From f98bbb01cfdcc161a63bfb0b670e1c91a6dc49b1 Mon Sep 17 00:00:00 2001 From: Konrad Windszus Date: Sat, 30 Nov 2024 13:10:57 +0100 Subject: [PATCH] Initial commit --- .github/workflows/maven.yml | 96 ++++ .gitignore | 189 +++++++ LICENSE.txt | 277 +++++++++++ README.md | 126 +++++ license-header.txt | 12 + pom.xml | 464 ++++++++++++++++++ .../application-package/pom.xml | 24 + .../src/main/META-INF/vault/filter.xml | 7 + .../_oak_index/mytenant-custom-1/.content.xml | 11 + .../apps/mytenant/_sling_configs/.content.xml | 3 + .../.content.xml | 8 + .../apps/mytenant/clientlibrary1/.content.xml | 4 + .../components/component1/.content.xml | 4 + .../src/main/jcr_root/apps/mytenant/test.txt | 0 .../container-package/pom.xml | 23 + .../src/main/META-INF/vault/filter.xml | 5 + ...com.example.mytenant.MyComponent2.cfg.json | 4 + ...example.mytenant.MyComponent~name.cfg.json | 4 + .../inside-namespace/content-package/pom.xml | 27 + .../src/main/META-INF/vault/filter.xml | 7 + .../conf/mytenant/my-segment/.content.xml | 13 + .../home/users/mytenant/myuser/.content.xml | 9 + src/it/inside-namespace/invoker.properties | 2 + src/it/inside-namespace/pom.xml | 145 ++++++ .../application-package/pom.xml | 24 + .../src/main/META-INF/vault/filter.xml | 7 + .../src/main/jcr_root/_oak_index/.content.xml | 4 + .../_oak_index/mytenant-custom-1/.content.xml | 11 + .../apps/mytenant/_sling_configs/.content.xml | 3 + .../.content.xml | 8 + .../apps/mytenant/clientlibrary1/.content.xml | 4 + .../components/component1/.content.xml | 5 + .../src/main/jcr_root/apps/mytenant/test.txt | 0 .../container-package/pom.xml | 23 + .../src/main/META-INF/vault/filter.xml | 5 + ...com.example.mytenant.MyComponent2.cfg.json | 4 + ...example.mytenant.MyComponent~name.cfg.json | 4 + .../outside-namespace/content-package/pom.xml | 27 + .../src/main/META-INF/vault/filter.xml | 7 + .../conf/mytenant/my-segment/.content.xml | 12 + .../home/users/mytenant/myuser/.content.xml | 9 + src/it/outside-namespace/invoker.properties | 3 + src/it/outside-namespace/pom.xml | 151 ++++++ src/it/outside-namespace/verify.groovy | 38 ++ ...stractPatternSettingsValidatorFactory.java | 90 ++++ .../AuthorizableNamespaceValidator.java | 102 ++++ ...AuthorizableNamespaceValidatorFactory.java | 40 ++ .../ClientLibraryNamespaceValidator.java | 72 +++ ...lientLibraryNamespaceValidatorFactory.java | 37 ++ .../namespace/FilterNamespaceValidator.java | 61 +++ .../FilterNamespaceValidatorFactory.java | 38 ++ .../namespace/OakIndexNamespaceValidator.java | 93 ++++ .../OakIndexNamespaceValidatorFactory.java | 37 ++ .../OsgiConfigurationNamespaceValidator.java | 92 ++++ ...onfigurationNamespaceValidatorFactory.java | 43 ++ .../PackageIdNamespaceValidator.java | 77 +++ .../PackageIdNamespaceValidatorFactory.java | 39 ++ .../ResourceTypeNamespaceValidator.java | 91 ++++ ...ResourceTypeNamespaceValidatorFactory.java | 39 ++ 59 files changed, 2764 insertions(+) create mode 100644 .github/workflows/maven.yml create mode 100644 .gitignore create mode 100644 LICENSE.txt create mode 100644 README.md create mode 100644 license-header.txt create mode 100644 pom.xml create mode 100644 src/it/inside-namespace/application-package/pom.xml create mode 100644 src/it/inside-namespace/application-package/src/main/META-INF/vault/filter.xml create mode 100644 src/it/inside-namespace/application-package/src/main/jcr_root/_oak_index/mytenant-custom-1/.content.xml create mode 100644 src/it/inside-namespace/application-package/src/main/jcr_root/apps/mytenant/_sling_configs/.content.xml create mode 100644 src/it/inside-namespace/application-package/src/main/jcr_root/apps/mytenant/_sling_configs/com.adobe.cq.wcm.core.components.internal.DataLayerConfig/.content.xml create mode 100644 src/it/inside-namespace/application-package/src/main/jcr_root/apps/mytenant/clientlibrary1/.content.xml create mode 100644 src/it/inside-namespace/application-package/src/main/jcr_root/apps/mytenant/components/component1/.content.xml create mode 100644 src/it/inside-namespace/application-package/src/main/jcr_root/apps/mytenant/test.txt create mode 100644 src/it/inside-namespace/container-package/pom.xml create mode 100644 src/it/inside-namespace/container-package/src/main/META-INF/vault/filter.xml create mode 100644 src/it/inside-namespace/container-package/src/main/jcr_root/apps/mytenant/config/com.example.mytenant.MyComponent2.cfg.json create mode 100644 src/it/inside-namespace/container-package/src/main/jcr_root/apps/mytenant/config/com.example.mytenant.MyComponent~name.cfg.json create mode 100644 src/it/inside-namespace/content-package/pom.xml create mode 100644 src/it/inside-namespace/content-package/src/main/META-INF/vault/filter.xml create mode 100644 src/it/inside-namespace/content-package/src/main/jcr_root/conf/mytenant/my-segment/.content.xml create mode 100644 src/it/inside-namespace/content-package/src/main/jcr_root/home/users/mytenant/myuser/.content.xml create mode 100644 src/it/inside-namespace/invoker.properties create mode 100644 src/it/inside-namespace/pom.xml create mode 100644 src/it/outside-namespace/application-package/pom.xml create mode 100644 src/it/outside-namespace/application-package/src/main/META-INF/vault/filter.xml create mode 100644 src/it/outside-namespace/application-package/src/main/jcr_root/_oak_index/.content.xml create mode 100644 src/it/outside-namespace/application-package/src/main/jcr_root/_oak_index/mytenant-custom-1/.content.xml create mode 100644 src/it/outside-namespace/application-package/src/main/jcr_root/apps/mytenant/_sling_configs/.content.xml create mode 100644 src/it/outside-namespace/application-package/src/main/jcr_root/apps/mytenant/_sling_configs/com.adobe.cq.wcm.core.components.internal.DataLayerConfig/.content.xml create mode 100644 src/it/outside-namespace/application-package/src/main/jcr_root/apps/mytenant/clientlibrary1/.content.xml create mode 100644 src/it/outside-namespace/application-package/src/main/jcr_root/apps/mytenant/components/component1/.content.xml create mode 100644 src/it/outside-namespace/application-package/src/main/jcr_root/apps/mytenant/test.txt create mode 100644 src/it/outside-namespace/container-package/pom.xml create mode 100644 src/it/outside-namespace/container-package/src/main/META-INF/vault/filter.xml create mode 100644 src/it/outside-namespace/container-package/src/main/jcr_root/apps/mytenant/config/com.example.mytenant.MyComponent2.cfg.json create mode 100644 src/it/outside-namespace/container-package/src/main/jcr_root/apps/mytenant/config/com.example.mytenant.MyComponent~name.cfg.json create mode 100644 src/it/outside-namespace/content-package/pom.xml create mode 100644 src/it/outside-namespace/content-package/src/main/META-INF/vault/filter.xml create mode 100644 src/it/outside-namespace/content-package/src/main/jcr_root/conf/mytenant/my-segment/.content.xml create mode 100644 src/it/outside-namespace/content-package/src/main/jcr_root/home/users/mytenant/myuser/.content.xml create mode 100644 src/it/outside-namespace/invoker.properties create mode 100644 src/it/outside-namespace/pom.xml create mode 100644 src/it/outside-namespace/verify.groovy create mode 100644 src/main/java/biz/netcentric/filevault/validator/aem/namespace/AbstractPatternSettingsValidatorFactory.java create mode 100644 src/main/java/biz/netcentric/filevault/validator/aem/namespace/AuthorizableNamespaceValidator.java create mode 100644 src/main/java/biz/netcentric/filevault/validator/aem/namespace/AuthorizableNamespaceValidatorFactory.java create mode 100644 src/main/java/biz/netcentric/filevault/validator/aem/namespace/ClientLibraryNamespaceValidator.java create mode 100644 src/main/java/biz/netcentric/filevault/validator/aem/namespace/ClientLibraryNamespaceValidatorFactory.java create mode 100644 src/main/java/biz/netcentric/filevault/validator/aem/namespace/FilterNamespaceValidator.java create mode 100644 src/main/java/biz/netcentric/filevault/validator/aem/namespace/FilterNamespaceValidatorFactory.java create mode 100644 src/main/java/biz/netcentric/filevault/validator/aem/namespace/OakIndexNamespaceValidator.java create mode 100644 src/main/java/biz/netcentric/filevault/validator/aem/namespace/OakIndexNamespaceValidatorFactory.java create mode 100644 src/main/java/biz/netcentric/filevault/validator/aem/namespace/OsgiConfigurationNamespaceValidator.java create mode 100644 src/main/java/biz/netcentric/filevault/validator/aem/namespace/OsgiConfigurationNamespaceValidatorFactory.java create mode 100644 src/main/java/biz/netcentric/filevault/validator/aem/namespace/PackageIdNamespaceValidator.java create mode 100644 src/main/java/biz/netcentric/filevault/validator/aem/namespace/PackageIdNamespaceValidatorFactory.java create mode 100644 src/main/java/biz/netcentric/filevault/validator/aem/namespace/ResourceTypeNamespaceValidator.java create mode 100644 src/main/java/biz/netcentric/filevault/validator/aem/namespace/ResourceTypeNamespaceValidatorFactory.java diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml new file mode 100644 index 0000000..813545d --- /dev/null +++ b/.github/workflows/maven.yml @@ -0,0 +1,96 @@ +name: maven-cicd + +on: + # for regular master build (after the merge) + push: + branches: + - main + # for PRs from forked repos and non forked repos + # in order to write status info to the PR we require write repository token (https://github.blog/2020-08-03-github-actions-improvements-for-fork-and-pull-request-workflows/) + pull_request: + branches: + - main + types: [opened, synchronize, reopened] + +# restrict privileges except for setting commit status, adding PR comments and writing statuses +permissions: + actions: read + checks: write + contents: read + deployments: read + issues: read + packages: read + pull-requests: write + repository-projects: read + security-events: read + statuses: write + +jobs: + build: + strategy: + matrix: + os: [ubuntu-latest, macos-latest, windows-latest] + jdk: [11, 17, 21] + include: + # lengthy build steps should only be performed on linux with Java 17 (Sonarcloud analysis, deployment) + - os: ubuntu-latest + jdk: 17 + isMainBuildEnv: true + namePrefix: 'Main ' + fail-fast: false + + name: ${{ matrix.namePrefix }} Maven build (${{ matrix.os }}, JDK ${{ matrix.jdk }}) + runs-on: ${{ matrix.os }} + + steps: + - name: Checkout + uses: actions/checkout@v4 + # always act on the modified source code (even for event pull_request_target) + # is considered potentially unsafe (https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) but actions are only executed after approval from committers + with: + ref: ${{ github.event.pull_request.head.sha }} + # no additional git operations after checkout triggered in workflow, no need to store credentials + persist-credentials: false + + - name: Set up JDK + uses: