties)
  7. AEM Client Library (categories property)

Namespacing has been explicitly mentioned in Achim Koch's Blog: Hosting Multiple Tenants on AEM but obviously namespacing is just one of multiple aspects to consider for multi-tenant AEM environments.

Implementation

This artifact provides multiple validator implementations for the FileVault Validation Module and can be used for example with the filevault-package-maven-plugin like outlined below.

Settings

The following options are supported apart from the default settings mentioned in FileVault validation. Leaving the validators with the default options will not emit validation issues at all, i.e. none of the options are mandatory.

Validator ID Option Description
netcentric-filter-namespace allowedPathPatterns Comma-separated list of regular expression patterns. Each package filter root must match at least one of the given patterns.
netcentric-packageid-namespace allowedGroupPatterns Comma-separated list of regular expression patterns. The package's group must match at least one of the given patterns.
netcentric-packageid-namespace allowedNamePatterns Comma-separated list of regular expression patterns. The package's name must match at least one of the given patterns.
netcentric-authorizable-namespace allowedPrincipalNamePatterns Comma-separated list of regular expression patterns. The authorizable's rep:principalName must match at least one of the given patterns.
netcentric-authorizable-namespace allowedAuthorizableIdPatterns Comma-separated list of regular expression patterns. The authorizable's rep:authorizableId or its node name (if the property does not exist( must match at least one of the given patterns.
netcentric-authorizable-namespace allowedAuthorizableIdPatterns Comma-separated list of regular expression patterns. The authorizable's rep:authorizableId or its node name (if the property does not exist) must match at least one of the given patterns.
netcentric-oakindex-namespace allowedPathPatterns Comma-separated list of regular expression patterns. Each Oak index definition's path restriction (for lucene index types]oakindex-lucene-pathrestrictions or property index types) must match at least one of the given patterns.
netcentric-osgiconfig-namespace allowedPidPatterns Comma-separated list of regular expression patterns. Each (non-factory) configuration name given via the OSGi Installer must have a PID matching at least one of the given patterns.
netcentric-osgiconfig-namespace allowedFactoryPidNames Comma-separated list of regular expression patterns. Each factory configuration name given via the OSGi Installer must have a name matching at least one of the given patterns.
netcentric-osgiconfig-namespace restrictFactoryConfigurationsToAllowedPidPatterns Boolean flag, false by default. If set to true each factory configuration PID given via the OSGi Installer must also matching at least one of the given patterns from allowedPidPatterns.
netcentric-resourcetype-namespace allowedTypePatterns Comma-separated list of regular expression patterns. Each sling:resourceType property of arbitrary JCR nodes must match at least one of the given patterns.
netcentric-resourcetype-namespace allowedSuperTypePatterns Comma-separated list of regular expression patterns. Each sling:resourceSuperType property of arbitrary JCR nodes must match at least one of the given patterns.
netcentric-clientlibrary-namespace allowedCategoryPatterns Comma-separated list of regular expression patterns. Each client library's categories value must match at least one of the given patterns.

Due to the use of comma-separated strings it is not possible to use a comma within the regular expressions. However, as those are matched against names/paths (which don't allow a comma anyhow) using the comma inside the regular expressions shouldn't be necessary anyhow.

Fix Violations

Make the relevant attribute value/name/property value match one of the given patterns.

Usage with Maven

You can use this validator with the FileVault Package Maven Plugin in version 1.4.0 or higher like this

<plugin>
  <groupId>org.apache.jackrabbit</groupId>
  <artifactId>filevault-package-maven-plugin</artifactId>
  <configuration>
    <validatorsSettings>
      <netcentric-authorizable-namespace>
        <options>
            <allowedPrincipalNamePatterns>mytenant-.*</allowedPrincipalNamePatterns>
            <allowedAuthorizableIdPatterns>mytenant-.*</allowedAuthorizableIdPatterns>
        </options>
      </netcentric-authorizable-namespace>
      <netcentric-clientlibrary-namespace>
        <options>
            <allowedCategoryPatterns>mytenant-.*</allowedCategoryPatterns>
        </options>
      </netcentric-clientlibrary-namespace>
     <netcentric-filter-namespace>
        <options>
            <allowedFilterRootPatterns>/apps/mytenant(/.*)?,/conf/mytenant(/.*)?,/home/users/mytenant(/.*)?,/oak:index/mytenant-(.*)</allowedFilterRootPatterns>
        </options>
      </netcentric-filter-namespace>
      <netcentric-oakindex-namespace>
        <options>
            <allowedPathPatterns>/content/mytenant(/.*)?</allowedPathPatterns>
        </options>
      </netcentric-oakindex-namespace>
      <netcentric-osgiconfig-namespace>
        <options>
            <allowedPidPatterns>com\.example\.mytenant\..*</allowedPidPatterns>
            <allowedFactoryPidNames>name.*</allowedFactoryPidNames>
            <restrictFactoryConfigurationsToAllowedPidPatterns>true</restrictFactoryConfigurationsToAllowedPidPatterns>
        </options>
      </netcentric-osgiconfig-namespace>
      <netcentric-packageid-namespace>
        <options>
             <allowedGroupPatterns>biz\.netcentric\.filevault\.validator\.aem\.namespace\.it</allowedGroupPatterns>
             <allowedNamePatterns>.*-package</allowedNamePatterns>
        </options>
      </netcentric-packageid-namespace>
      <netcentric-resourcetype-namespace>
        <options>
            <allowedSuperTypePatterns>/apps/mytenant2/components/.*</allowedSuperTypePatterns>
            <allowedTypePatterns>/apps/mytenant2/components/.*</allowedTypePatterns>
        </options>
      </netcentric-resourcetype-namespace>
    </validatorsSettings>
  </configuration>
  <dependencies>
    <dependency>
      <groupId>biz.netcentric.filevault.validators</groupId>
      <artifactId>aem-content-package-namespace-validators</artifactId>
      <version><latestversion></version>
    </dependency>
  </dependencies>
</plugin>

Adobe, and AEM are either registered trademarks or trademarks of Adobe in the United States and/or other countries.