actions/setup-java@v4 + with: + cache: 'maven' + distribution: 'temurin' + java-version: ${{ matrix.jdk }} + # generate settings.xml with the correct values + server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml + server-username: MAVEN_USERNAME # env variable for username in deploy + server-password: MAVEN_PASSWORD # env variable for token in deploy + + # sets environment variables to be used in subsequent steps: https://docs.github.com/en/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable + - name: Set environment variables + shell: bash + run: | + if [ "${{ matrix.isMainBuildEnv }}" = "true" ]; then + echo "MVN_ADDITIONAL_OPTS=-Dsonar.projectKey=Netcentric_aem-replication-metadata-validator -Dsonar.organization=netcentric -Dsonar.host.url=https://sonarcloud.io -Pjacoco-report" >> $GITHUB_ENV + if [ "${{github.ref}}" = "refs/heads/main" ] && [ "${{github.event_name}}" = "push" ]; then + echo "MAVEN_USERNAME=${{ secrets.OSSRH_TOKEN_USER }}" >> $GITHUB_ENV + echo "MAVEN_PASSWORD=${{ secrets.OSSRH_TOKEN_PASSWORD }}" >> $GITHUB_ENV + echo "MVN_GOAL=clean deploy org.sonarsource.scanner.maven:sonar-maven-plugin:sonar" >> $GITHUB_ENV + echo "STEP_NAME_SUFFIX=(Deploys to OSSRH)" >> $GITHUB_ENV + else + echo "MVN_GOAL=clean verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar" >> $GITHUB_ENV + fi + else + echo "MVN_ADDITIONAL_OPTS=" >> $GITHUB_ENV + echo "MVN_GOAL=clean verify" >> $GITHUB_ENV + fi + - name: ${{ matrix.namePrefix }} Build with Maven ${{ env.STEP_NAME_SUFFIX }} + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: mvn -e -B -V ${{ env.MVN_GOAL }} ${{ env.MVN_ADDITIONAL_OPTS }} + + - name: Publish Test Report + if: ${{ always() }} # make sure to run even if previous Maven execution failed (due to failed test) + uses: EnricoMi/publish-unit-test-result-action/composite@v2 + with: + files: | + target/invoker-reports/TEST-*.xml + check_name: Test report (${{ matrix.os }}, JDK ${{ matrix.jdk }}) \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..71a9a13 --- /dev/null +++ b/.gitignore @@ -0,0 +1,189 @@ + +# Created by https://www.gitignore.io/api/java,maven,eclipse,intellij+iml +# Edit at https://www.gitignore.io/?templates=java,maven,eclipse,intellij+iml + +### Eclipse ### +.metadata +bin/ +tmp/ +*.tmp +*.bak +*.swp +*~.nib +local.properties +.settings/ +.loadpath +.recommenders + +# External tool builders +.externalToolBuilders/ + +# Locally stored "Eclipse launch configurations" +*.launch + +# PyDev specific (Python IDE for Eclipse) +*.pydevproject + +# CDT-specific (C/C++ Development Tooling) +.cproject + +# CDT- autotools +.autotools + +# Java annotation processor (APT) +.factorypath + +# PDT-specific (PHP Development Tools) +.buildpath + +# sbteclipse plugin +.target + +# Tern plugin +.tern-project + +# TeXlipse plugin +.texlipse + +# STS (Spring Tool Suite) +.springBeans + +# Code Recommenders +.recommenders/ + +# Annotation Processing +.apt_generated/ + +# Scala IDE specific (Scala & Java development for Eclipse) +.cache-main +.scala_dependencies +.worksheet + +### Eclipse Patch ### +# Eclipse Core +.project + +# JDT-specific (Eclipse Java Development Tools) +.classpath + +# Annotation Processing +.apt_generated + +.sts4-cache/ + +### Intellij+iml ### +# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm +# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 + +# User-specific stuff +.idea/**/workspace.xml +.idea/**/tasks.xml +.idea/**/usage.statistics.xml +.idea/**/dictionaries +.idea/**/shelf + +# Generated files +.idea/**/contentModel.xml + +# Sensitive or high-churn files +.idea/**/dataSources/ +.idea/**/dataSources.ids +.idea/**/dataSources.local.xml +.idea/**/sqlDataSources.xml +.idea/**/dynamic.xml +.idea/**/uiDesigner.xml +.idea/**/dbnavigator.xml + +# Gradle +.idea/**/gradle.xml +.idea/**/libraries + +# Gradle and Maven with auto-import +# When using Gradle or Maven with auto-import, you should exclude module files, +# since they will be recreated, and may cause churn. Uncomment if using +# auto-import. +# .idea/modules.xml +# .idea/*.iml +# .idea/modules +# *.iml +# *.ipr + +# CMake +cmake-build-*/ + +# Mongo Explorer plugin +.idea/**/mongoSettings.xml + +# File-based project format +*.iws + +# IntelliJ +out/ + +# mpeltonen/sbt-idea plugin +.idea_modules/ + +# JIRA plugin +atlassian-ide-plugin.xml + +# Cursive Clojure plugin +.idea/replstate.xml + +# Crashlytics plugin (for Android Studio and IntelliJ) +com_crashlytics_export_strings.xml +crashlytics.properties +crashlytics-build.properties +fabric.properties + +# Editor-based Rest Client +.idea/httpRequests + +# Android studio 3.1+ serialized cache file +.idea/caches/build_file_checksums.ser + +### Intellij+iml Patch ### +# Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-249601023 + +*.iml +modules.xml +.idea/misc.xml +*.ipr + +### Java ### +# Compiled class file +*.class + +# Log file +*.log + +# BlueJ files +*.ctxt + +# Mobile Tools for Java (J2ME) +.mtj.tmp/ + +# Package Files # +*.war +*.nar +*.ear +*.zip +*.tar.gz +*.rar + +# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml +hs_err_pid* + +### Maven ### +target/ +pom.xml.tag +pom.xml.releaseBackup +pom.xml.versionsBackup +pom.xml.next +release.properties +dependency-reduced-pom.xml +buildNumber.properties +.mvn/timing.properties +.mvn/wrapper/maven-wrapper.jar +.flattened-pom.xml + +# End of https://www.gitignore.io/api/java,maven,eclipse,intellij+iml \ No newline at end of file diff --git a/LICENSE.txt b/LICENSE.txt new file mode 100644 index 0000000..e23ece2 --- /dev/null +++ b/LICENSE.txt @@ -0,0 +1,277 @@ +Eclipse Public License - v 2.0 + + THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE + PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR DISTRIBUTION + OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS AGREEMENT. + +1. DEFINITIONS + +"Contribution" means: + + a) in the case of the initial Contributor, the initial content + Distributed under this Agreement, and + + b) in the case of each subsequent Contributor: + i) changes to the Program, and + ii) additions to the Program; + where such changes and/or additions to the Program originate from + and are Distributed by that particular Contributor. A Contribution + "originates" from a Contributor if it was added to the Program by + such Contributor itself or anyone acting on such Contributor's behalf. + Contributions do not include changes or additions to the Program that + are not Modified Works. + +"Contributor" means any person or entity that Distributes the Program. + +"Licensed Patents" mean patent claims licensable by a Contributor which +are necessarily infringed by the use or sale of its Contribution alone +or when combined with the Program. + +"Program" means the Contributions Distributed in accordance with this +Agreement. + +"Recipient" means anyone who receives the Program under this Agreement +or any Secondary License (as applicable), including Contributors. + +"Derivative Works" shall mean any work, whether in Source Code or other +form, that is based on (or derived from) the Program and for which the +editorial revisions, annotations, elaborations, or other modifications +represent, as a whole, an original work of authorship. + +"Modified Works" shall mean any work in Source Code or other form that +results from an addition to, deletion from, or modification of the +contents of the Program, including, for purposes of clarity any new file +in Source Code form that contains any contents of the Program. Modified +Works shall not include works that contain only declarations, +interfaces, types, classes, structures, or files of the Program solely +in each case in order to link to, bind by name, or subclass the Program +or Modified Works thereof. + +"Distribute" means the acts of a) distributing or b) making available +in any manner that enables the transfer of a copy. + +"Source Code" means the form of a Program preferred for making +modifications, including but not limited to software source code, +documentation source, and configuration files. + +"Secondary License" means either the GNU General Public License, +Version 2.0, or any later versions of that license, including any +exceptions or additional permissions as identified by the initial +Contributor. + +2. GRANT OF RIGHTS + + a) Subject to the terms of this Agreement, each Contributor hereby + grants Recipient a non-exclusive, worldwide, royalty-free copyright + license to reproduce, prepare Derivative Works of, publicly display, + publicly perform, Distribute and sublicense the Contribution of such + Contributor, if any, and such Derivative Works. + + b) Subject to the terms of this Agreement, each Contributor hereby + grants Recipient a non-exclusive, worldwide, royalty-free patent + license under Licensed Patents to make, use, sell, offer to sell, + import and otherwise transfer the Contribution of such Contributor, + if any, in Source Code or other form. This patent license shall + apply to the combination of the Contribution and the Program if, at + the time the Contribution is added by the Contributor, such addition + of the Contribution causes such combination to be covered by the + Licensed Patents. The patent license shall not apply to any other + combinations which include the Contribution. No hardware per se is + licensed hereunder. + + c) Recipient understands that although each Contributor grants the + licenses to its Contributions set forth herein, no assurances are + provided by any Contributor that the Program does not infringe the + patent or other intellectual property rights of any other entity. + Each Contributor disclaims any liability to Recipient for claims + brought by any other entity based on infringement of intellectual + property rights or otherwise. As a condition to exercising the + rights and licenses granted hereunder, each Recipient hereby + assumes sole responsibility to secure any other intellectual + property rights needed, if any. For example, if a third party + patent license is required to allow Recipient to Distribute the + Program, it is Recipient's responsibility to acquire that license + before distributing the Program. + + d) Each Contributor represents that to its knowledge it has + sufficient copyright rights in its Contribution, if any, to grant + the copyright license set forth in this Agreement. + + e) Notwithstanding the terms of any Secondary License, no + Contributor makes additional grants to any Recipient (other than + those set forth in this Agreement) as a result of such Recipient's + receipt of the Program under the terms of a Secondary License + (if permitted under the terms of Section 3). + +3. REQUIREMENTS + +3.1 If a Contributor Distributes the Program in any form, then: + + a) the Program must also be made available as Source Code, in + accordance with section 3.2, and the Contributor must accompany + the Program with a statement that the Source Code for the Program + is available under this Agreement, and informs Recipients how to + obtain it in a reasonable manner on or through a medium customarily + used for software exchange; and + + b) the Contributor may Distribute the Program under a license + different than this Agreement, provided that such license: + i) effectively disclaims on behalf of all other Contributors all + warranties and conditions, express and implied, including + warranties or conditions of title and non-infringement, and + implied warranties or conditions of merchantability and fitness + for a particular purpose; + + ii) effectively excludes on behalf of all other Contributors all + liability for damages, including direct, indirect, special, + incidental and consequential damages, such as lost profits; + + iii) does not attempt to limit or alter the recipients' rights + in the Source Code under section 3.2; and + + iv) requires any subsequent distribution of the Program by any + party to be under a license that satisfies the requirements + of this section 3. + +3.2 When the Program is Distributed as Source Code: + + a) it must be made available under this Agreement, or if the + Program (i) is combined with other material in a separate file or + files made available under a Secondary License, and (ii) the initial + Contributor attached to the Source Code the notice described in + Exhibit A of this Agreement, then the Program may be made available + under the terms of such Secondary Licenses, and + + b) a copy of this Agreement must be included with each copy of + the Program. + +3.3 Contributors may not remove or alter any copyright, patent, +trademark, attribution notices, disclaimers of warranty, or limitations +of liability ("notices") contained within the Program from any copy of +the Program which they Distribute, provided that Contributors may add +their own appropriate notices. + +4. COMMERCIAL DISTRIBUTION + +Commercial distributors of software may accept certain responsibilities +with respect to end users, business partners and the like. While this +license is intended to facilitate the commercial use of the Program, +the Contributor who includes the Program in a commercial product +offering should do so in a manner which does not create potential +liability for other Contributors. Therefore, if a Contributor includes +the Program in a commercial product offering, such Contributor +("Commercial Contributor") hereby agrees to defend and indemnify every +other Contributor ("Indemnified Contributor") against any losses, +damages and costs (collectively "Losses") arising from claims, lawsuits +and other legal actions brought by a third party against the Indemnified +Contributor to the extent caused by the acts or omissions of such +Commercial Contributor in connection with its distribution of the Program +in a commercial product offering. The obligations in this section do not +apply to any claims or Losses relating to any actual or alleged +intellectual property infringement. In order to qualify, an Indemnified +Contributor must: a) promptly notify the Commercial Contributor in +writing of such claim, and b) allow the Commercial Contributor to control, +and cooperate with the Commercial Contributor in, the defense and any +related settlement negotiations. The Indemnified Contributor may +participate in any such claim at its own expense. + +For example, a Contributor might include the Program in a commercial +product offering, Product X. That Contributor is then a Commercial +Contributor. If that Commercial Contributor then makes performance +claims, or offers warranties related to Product X, those performance +claims and warranties are such Commercial Contributor's responsibility +alone. Under this section, the Commercial Contributor would have to +defend claims against the other Contributors related to those performance +claims and warranties, and if a court requires any other Contributor to +pay any damages as a result, the Commercial Contributor must pay +those damages. + +5. NO WARRANTY + +EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT +PERMITTED BY APPLICABLE LAW, THE PROGRAM IS PROVIDED ON AN "AS IS" +BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, EITHER EXPRESS OR +IMPLIED INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OR CONDITIONS OF +TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR +PURPOSE. Each Recipient is solely responsible for determining the +appropriateness of using and distributing the Program and assumes all +risks associated with its exercise of rights under this Agreement, +including but not limited to the risks and costs of program errors, +compliance with applicable laws, damage to or loss of data, programs +or equipment, and unavailability or interruption of operations. + +6. DISCLAIMER OF LIABILITY + +EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, AND TO THE EXTENT +PERMITTED BY APPLICABLE LAW, NEITHER RECIPIENT NOR ANY CONTRIBUTORS +SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOST +PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OR DISTRIBUTION OF THE PROGRAM OR THE +EXERCISE OF ANY RIGHTS GRANTED HEREUNDER, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + +7. GENERAL + +If any provision of this Agreement is invalid or unenforceable under +applicable law, it shall not affect the validity or enforceability of +the remainder of the terms of this Agreement, and without further +action by the parties hereto, such provision shall be reformed to the +minimum extent necessary to make such provision valid and enforceable. + +If Recipient institutes patent litigation against any entity +(including a cross-claim or counterclaim in a lawsuit) alleging that the +Program itself (excluding combinations of the Program with other software +or hardware) infringes such Recipient's patent(s), then such Recipient's +rights granted under Section 2(b) shall terminate as of the date such +litigation is filed. + +All Recipient's rights under this Agreement shall terminate if it +fails to comply with any of the material terms or conditions of this +Agreement and does not cure such failure in a reasonable period of +time after becoming aware of such noncompliance. If all Recipient's +rights under this Agreement terminate, Recipient agrees to cease use +and distribution of the Program as soon as reasonably practicable. +However, Recipient's obligations under this Agreement and any licenses +granted by Recipient relating to the Program shall continue and survive. + +Everyone is permitted to copy and distribute copies of this Agreement, +but in order to avoid inconsistency the Agreement is copyrighted and +may only be modified in the following manner. The Agreement Steward +reserves the right to publish new versions (including revisions) of +this Agreement from time to time. No one other than the Agreement +Steward has the right to modify this Agreement. The Eclipse Foundation +is the initial Agreement Steward. The Eclipse Foundation may assign the +responsibility to serve as the Agreement Steward to a suitable separate +entity. Each new version of the Agreement will be given a distinguishing +version number. The Program (including Contributions) may always be +Distributed subject to the version of the Agreement under which it was +received. In addition, after a new version of the Agreement is published, +Contributor may elect to Distribute the Program (including its +Contributions) under the new version. + +Except as expressly stated in Sections 2(a) and 2(b) above, Recipient +receives no rights or licenses to the intellectual property of any +Contributor under this Agreement, whether expressly, by implication, +estoppel or otherwise. All rights in the Program not expressly granted +under this Agreement are reserved. Nothing in this Agreement is intended +to be enforceable by any entity that is not a Contributor or Recipient. +No third-party beneficiary rights are created under this Agreement. + +Exhibit A - Form of Secondary Licenses Notice + +"This Source Code may also be made available under the following +Secondary Licenses when the conditions for such availability set forth +in the Eclipse Public License, v. 2.0 are satisfied: {name license(s), +version(s), and exceptions or additional permissions here}." + + Simply including a copy of this Agreement, including this Exhibit A + is not sufficient to license the Source Code under Secondary Licenses. + + If it is not possible or desirable to put the notice in a particular + file, then You may include the notice in a location (such as a LICENSE + file in a relevant directory) where a recipient would be likely to + look for such a notice. + + You may add additional accurate notices of copyright ownership. \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..945f032 --- /dev/null +++ b/README.md @@ -0,0 +1,126 @@ +# Overview + +Validates that FileVault content packages stick to certain namespacing rules. This is helpful to make sure that separate AEM applications may run in parallel on the same server without stepping on each other toes. This is particularly useful with [multiple teams working on the same AEM environment](https://experienceleague.adobe.com/en/docs/experience-manager-learn/assets/deployment/multitenancy-concurrent-article-understand) (also outlined in [Considerations for a multi-team setup](https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/using-cloud-manager/managing-code/enterprise-team-dev-setup#considerations)). + +There are several validators included in this artifact, all relate to namespacing rules for certain aspects of AEM: + +1. [FileVault Content Package Filter][filevault-workspace-filter] (`root` of each `filter`) +1. [FileVault Content Package ID][filevault-package-id] (both `group` and optionally `name` of Users/Groups) +1. [Oak Authorizables][oak-authorizables](`rep:principalName` and optionally `rep:authorizableId`) +1. [Oak Query Index Definition][oakindex] (path restrictions for [Lucene][oakindex-property-pathrestrictions] or [Property][oakindex-property-pathrestrictions] index definitions) +1. [OSGi Configuration][osgi-installer-configurations] +1. [Sling Resource Type and Resource Super Type][sling-resource-type] (`sling:resourceType` and `sling:resourceSuperType` properties +1. [AEM Client Library][aem-clientlibrary] (`category` values) + +Namespacing has been explicitly mentioned in [Achim Koch's Blog: Hosting Multiple Tenants on AEM](https://blog.developer.adobe.com/hosting-multiple-tenants-on-aem-815c8ed0c9f9) but obviously namespacing is just one of multiple aspects to consider for multi-tenant AEM environments. + +# Implementation + +This artifact provides multiple validator implementations for the [FileVault Validation Module][filevault-validation] and can be used for example with the [filevault-package-maven-plugin][filevault-p-m-p] like outlined below. + + +# Settings + +The following options are supported apart from the default settings mentioned in [FileVault validation][filevault-validation]. +Leaving the validators with the default options will not emit validation issues at all, i.e. none of the options are mandatory. + + +Validator ID | Option | Description | Default Value +--- | --- | --- | --- +`netcentric-filter-namespace` | `allowedPathPatterns` | Comma-separated list of regular expression patterns. Each package filter `root` must match at least one of the given patterns. +`netcentric-packageid-namespace` | `allowedGroupPatterns` | Comma-separated list of regular expression patterns. The package's group must match at least one of the given patterns. +`netcentric-packageid-namespace` | `allowedNamePatterns` | Comma-separated list of regular expression patterns. The package's name must match at least one of the given patterns. +`netcentric-authorizable-namespace` | `allowedPrincipalNamePatterns` | Comma-separated list of regular expression patterns. The authorizable's `rep:principalName` must match at least one of the given patterns. +`netcentric-authorizable-namespace` | `allowedAuthorizableIdPatterns` | Comma-separated list of regular expression patterns. The authorizable's `rep:authorizableId` or its node name (if the property does not exist( must match at least one of the given patterns. +`netcentric-authorizable-namespace` | `allowedAuthorizableIdPatterns` | Comma-separated list of regular expression patterns. The authorizable's `rep:authorizableId` or its node name (if the property does not exist) must match at least one of the given patterns. +`netcentric-oakindex-namespace` | `allowedPathPatterns` | Comma-separated list of regular expression patterns. Each Oak index definition's path restriction (for `lucene` index types][oakindex-lucene-pathrestrictions] or [`property` index types][oakindex-property-pathrestrictions]) must match at least one of the given patterns. +`netcentric-osgiconfig-namespace` | `allowedPidPatterns` | Comma-separated list of regular expression patterns. Each (non-factory) configuration name given via the [OSGi Installer][[osgi-installer-configurations] must have a PID matching at least one of the given patterns. +`netcentric-osgiconfig-namespace` | `allowedFactoryPidNames` | Comma-separated list of regular expression patterns. Each factory configuration name given via the [OSGi Installer][[osgi-installer-configurations] must have a name matching at least one of the given patterns. +`netcentric-osgiconfig-namespace` | `restrictFactoryConfigurationsToAllowedPidPatterns` | Boolean flag. If set to `true` each factory configuration PID given via the [OSGi Installer][[osgi-installer-configurations] must also matching at least one of the given patterns from `allowedPidPatterns`. +`netcentric-resourcetype-namespace` | `allowedTypePatterns` | Comma-separated list of regular expression patterns. Each `sling:resourceType` property of arbitrary JCR nodes must match at least one of the given patterns. +`netcentric-resourcetype-namespace` | `allowedSuperTypePatterns` | Comma-separated list of regular expression patterns. Each `sling:resourceSuperType` property of arbitrary JCR nodes must match at least one of the given patterns. +`netcentric-clientlibrary-namespace` | `allowedCategoryPatterns` | Comma-separated list of regular expression patterns. Each [client library's category][aem-clientlibrary] must match at least one of the given patterns. + +*Due to the use of comma-separated strings it is not possible to use a comma within the regular expressions. However, as those are matched against names/paths (which don't allow a comma anyhow) using the comma inside the regular expressions shouldn't be necessary anyhow.* + +# Fix Violations + +Make the relevant name/property value match one of the given patterns. + +# Usage with Maven + +You can use this validator with the [FileVault Package Maven Plugin][filevault-p-m-p] in version 1.4.0 or higher like this + +``` + + org.apache.jackrabbit + filevault-package-maven-plugin + + + + + mytenant-.* + mytenant-.* + + + + + mytenant-.* + + + + + /apps/mytenant(/.*)?,/conf/mytenant(/.*)?,/home/users/mytenant(/.*)?,/oak:index/mytenant-(.*) + + + + + /content/mytenant(/.*)? + + + + + com\.example\.mytenant\..* + name.* + true + + + + + biz\.netcentric\.filevault\.validator\.aem\.namespace\.it + .*-package + + + + + /apps/mytenant2/components/.* + /apps/mytenant2/components/.* + + + + + + + biz.netcentric.filevault.validator + aem-namespacing-content-package-validator + + + + +``` + +Adobe, and AEM are either registered trademarks or trademarks of Adobe in the United States and/or other countries. + +[aemanalyser-maven-plugin]: https://github.com/adobe/aemanalyser-maven-plugin/tree/main/aemanalyser-maven-plugin +[filevault-validation]: https://jackrabbit.apache.org/filevault/validation.html +[filevault-p-m-p]: https://jackrabbit.apache.org/filevault-package-maven-plugin/index.html +[filevault-workspace-filter]: https://jackrabbit.apache.org/filevault/filter.html +[oakindex]: https://jackrabbit.apache.org/oak/docs/query/indexing.html#index-defnitions +[oakindex-lucene-pathrestrictions]: https://jackrabbit.apache.org/oak/docs/query/lucene.html#path-restrictions +[oakindex-property-pathrestrictions]: https://jackrabbit.apache.org/oak/docs/query/property-index.html +[aem-clientlibrary]: https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/developing/full-stack/clientlibs#clientlib-folders +[osgi-installer-configurations]: https://sling.apache.org/documentation/bundles/configuration-installer-factory.html#applying-of-configurations +[filevault-package-id]: https://jackrabbit.apache.org/filevault/properties.html +[sling-resource-type]: https://sling.apache.org/documentation/the-sling-engine/resources.html#resource-types +[oak-authorizables]: https://jackrabbit.apache.org/oak/docs/security/user/default.html#representation-in-the-repository + diff --git a/license-header.txt b/license-header.txt new file mode 100644 index 0000000..d644431 --- /dev/null +++ b/license-header.txt @@ -0,0 +1,12 @@ +/*- + * #%L + * AEM FileVault Content Package Namespace Validators + * %% + * Copyright (C) 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials are made available under the terms of the + * Eclipse Public License v2.0 which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-v20.html + * SPDX-License-Identifier: EPL-2.0 + * #L% + */ \ No newline at end of file diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000..da57821 --- /dev/null +++ b/pom.xml @@ -0,0 +1,464 @@ + + + 4.0.0 + biz.netcentric.filevault.validator + aem-content-package-namespace-validators + 0.0.1-SNAPSHOT + + AEM FileVault Content Package Namespace Validators + FileVault validators which verify that certain namespace rules are followed for FileVault content packages. + https://github.com/Netcentric/aem-namespacing-content-package-validator + 2024 + + Cognizant Netcentric + https://www.netcentric.biz/ + + + + Eclipse Public License, Version 2.0 + https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.html + repo + + + + + + konrad.windszus@netcentric.biz + Konrad Windszus + konrad.windszus@netcentric.biz + Cognizant Netcentric + https://www.netcentric.biz/ + + + + + scm:git:ssh://git@github.com/Netcentric/aem-content-package-namespace-validators + scm:git:ssh://git@github.com/Netcentric/aem-content-package-namespace-validators + HEAD + https://github.com/Netcentric/aem-content-package-namespace-validators.git + + + + ossrh + https://oss.sonatype.org/service/local/staging/deploy/maven2/ + + + ossrh + https://oss.sonatype.org/content/repositories/snapshots + + + + + 3.6.3 + 8 + + ${java.target.version} + UTF-8 + + + + + + + org.apache.jackrabbit.vault + vault-validation + 3.7.0 + + + org.slf4j + slf4j-api + 1.7.20 + provided + + + com.adobe.aem + uber-jar + 6.5.0 + apis + provided + + + + + org.kohsuke.metainf-services + metainf-services + 1.11 + true + + + org.jetbrains + annotations + 18.0.0 + + + + org.slf4j + slf4j-simple + 1.7.20 + test + + + org.junit.jupiter + junit-jupiter + 5.8.2 + test + + + org.assertj + assertj-core + 3.24.2 + test + + + + javax.jcr + jcr + 2.0 + test + + + org.apache.jackrabbit + jackrabbit-jcr-commons + 2.20.0 + test + + + org.apache.jackrabbit + oak-jackrabbit-api + 1.20.0 + test + + + + + + + + maven-surefire-plugin + 3.3.1 + + + maven-failsafe-plugin + 3.3.1 + + + maven-compiler-plugin + 3.13.0 + + + maven-install-plugin + 3.1.2 + + + maven-deploy-plugin + 3.1.2 + + + maven-resources-plugin + 3.3.1 + + + maven-clean-plugin + 3.4.0 + + + maven-jar-plugin + 3.4.2 + + + maven-javadoc-plugin + 3.8.0 + + + maven-source-plugin + 3.3.1 + + + maven-release-plugin + 3.1.1 + + + maven-dependency-plugin + 3.7.1 + + + maven-enforcer-plugin + 3.5.0 + + + org.apache.maven.plugins + maven-gpg-plugin + 3.2.4 + + + org.sonatype.plugins + nexus-staging-maven-plugin + 1.7.0 + + + com.diffplug.spotless + spotless-maven-plugin + 2.44.0.BETA4 + + + org.jacoco + jacoco-maven-plugin + 0.8.12 + + + maven-invoker-plugin + 3.7.0 + + + + + + org.apache.maven.plugins + maven-enforcer-plugin + + + enforce-java + + enforce + + + + + 11 + + + + ${maven.version} + + + + + + + + org.apache.maven.plugins + maven-invoker-plugin + + + + install + run + + + ${project.build.directory}/it + verify.groovy + true + true + + + + + + + + + + org.apache.maven.plugins + maven-javadoc-plugin + + + generate-javadoc + + javadoc + + verify + + + + + maven-release-plugin + + release + @{project.version} + + @{prefix} prepare release @{releaseLabel} [skip ci] + + + + org.sonatype.plugins + nexus-staging-maven-plugin + true + + ossrh + https://oss.sonatype.org/ + + false + + 15 + true + + + + com.diffplug.spotless + spotless-maven-plugin + + + + + + 2.50.0 + + + + javax,java,,\# + + + + ${project.basedir}/license-header.txt + + + PRESERVE + + + + false + + true + + + + true + + + + + + check + + process-sources + + + + + + + + + jacoco-report + + + + org.jacoco + jacoco-maven-plugin + + + prepare-agent + + prepare-agent + + + jacoco.command.unit + ${project.build.directory}/jacoco-unit.exec + + + + prepare-agent-integration + + prepare-agent-integration + + + jacoco.command.it + + + + merge-unit-and-it + + merge + + post-integration-test + + + + ${project.build.directory} + + jacoco-unit.exec + jacoco-it.exec + + + + + + + report-merged + + report + + verify + + + + + org.apache.maven.plugins + maven-surefire-plugin + + ${jacoco.command.unit} + + + + maven-invoker-plugin + + ${jacoco.command.it} + + + + + + + release + + + performRelease + + + + + + + org.apache.maven.plugins + maven-source-plugin + + + attach-sources + + jar-no-fork + + + + + + org.apache.maven.plugins + maven-javadoc-plugin + + + attach-javadocs + + jar + + + + + + org.apache.maven.plugins + maven-gpg-plugin + + + sign-artifacts + + sign + + verify + + + + + + + + diff --git a/src/it/inside-namespace/application-package/pom.xml b/src/it/inside-namespace/application-package/pom.xml new file mode 100644 index 0000000..a69a054 --- /dev/null +++ b/src/it/inside-namespace/application-package/pom.xml @@ -0,0 +1,24 @@ + + + 4.0.0 + + application-package + content-package + + biz.netcentric.filevault.validator.aem.namespace.it + inside-namespace + 1.0.0-SNAPSHOT + + + + + org.apache.jackrabbit + filevault-package-maven-plugin + + mixed + true + + + + + \ No newline at end of file diff --git a/src/it/inside-namespace/application-package/src/main/META-INF/vault/filter.xml b/src/it/inside-namespace/application-package/src/main/META-INF/vault/filter.xml new file mode 100644 index 0000000..b05d4c6 --- /dev/null +++ b/src/it/inside-namespace/application-package/src/main/META-INF/vault/filter.xml @@ -0,0 +1,7 @@ + + + + + + + \ No newline at end of file diff --git a/src/it/inside-namespace/application-package/src/main/jcr_root/_oak_index/mytenant-custom-1/.content.xml b/src/it/inside-namespace/application-package/src/main/jcr_root/_oak_index/mytenant-custom-1/.content.xml new file mode 100644 index 0000000..175802a --- /dev/null +++ b/src/it/inside-namespace/application-package/src/main/jcr_root/_oak_index/mytenant-custom-1/.content.xml @@ -0,0 +1,11 @@ + + + \ No newline at end of file diff --git a/src/it/inside-namespace/application-package/src/main/jcr_root/apps/mytenant/_sling_configs/.content.xml b/src/it/inside-namespace/application-package/src/main/jcr_root/apps/mytenant/_sling_configs/.content.xml new file mode 100644 index 0000000..491392d --- /dev/null +++ b/src/it/inside-namespace/application-package/src/main/jcr_root/apps/mytenant/_sling_configs/.content.xml @@ -0,0 +1,3 @@ + + diff --git a/src/it/inside-namespace/application-package/src/main/jcr_root/apps/mytenant/_sling_configs/com.adobe.cq.wcm.core.components.internal.DataLayerConfig/.content.xml b/src/it/inside-namespace/application-package/src/main/jcr_root/apps/mytenant/_sling_configs/com.adobe.cq.wcm.core.components.internal.DataLayerConfig/.content.xml new file mode 100644 index 0000000..5b505bd --- /dev/null +++ b/src/it/inside-namespace/application-package/src/main/jcr_root/apps/mytenant/_sling_configs/com.adobe.cq.wcm.core.components.internal.DataLayerConfig/.content.xml @@ -0,0 +1,8 @@ + + + + diff --git a/src/it/inside-namespace/application-package/src/main/jcr_root/apps/mytenant/clientlibrary1/.content.xml b/src/it/inside-namespace/application-package/src/main/jcr_root/apps/mytenant/clientlibrary1/.content.xml new file mode 100644 index 0000000..59ab8f2 --- /dev/null +++ b/src/it/inside-namespace/application-package/src/main/jcr_root/apps/mytenant/clientlibrary1/.content.xml @@ -0,0 +1,4 @@ + + \ No newline at end of file diff --git a/src/it/inside-namespace/application-package/src/main/jcr_root/apps/mytenant/components/component1/.content.xml b/src/it/inside-namespace/application-package/src/main/jcr_root/apps/mytenant/components/component1/.content.xml new file mode 100644 index 0000000..599b6ee --- /dev/null +++ b/src/it/inside-namespace/application-package/src/main/jcr_root/apps/mytenant/components/component1/.content.xml @@ -0,0 +1,4 @@ + + \ No newline at end of file diff --git a/src/it/inside-namespace/application-package/src/main/jcr_root/apps/mytenant/test.txt b/src/it/inside-namespace/application-package/src/main/jcr_root/apps/mytenant/test.txt new file mode 100644 index 0000000..e69de29 diff --git a/src/it/inside-namespace/container-package/pom.xml b/src/it/inside-namespace/container-package/pom.xml new file mode 100644 index 0000000..58f5905 --- /dev/null +++ b/src/it/inside-namespace/container-package/pom.xml @@ -0,0 +1,23 @@ + + + 4.0.0 + + container-package + content-package + + biz.netcentric.filevault.validator.aem.namespace.it + inside-namespace + 1.0.0-SNAPSHOT + + + + + org.apache.jackrabbit + filevault-package-maven-plugin + + container + + + + + \ No newline at end of file diff --git a/src/it/inside-namespace/container-package/src/main/META-INF/vault/filter.xml b/src/it/inside-namespace/container-package/src/main/META-INF/vault/filter.xml new file mode 100644 index 0000000..b1d4809 --- /dev/null +++ b/src/it/inside-namespace/container-package/src/main/META-INF/vault/filter.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/src/it/inside-namespace/container-package/src/main/jcr_root/apps/mytenant/config/com.example.mytenant.MyComponent2.cfg.json b/src/it/inside-namespace/container-package/src/main/jcr_root/apps/mytenant/config/com.example.mytenant.MyComponent2.cfg.json new file mode 100644 index 0000000..0f210bc --- /dev/null +++ b/src/it/inside-namespace/container-package/src/main/jcr_root/apps/mytenant/config/com.example.mytenant.MyComponent2.cfg.json @@ -0,0 +1,4 @@ +{ + "myproperty1": "myvalue1", + "myproperty2": 2 +} diff --git a/src/it/inside-namespace/container-package/src/main/jcr_root/apps/mytenant/config/com.example.mytenant.MyComponent~name.cfg.json b/src/it/inside-namespace/container-package/src/main/jcr_root/apps/mytenant/config/com.example.mytenant.MyComponent~name.cfg.json new file mode 100644 index 0000000..0f210bc --- /dev/null +++ b/src/it/inside-namespace/container-package/src/main/jcr_root/apps/mytenant/config/com.example.mytenant.MyComponent~name.cfg.json @@ -0,0 +1,4 @@ +{ + "myproperty1": "myvalue1", + "myproperty2": 2 +} diff --git a/src/it/inside-namespace/content-package/pom.xml b/src/it/inside-namespace/content-package/pom.xml new file mode 100644 index 0000000..faa5061 --- /dev/null +++ b/src/it/inside-namespace/content-package/pom.xml @@ -0,0 +1,27 @@ + + + 4.0.0 + + content-package + content-package + + biz.netcentric.filevault.validator.aem.namespace.it + inside-namespace + 1.0.0-SNAPSHOT + + + + + + org.apache.jackrabbit + filevault-package-maven-plugin + + content + + my.custom.Hook + + + + + + \ No newline at end of file diff --git a/src/it/inside-namespace/content-package/src/main/META-INF/vault/filter.xml b/src/it/inside-namespace/content-package/src/main/META-INF/vault/filter.xml new file mode 100644 index 0000000..428c02b --- /dev/null +++ b/src/it/inside-namespace/content-package/src/main/META-INF/vault/filter.xml @@ -0,0 +1,7 @@ + + + + + + + \ No newline at end of file diff --git a/src/it/inside-namespace/content-package/src/main/jcr_root/conf/mytenant/my-segment/.content.xml b/src/it/inside-namespace/content-package/src/main/jcr_root/conf/mytenant/my-segment/.content.xml new file mode 100644 index 0000000..1cac4b1 --- /dev/null +++ b/src/it/inside-namespace/content-package/src/main/jcr_root/conf/mytenant/my-segment/.content.xml @@ -0,0 +1,13 @@ + + + + + diff --git a/src/it/inside-namespace/content-package/src/main/jcr_root/home/users/mytenant/myuser/.content.xml b/src/it/inside-namespace/content-package/src/main/jcr_root/home/users/mytenant/myuser/.content.xml new file mode 100644 index 0000000..cc02caf --- /dev/null +++ b/src/it/inside-namespace/content-package/src/main/jcr_root/home/users/mytenant/myuser/.content.xml @@ -0,0 +1,9 @@ + + + diff --git a/src/it/inside-namespace/invoker.properties b/src/it/inside-namespace/invoker.properties new file mode 100644 index 0000000..1193813 --- /dev/null +++ b/src/it/inside-namespace/invoker.properties @@ -0,0 +1,2 @@ +invoker.debug = false +invoker.goals = clean verify -fae -e \ No newline at end of file diff --git a/src/it/inside-namespace/pom.xml b/src/it/inside-namespace/pom.xml new file mode 100644 index 0000000..773af8e --- /dev/null +++ b/src/it/inside-namespace/pom.xml @@ -0,0 +1,145 @@ + + + 4.0.0 + + biz.netcentric.filevault.validator.aem.namespace.it + inside-namespace + pom + 1.0.0-SNAPSHOT + + + + + + maven-clean-plugin + 3.1.0 + + + maven-install-plugin + 3.0.0-M1 + + + maven-deploy-plugin + 3.0.0-M1 + + + maven-resources-plugin + 3.2.0 + + + maven-compiler-plugin + 3.8.1 + + + maven-surefire-plugin + 3.0.0-M5 + + + org.apache.jackrabbit + filevault-package-maven-plugin + 1.4.0 + true + + false + src/main/META-INF/vault/filter.xml + + + + + /,/libs,/apps,/oak:index,/etc,/var,/tmp,/conf,/content,/content/campaigns,/content/cq:tags,/content/dam,/content/experience-fragments,/content/projects,/content/screens,/etc/packages,/home/users + + + + + tccl:aem.cnd + + + + + mytenant-.* + mytenant-.* + + + + + mytenant-.* + + + + + /apps/mytenant(/.*)?,/conf/mytenant(/.*)?,/home/users/mytenant(/.*)?,/oak:index/mytenant-(.*) + + + + + /content/mytenant(/.*)? + + + + + com\.example\.mytenant\..* + name.* + true + + + + + biz\.netcentric\.filevault\.validator\.aem\.namespace\.it + .*-package + + + + + /apps/othertenant/components/.* + /apps/mytenant2/components/.* + + + + + + + @project.groupId@ + @project.artifactId@ + @project.version@ + + + biz.netcentric.aem + aem-nodetypes + 2023.10.0 + + + + + + + + + + + + packaging-contentpackage + + + + ${basedir}/src/main/jcr_root + + + + + + org.apache.jackrabbit + filevault-package-maven-plugin + + + + + + + + application-package + content-package + container-package + + + \ No newline at end of file diff --git a/src/it/outside-namespace/application-package/pom.xml b/src/it/outside-namespace/application-package/pom.xml new file mode 100644 index 0000000..b78eeb7 --- /dev/null +++ b/src/it/outside-namespace/application-package/pom.xml @@ -0,0 +1,24 @@ + + + 4.0.0 + + application-package + content-package + + biz.netcentric.filevault.validator.aem.namespace.it + outside-namespace + 1.0.0-SNAPSHOT + + + + + org.apache.jackrabbit + filevault-package-maven-plugin + + mixed + true + + + + + \ No newline at end of file diff --git a/src/it/outside-namespace/application-package/src/main/META-INF/vault/filter.xml b/src/it/outside-namespace/application-package/src/main/META-INF/vault/filter.xml new file mode 100644 index 0000000..b05d4c6 --- /dev/null +++ b/src/it/outside-namespace/application-package/src/main/META-INF/vault/filter.xml @@ -0,0 +1,7 @@ + + + + + + + \ No newline at end of file diff --git a/src/it/outside-namespace/application-package/src/main/jcr_root/_oak_index/.content.xml b/src/it/outside-namespace/application-package/src/main/jcr_root/_oak_index/.content.xml new file mode 100644 index 0000000..86f43bb --- /dev/null +++ b/src/it/outside-namespace/application-package/src/main/jcr_root/_oak_index/.content.xml @@ -0,0 +1,4 @@ + + diff --git a/src/it/outside-namespace/application-package/src/main/jcr_root/_oak_index/mytenant-custom-1/.content.xml b/src/it/outside-namespace/application-package/src/main/jcr_root/_oak_index/mytenant-custom-1/.content.xml new file mode 100644 index 0000000..175802a --- /dev/null +++ b/src/it/outside-namespace/application-package/src/main/jcr_root/_oak_index/mytenant-custom-1/.content.xml @@ -0,0 +1,11 @@ + + + \ No newline at end of file diff --git a/src/it/outside-namespace/application-package/src/main/jcr_root/apps/mytenant/_sling_configs/.content.xml b/src/it/outside-namespace/application-package/src/main/jcr_root/apps/mytenant/_sling_configs/.content.xml new file mode 100644 index 0000000..491392d --- /dev/null +++ b/src/it/outside-namespace/application-package/src/main/jcr_root/apps/mytenant/_sling_configs/.content.xml @@ -0,0 +1,3 @@ + + diff --git a/src/it/outside-namespace/application-package/src/main/jcr_root/apps/mytenant/_sling_configs/com.adobe.cq.wcm.core.components.internal.DataLayerConfig/.content.xml b/src/it/outside-namespace/application-package/src/main/jcr_root/apps/mytenant/_sling_configs/com.adobe.cq.wcm.core.components.internal.DataLayerConfig/.content.xml new file mode 100644 index 0000000..5b505bd --- /dev/null +++ b/src/it/outside-namespace/application-package/src/main/jcr_root/apps/mytenant/_sling_configs/com.adobe.cq.wcm.core.components.internal.DataLayerConfig/.content.xml @@ -0,0 +1,8 @@ + + + + diff --git a/src/it/outside-namespace/application-package/src/main/jcr_root/apps/mytenant/clientlibrary1/.content.xml b/src/it/outside-namespace/application-package/src/main/jcr_root/apps/mytenant/clientlibrary1/.content.xml new file mode 100644 index 0000000..59ab8f2 --- /dev/null +++ b/src/it/outside-namespace/application-package/src/main/jcr_root/apps/mytenant/clientlibrary1/.content.xml @@ -0,0 +1,4 @@ + + \ No newline at end of file diff --git a/src/it/outside-namespace/application-package/src/main/jcr_root/apps/mytenant/components/component1/.content.xml b/src/it/outside-namespace/application-package/src/main/jcr_root/apps/mytenant/components/component1/.content.xml new file mode 100644 index 0000000..f7475eb --- /dev/null +++ b/src/it/outside-namespace/application-package/src/main/jcr_root/apps/mytenant/components/component1/.content.xml @@ -0,0 +1,5 @@ + + \ No newline at end of file diff --git a/src/it/outside-namespace/application-package/src/main/jcr_root/apps/mytenant/test.txt b/src/it/outside-namespace/application-package/src/main/jcr_root/apps/mytenant/test.txt new file mode 100644 index 0000000..e69de29 diff --git a/src/it/outside-namespace/container-package/pom.xml b/src/it/outside-namespace/container-package/pom.xml new file mode 100644 index 0000000..d0bd8f7 --- /dev/null +++ b/src/it/outside-namespace/container-package/pom.xml @@ -0,0 +1,23 @@ + + + 4.0.0 + + container-package + content-package + + biz.netcentric.filevault.validator.aem.namespace.it + outside-namespace + 1.0.0-SNAPSHOT + + + + + org.apache.jackrabbit + filevault-package-maven-plugin + + container + + + + + \ No newline at end of file diff --git a/src/it/outside-namespace/container-package/src/main/META-INF/vault/filter.xml b/src/it/outside-namespace/container-package/src/main/META-INF/vault/filter.xml new file mode 100644 index 0000000..b1d4809 --- /dev/null +++ b/src/it/outside-namespace/container-package/src/main/META-INF/vault/filter.xml @@ -0,0 +1,5 @@ + + + + + \ No newline at end of file diff --git a/src/it/outside-namespace/container-package/src/main/jcr_root/apps/mytenant/config/com.example.mytenant.MyComponent2.cfg.json b/src/it/outside-namespace/container-package/src/main/jcr_root/apps/mytenant/config/com.example.mytenant.MyComponent2.cfg.json new file mode 100644 index 0000000..0f210bc --- /dev/null +++ b/src/it/outside-namespace/container-package/src/main/jcr_root/apps/mytenant/config/com.example.mytenant.MyComponent2.cfg.json @@ -0,0 +1,4 @@ +{ + "myproperty1": "myvalue1", + "myproperty2": 2 +} diff --git a/src/it/outside-namespace/container-package/src/main/jcr_root/apps/mytenant/config/com.example.mytenant.MyComponent~name.cfg.json b/src/it/outside-namespace/container-package/src/main/jcr_root/apps/mytenant/config/com.example.mytenant.MyComponent~name.cfg.json new file mode 100644 index 0000000..0f210bc --- /dev/null +++ b/src/it/outside-namespace/container-package/src/main/jcr_root/apps/mytenant/config/com.example.mytenant.MyComponent~name.cfg.json @@ -0,0 +1,4 @@ +{ + "myproperty1": "myvalue1", + "myproperty2": 2 +} diff --git a/src/it/outside-namespace/content-package/pom.xml b/src/it/outside-namespace/content-package/pom.xml new file mode 100644 index 0000000..1870e8f --- /dev/null +++ b/src/it/outside-namespace/content-package/pom.xml @@ -0,0 +1,27 @@ + + + 4.0.0 + + content-package + content-package + + biz.netcentric.filevault.validator.aem.namespace.it + outside-namespace + 1.0.0-SNAPSHOT + + + + + + org.apache.jackrabbit + filevault-package-maven-plugin + + content + + my.custom.Hook + + + + + + \ No newline at end of file diff --git a/src/it/outside-namespace/content-package/src/main/META-INF/vault/filter.xml b/src/it/outside-namespace/content-package/src/main/META-INF/vault/filter.xml new file mode 100644 index 0000000..428c02b --- /dev/null +++ b/src/it/outside-namespace/content-package/src/main/META-INF/vault/filter.xml @@ -0,0 +1,7 @@ + + + + + + + \ No newline at end of file diff --git a/src/it/outside-namespace/content-package/src/main/jcr_root/conf/mytenant/my-segment/.content.xml b/src/it/outside-namespace/content-package/src/main/jcr_root/conf/mytenant/my-segment/.content.xml new file mode 100644 index 0000000..c46a5a8 --- /dev/null +++ b/src/it/outside-namespace/content-package/src/main/jcr_root/conf/mytenant/my-segment/.content.xml @@ -0,0 +1,12 @@ + + + + \ No newline at end of file diff --git a/src/it/outside-namespace/content-package/src/main/jcr_root/home/users/mytenant/myuser/.content.xml b/src/it/outside-namespace/content-package/src/main/jcr_root/home/users/mytenant/myuser/.content.xml new file mode 100644 index 0000000..cc02caf --- /dev/null +++ b/src/it/outside-namespace/content-package/src/main/jcr_root/home/users/mytenant/myuser/.content.xml @@ -0,0 +1,9 @@ + + + diff --git a/src/it/outside-namespace/invoker.properties b/src/it/outside-namespace/invoker.properties new file mode 100644 index 0000000..8eafd0c --- /dev/null +++ b/src/it/outside-namespace/invoker.properties @@ -0,0 +1,3 @@ +invoker.debug = false +invoker.buildResult = failure +invoker.goals = clean verify -fae -e \ No newline at end of file diff --git a/src/it/outside-namespace/pom.xml b/src/it/outside-namespace/pom.xml new file mode 100644 index 0000000..db4f4f6 --- /dev/null +++ b/src/it/outside-namespace/pom.xml @@ -0,0 +1,151 @@ + + + 4.0.0 + + biz.netcentric.filevault.validator.aem.namespace.it + outside-namespace + pom + 1.0.0-SNAPSHOT + + + + + + maven-clean-plugin + 3.1.0 + + + maven-install-plugin + 3.0.0-M1 + + + maven-deploy-plugin + 3.0.0-M1 + + + maven-resources-plugin + 3.2.0 + + + maven-compiler-plugin + 3.8.1 + + + maven-surefire-plugin + 3.0.0-M5 + + + org.apache.jackrabbit + filevault-package-maven-plugin + 1.4.0 + true + + false + src/main/META-INF/vault/filter.xml + + + + + /,/libs,/apps,/oak:index,/etc,/var,/tmp,/conf,/content,/content/campaigns,/content/cq:tags,/content/dam,/content/experience-fragments,/content/projects,/content/screens,/etc/packages,/home/users + DEBUG + + + + + tccl:aem.cnd + + + + + DEBUG + + + + + mytenant2-.* + mytenant2-.* + + + + + mytenant2-.* + + + + + /apps/mytenant2(/.*)?,/conf/mytenant2(/.*)?,/home/users/mytenant2(/.*)?,/oak:index/mytenant2-(.*) + + + + + /content/mytenant2(/.*)? + + + + + com\.example\.mytenant2\..* + othername.* + true + + + + + invalid-group + invalid-name + + + + + /apps/mytenant2/components/.* + /apps/mytenant2/components/.* + + + + + + + @project.groupId@ + @project.artifactId@ + @project.version@ + + + biz.netcentric.aem + aem-nodetypes + 2023.10.0 + + + + + + + + + + + + packaging-contentpackage + + + + ${basedir}/src/main/jcr_root + + + + + + org.apache.jackrabbit + filevault-package-maven-plugin + + + + + + + + application-package + content-package + container-package + + + \ No newline at end of file diff --git a/src/it/outside-namespace/verify.groovy b/src/it/outside-namespace/verify.groovy new file mode 100644 index 0000000..cfa7428 --- /dev/null +++ b/src/it/outside-namespace/verify.groovy @@ -0,0 +1,38 @@ +String buildLog = new File(basedir, 'build.log').text + +// FIXME: will also convert escape sequences in pattern +// normalize file separator +if (File.separator == '\\') { + buildLog = buildLog.replaceAll('\\', '/') +} + +// application-package +assert buildLog.contains('''[ERROR] ValidationViolation: Filter root '/apps/mytenant' is not allowed (does not match any of the allowed patterns [/apps/mytenant2(/.*)?,/conf/mytenant2(/.*)?,/home/users/mytenant2(/.*)?,/oak:index/mytenant2-(.*)]) @ META-INF/vault/filter.xml, validator: netcentric-filter-namespace +[ERROR] ValidationViolation: Filter root '/oak:index/mytenant-custom-1' is not allowed (does not match any of the allowed patterns [/apps/mytenant2(/.*)?,/conf/mytenant2(/.*)?,/home/users/mytenant2(/.*)?,/oak:index/mytenant2-(.*)]) @ META-INF/vault/filter.xml, validator: netcentric-filter-namespace +[ERROR] ValidationViolation: Package group 'biz.netcentric.filevault.validator.aem.namespace.it' is not allowed (does not match any of the group patterns [invalid-group]) @ META-INF/vault/properties.xml, validator: netcentric-packageid-namespace +[ERROR] ValidationViolation: Package name 'application-package' is not allowed (does not match any of the name patterns [invalid-name]) @ META-INF/vault/properties.xml, validator: netcentric-packageid-namespace +[ERROR] ValidationViolation: Oak Query Index uses path restriction '/content/mytenant/something' which is not allowed (does not match any of the allowed patterns [/content/mytenant2(/.*)?]) @ jcr_root/_oak_index/mytenant-custom-1/.content.xml, line 10, column 57, validator: netcentric-oakindex-namespace, JCR node path: /oak:index/mytenant-custom-1 +[ERROR] ValidationViolation: Client Library's categories contains 'mytenant-librarya' which is not allowed (does not match any of the allowed patterns [mytenant2-.*]) @ jcr_root/apps/mytenant/clientlibrary1/.content.xml, line 4, column 57, validator: netcentric-clientlibrary-namespace, JCR node path: /apps/mytenant/clientlibrary1 +[ERROR] ValidationViolation: Client Library's categories contains 'mytenant-libraryb' which is not allowed (does not match any of the allowed patterns [mytenant2-.*]) @ jcr_root/apps/mytenant/clientlibrary1/.content.xml, line 4, column 57, validator: netcentric-clientlibrary-namespace, JCR node path: /apps/mytenant/clientlibrary1 +[ERROR] ValidationViolation: Resource is using type '/apps/othertenant/components/component2' which is not allowed (does not match any of the allowed patterns [/apps/mytenant2/components/.*]) @ jcr_root/apps/mytenant/components/component1/.content.xml, line 5, column 72, validator: netcentric-resourcetype-namespace, JCR node path: /apps/mytenant/components/component1 +[ERROR] ValidationViolation: Resource is using super type '/apps/othertenant/components/component1' which is not allowed (does not match any of the allowed patterns [/apps/mytenant2/components/.*]) @ jcr_root/apps/mytenant/components/component1/.content.xml, line 5, column 72, validator: netcentric-resourcetype-namespace, JCR node path: /apps/mytenant/components/component1''') : 'application-package' + + +// content-package +assert buildLog.contains('''[ERROR] ValidationViolation: Filter root '/home/users/mytenant' is not allowed (does not match any of the allowed patterns [/apps/mytenant2(/.*)?,/conf/mytenant2(/.*)?,/home/users/mytenant2(/.*)?,/oak:index/mytenant2-(.*)]) @ META-INF/vault/filter.xml, validator: netcentric-filter-namespace +[ERROR] ValidationViolation: Filter root '/conf/mytenant' is not allowed (does not match any of the allowed patterns [/apps/mytenant2(/.*)?,/conf/mytenant2(/.*)?,/home/users/mytenant2(/.*)?,/oak:index/mytenant2-(.*)]) @ META-INF/vault/filter.xml, validator: netcentric-filter-namespace +[ERROR] ValidationViolation: Package group 'biz.netcentric.filevault.validator.aem.namespace.it' is not allowed (does not match any of the group patterns [invalid-group]) @ META-INF/vault/properties.xml, validator: netcentric-packageid-namespace +[ERROR] ValidationViolation: Package name 'content-package' is not allowed (does not match any of the name patterns [invalid-name]) @ META-INF/vault/properties.xml, validator: netcentric-packageid-namespace +[ERROR] ValidationViolation: Principal name 'mytenant-myuser' is not allowed (does not match any of the principal name patterns [mytenant2-.*]) @ jcr_root/home/users/mytenant/myuser/.content.xml, line 8, column 41, validator: netcentric-authorizable-namespace, JCR node path: /home/users/mytenant/myuser +[ERROR] ValidationViolation: Authorizable ID 'mytenant-myuser' is not allowed (does not match any of the authorizable ID patterns [mytenant2-.*]) @ jcr_root/home/users/mytenant/myuser/.content.xml, line 8, column 41, validator: netcentric-authorizable-namespace, JCR node path: /home/users/mytenant/myuser''') : 'content-package' + + +// container-package +assert buildLog.contains('''[ERROR] ValidationViolation: Filter root '/apps/mytenant/config' is not allowed (does not match any of the allowed patterns [/apps/mytenant2(/.*)?,/conf/mytenant2(/.*)?,/home/users/mytenant2(/.*)?,/oak:index/mytenant2-(.*)]) @ META-INF/vault/filter.xml, validator: netcentric-filter-namespace +[ERROR] ValidationViolation: Package group 'biz.netcentric.filevault.validator.aem.namespace.it' is not allowed (does not match any of the group patterns [invalid-group]) @ META-INF/vault/properties.xml, validator: netcentric-packageid-namespace +[ERROR] ValidationViolation: Package name 'container-package' is not allowed (does not match any of the name patterns [invalid-name]) @ META-INF/vault/properties.xml, validator: netcentric-packageid-namespace +[ERROR] ValidationViolation: OSGi configuration PID 'com.example.mytenant.MyComponent2' is not allowed to be configured (does not match any of the allowed patterns [com\\.example\\.mytenant2\\..*]) @ jcr_root/apps/mytenant/config/com.example.mytenant.MyComponent2.cfg.json, validator: jackrabbit-osgiconfigparser +[ERROR] ValidationViolation: OSGi configuration PID 'com.example.mytenant.MyComponent' is not allowed to be configured (does not match any of the allowed patterns [com\\.example\\.mytenant2\\..*]) @ jcr_root/apps/mytenant/config/com.example.mytenant.MyComponent~name.cfg.json, validator: jackrabbit-osgiconfigparser +[ERROR] ValidationViolation: OSGi factory configuration PID 'com.example.mytenant.MyComponent' is not allowed with the given subname 'name' (does not match any of the allowed patterns [othername.*]) @ jcr_root/apps/mytenant/config/com.example.mytenant.MyComponent~name.cfg.json, validator: jackrabbit-osgiconfigparser''') : 'container-package' + +return true \ No newline at end of file diff --git a/src/main/java/biz/netcentric/filevault/validator/aem/namespace/AbstractPatternSettingsValidatorFactory.java b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/AbstractPatternSettingsValidatorFactory.java new file mode 100644 index 0000000..edb0f58 --- /dev/null +++ b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/AbstractPatternSettingsValidatorFactory.java @@ -0,0 +1,90 @@ +/*- + * #%L + * AEM FileVault Content Package Namespace Validators + * %% + * Copyright (C) 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials are made available under the terms of the + * Eclipse Public License v2.0 which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-v20.html + * SPDX-License-Identifier: EPL-2.0 + * #L% + */ +package biz.netcentric.filevault.validator.aem.namespace; + +import java.util.Arrays; +import java.util.Collections; +import java.util.LinkedHashSet; +import java.util.Set; +import java.util.regex.Pattern; +import java.util.regex.PatternSyntaxException; +import java.util.stream.Collectors; + +import org.apache.jackrabbit.vault.validation.spi.ValidationContext; +import org.apache.jackrabbit.vault.validation.spi.Validator; +import org.apache.jackrabbit.vault.validation.spi.ValidatorFactory; +import org.apache.jackrabbit.vault.validation.spi.ValidatorSettings; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; + +public abstract class AbstractPatternSettingsValidatorFactory implements ValidatorFactory { + + /** + * Parses a comma-separated string of patterns into a set of compiled patterns. + * + * @param stringPatterns + * @return + * @throws PatternSyntaxException in case of invalid patterns + */ + @NotNull + static Set createPatternsFromCommaSeparatedString(String stringPatterns) { + if (stringPatterns == null || stringPatterns.isEmpty()) { + return Collections.emptySet(); + } + return Arrays.stream(stringPatterns.split(",")) + .map(String::trim) + .map(Pattern::compile) + .collect(Collectors.toCollection(LinkedHashSet::new)); + } + + private final String mainPatternOption; + private final String id; + private final boolean allowEmptyMainPatternOption; + + protected AbstractPatternSettingsValidatorFactory( + @NotNull String id, @NotNull String mainPatternOption, boolean allowEmptyMainPatternOption) { + this.id = id; + this.mainPatternOption = mainPatternOption; + this.allowEmptyMainPatternOption = allowEmptyMainPatternOption; + } + + @Override + public boolean shouldValidateSubpackages() { + return true; + } + + @Override + public int getServiceRanking() { + return 0; + } + + @Override + public @NotNull String getId() { + return id; + } + + @Override + public @Nullable Validator createValidator( + @NotNull ValidationContext context, @NotNull ValidatorSettings settings) { + Set patterns = + createPatternsFromCommaSeparatedString(settings.getOptions().get(mainPatternOption)); + if (patterns.isEmpty() && !allowEmptyMainPatternOption) { + return null; + } else { + return createValidator(patterns, context, settings); + } + } + + protected abstract Validator createValidator( + @NotNull Set patterns, @NotNull ValidationContext context, @NotNull ValidatorSettings settings); +} diff --git a/src/main/java/biz/netcentric/filevault/validator/aem/namespace/AuthorizableNamespaceValidator.java b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/AuthorizableNamespaceValidator.java new file mode 100644 index 0000000..c1a13f1 --- /dev/null +++ b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/AuthorizableNamespaceValidator.java @@ -0,0 +1,102 @@ +/*- + * #%L + * AEM FileVault Content Package Namespace Validators + * %% + * Copyright (C) 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials are made available under the terms of the + * Eclipse Public License v2.0 which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-v20.html + * SPDX-License-Identifier: EPL-2.0 + * #L% + */ +package biz.netcentric.filevault.validator.aem.namespace; + +import java.util.Arrays; +import java.util.Collection; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.Set; +import java.util.regex.Pattern; +import java.util.stream.Collectors; + +import org.apache.jackrabbit.oak.spi.security.user.UserConstants; +import org.apache.jackrabbit.spi.Name; +import org.apache.jackrabbit.spi.commons.name.NameConstants; +import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl; +import org.apache.jackrabbit.vault.util.DocViewNode2; +import org.apache.jackrabbit.vault.validation.spi.DocumentViewXmlValidator; +import org.apache.jackrabbit.vault.validation.spi.NodeContext; +import org.apache.jackrabbit.vault.validation.spi.ValidationMessage; +import org.apache.jackrabbit.vault.validation.spi.ValidationMessageSeverity; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; + +public class AuthorizableNamespaceValidator implements DocumentViewXmlValidator { + + private final ValidationMessageSeverity severity; + private final Set allowedAuthorizableIdPatterns; + private final Set allowedPrincipalNamePatterns; + + private static final Set AUTHORIZABLE_NODE_TYPES = new HashSet<>( + Arrays.asList(UserConstants.NT_REP_USER, UserConstants.NT_REP_GROUP, UserConstants.NT_REP_SYSTEM_USER)); + private static final @NotNull Name PROPERTY_PRINCIPAL_NAME = NameConstants.REP_PRINCIPAL_NAME; + private static final @NotNull Name PROPERTY_AUTHORIZABLE_ID = + NameFactoryImpl.getInstance().create(Name.NS_REP_URI, "authorizableId"); + + public AuthorizableNamespaceValidator( + @NotNull ValidationMessageSeverity severity, + @NotNull Set allowedPrincipalNamePatterns, + @NotNull Set allowedAuthorizableIdPatterns) { + this.severity = severity; + this.allowedPrincipalNamePatterns = allowedPrincipalNamePatterns; + this.allowedAuthorizableIdPatterns = allowedAuthorizableIdPatterns; + } + + @Override + public @Nullable Collection validate( + @NotNull DocViewNode2 node, @NotNull NodeContext nodeContext, boolean isRoot) { + if (isOakAuthorizable(node)) { + Collection messages = new LinkedList<>(); + String principalName = + node.getPropertyValue(PROPERTY_PRINCIPAL_NAME).orElse(null); + if (allowedPrincipalNamePatterns.stream() + .noneMatch(pattern -> pattern.matcher(principalName).matches())) { + messages.add(new ValidationMessage( + severity, + String.format( + "Principal name '%s' is not allowed (does not match any of the principal name patterns [%s])", + principalName, + allowedPrincipalNamePatterns.stream() + .map(Pattern::pattern) + .collect(Collectors.joining(","))))); + } + if (!allowedAuthorizableIdPatterns.isEmpty()) { + String authorizableId = node.getPropertyValue(PROPERTY_AUTHORIZABLE_ID) + .orElse(node.getName().getLocalName()); + if (allowedAuthorizableIdPatterns.stream() + .noneMatch(pattern -> pattern.matcher(authorizableId).matches())) { + messages.add(new ValidationMessage( + severity, + String.format( + "Authorizable ID '%s' is not allowed (does not match any of the authorizable ID patterns [%s])", + authorizableId, + allowedPrincipalNamePatterns.stream() + .map(Pattern::pattern) + .collect(Collectors.joining(","))))); + } + } + return messages; + } + return null; + } + + boolean isOakAuthorizable(@NotNull DocViewNode2 node) { + return AUTHORIZABLE_NODE_TYPES.contains(node.getPrimaryType().orElse("")); + } + + @Override + public @Nullable Collection done() { + return null; + } +} diff --git a/src/main/java/biz/netcentric/filevault/validator/aem/namespace/AuthorizableNamespaceValidatorFactory.java b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/AuthorizableNamespaceValidatorFactory.java new file mode 100644 index 0000000..f585779 --- /dev/null +++ b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/AuthorizableNamespaceValidatorFactory.java @@ -0,0 +1,40 @@ +/*- + * #%L + * AEM FileVault Content Package Namespace Validators + * %% + * Copyright (C) 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials are made available under the terms of the + * Eclipse Public License v2.0 which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-v20.html + * SPDX-License-Identifier: EPL-2.0 + * #L% + */ +package biz.netcentric.filevault.validator.aem.namespace; + +import java.util.Set; +import java.util.regex.Pattern; + +import org.apache.jackrabbit.vault.validation.spi.ValidationContext; +import org.apache.jackrabbit.vault.validation.spi.Validator; +import org.apache.jackrabbit.vault.validation.spi.ValidatorFactory; +import org.apache.jackrabbit.vault.validation.spi.ValidatorSettings; +import org.jetbrains.annotations.NotNull; +import org.kohsuke.MetaInfServices; + +@MetaInfServices(ValidatorFactory.class) +public class AuthorizableNamespaceValidatorFactory extends AbstractPatternSettingsValidatorFactory { + + public AuthorizableNamespaceValidatorFactory() { + super("netcentric-authorizable-namespace", "allowedPrincipalNamePatterns", true); + } + + @Override + protected Validator createValidator( + @NotNull Set patterns, @NotNull ValidationContext context, @NotNull ValidatorSettings settings) { + Set allowedAuthorizableIdPatterns = + createPatternsFromCommaSeparatedString(settings.getOptions().get("allowedAuthorizableIdPatterns")); + return new AuthorizableNamespaceValidator( + settings.getDefaultSeverity(), patterns, allowedAuthorizableIdPatterns); + } +} diff --git a/src/main/java/biz/netcentric/filevault/validator/aem/namespace/ClientLibraryNamespaceValidator.java b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/ClientLibraryNamespaceValidator.java new file mode 100644 index 0000000..b6a8e0d --- /dev/null +++ b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/ClientLibraryNamespaceValidator.java @@ -0,0 +1,72 @@ +/*- + * #%L + * AEM FileVault Content Package Namespace Validators + * %% + * Copyright (C) 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials are made available under the terms of the + * Eclipse Public License v2.0 which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-v20.html + * SPDX-License-Identifier: EPL-2.0 + * #L% + */ +package biz.netcentric.filevault.validator.aem.namespace; + +import java.util.Collection; +import java.util.Set; +import java.util.regex.Pattern; +import java.util.stream.Collectors; + +import org.apache.jackrabbit.spi.Name; +import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl; +import org.apache.jackrabbit.vault.util.DocViewNode2; +import org.apache.jackrabbit.vault.validation.spi.DocumentViewXmlValidator; +import org.apache.jackrabbit.vault.validation.spi.NodeContext; +import org.apache.jackrabbit.vault.validation.spi.ValidationMessage; +import org.apache.jackrabbit.vault.validation.spi.ValidationMessageSeverity; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; + +public class ClientLibraryNamespaceValidator implements DocumentViewXmlValidator { + + private static final Name PROPERTY_NAME_CATEGORIES = + NameFactoryImpl.getInstance().create(Name.NS_DEFAULT_URI, "categories"); + + private final ValidationMessageSeverity severity; + private final Set allowedCategoryPatterns; + + public ClientLibraryNamespaceValidator(ValidationMessageSeverity severity, Set allowedCategoryPatterns) { + super(); + this.severity = severity; + this.allowedCategoryPatterns = allowedCategoryPatterns; + } + + @Override + public @Nullable Collection validate( + @NotNull DocViewNode2 node, @NotNull NodeContext nodeContext, boolean isRoot) { + if (isClientLibrary(node)) { + return node.getPropertyValues(PROPERTY_NAME_CATEGORIES).stream() + .filter(category -> allowedCategoryPatterns.stream() + .noneMatch(pattern -> pattern.matcher(category).matches())) + .map(category -> new ValidationMessage( + severity, + String.format( + "Client Library's categories contains '%s' which is not allowed (does not match any of the allowed patterns [%s])", + category, + allowedCategoryPatterns.stream() + .map(Pattern::pattern) + .collect(Collectors.joining(","))))) + .collect(Collectors.toList()); + } + return null; + } + + boolean isClientLibrary(@NotNull DocViewNode2 node) { + return node.getPrimaryType().orElse("").equals("cq:ClientLibraryFolder"); + } + + @Override + public @Nullable Collection done() { + return null; + } +} diff --git a/src/main/java/biz/netcentric/filevault/validator/aem/namespace/ClientLibraryNamespaceValidatorFactory.java b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/ClientLibraryNamespaceValidatorFactory.java new file mode 100644 index 0000000..d89b56d --- /dev/null +++ b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/ClientLibraryNamespaceValidatorFactory.java @@ -0,0 +1,37 @@ +/*- + * #%L + * AEM FileVault Content Package Namespace Validators + * %% + * Copyright (C) 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials are made available under the terms of the + * Eclipse Public License v2.0 which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-v20.html + * SPDX-License-Identifier: EPL-2.0 + * #L% + */ +package biz.netcentric.filevault.validator.aem.namespace; + +import java.util.Set; +import java.util.regex.Pattern; + +import org.apache.jackrabbit.vault.validation.spi.ValidationContext; +import org.apache.jackrabbit.vault.validation.spi.Validator; +import org.apache.jackrabbit.vault.validation.spi.ValidatorFactory; +import org.apache.jackrabbit.vault.validation.spi.ValidatorSettings; +import org.jetbrains.annotations.NotNull; +import org.kohsuke.MetaInfServices; + +@MetaInfServices(ValidatorFactory.class) +public class ClientLibraryNamespaceValidatorFactory extends AbstractPatternSettingsValidatorFactory { + + public ClientLibraryNamespaceValidatorFactory() { + super("netcentric-clientlibrary-namespace", "allowedCategoryPatterns", false); + } + + @Override + protected Validator createValidator( + @NotNull Set patterns, @NotNull ValidationContext context, @NotNull ValidatorSettings settings) { + return new ClientLibraryNamespaceValidator(settings.getDefaultSeverity(), patterns); + } +} diff --git a/src/main/java/biz/netcentric/filevault/validator/aem/namespace/FilterNamespaceValidator.java b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/FilterNamespaceValidator.java new file mode 100644 index 0000000..f82f4c0 --- /dev/null +++ b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/FilterNamespaceValidator.java @@ -0,0 +1,61 @@ +/*- + * #%L + * AEM FileVault Content Package Namespace Validators + * %% + * Copyright (C) 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials are made available under the terms of the + * Eclipse Public License v2.0 which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-v20.html + * SPDX-License-Identifier: EPL-2.0 + * #L% + */ +package biz.netcentric.filevault.validator.aem.namespace; + +import java.util.Collection; +import java.util.Set; +import java.util.regex.Pattern; +import java.util.stream.Collectors; + +import org.apache.jackrabbit.vault.fs.api.PathFilterSet; +import org.apache.jackrabbit.vault.fs.api.WorkspaceFilter; +import org.apache.jackrabbit.vault.validation.spi.FilterValidator; +import org.apache.jackrabbit.vault.validation.spi.ValidationMessage; +import org.apache.jackrabbit.vault.validation.spi.ValidationMessageSeverity; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; + +public class FilterNamespaceValidator implements FilterValidator { + + private final ValidationMessageSeverity severity; + private final Set allowedRootPatterns; + + public FilterNamespaceValidator(ValidationMessageSeverity severity, Set allowedRootPatterns) { + this.severity = severity; + this.allowedRootPatterns = allowedRootPatterns; + } + + @Override + public @Nullable Collection done() { + return null; + } + + @Override + public @Nullable Collection validate(@NotNull WorkspaceFilter filter) { + Collection messages = filter.getFilterSets().stream() + .map(PathFilterSet::getRoot) + .filter(root -> allowedRootPatterns.stream() + .noneMatch(pattern -> pattern.matcher(root).matches())) + .map(root -> new ValidationMessage( + severity, + String.format( + "Filter root '%s' is not allowed (does not match any of the allowed patterns [%s])", + root, + allowedRootPatterns.stream() + .map(Pattern::pattern) + .collect(Collectors.joining(","))))) + .collect(Collectors.toList()); + // TODO: properties filter + return messages; + } +} diff --git a/src/main/java/biz/netcentric/filevault/validator/aem/namespace/FilterNamespaceValidatorFactory.java b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/FilterNamespaceValidatorFactory.java new file mode 100644 index 0000000..a18e7b5 --- /dev/null +++ b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/FilterNamespaceValidatorFactory.java @@ -0,0 +1,38 @@ +/*- + * #%L + * AEM FileVault Content Package Namespace Validators + * %% + * Copyright (C) 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials are made available under the terms of the + * Eclipse Public License v2.0 which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-v20.html + * SPDX-License-Identifier: EPL-2.0 + * #L% + */ +package biz.netcentric.filevault.validator.aem.namespace; + +import java.util.Set; +import java.util.regex.Pattern; + +import org.apache.jackrabbit.vault.validation.spi.ValidationContext; +import org.apache.jackrabbit.vault.validation.spi.Validator; +import org.apache.jackrabbit.vault.validation.spi.ValidatorFactory; +import org.apache.jackrabbit.vault.validation.spi.ValidatorSettings; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; +import org.kohsuke.MetaInfServices; + +@MetaInfServices(ValidatorFactory.class) +public class FilterNamespaceValidatorFactory extends AbstractPatternSettingsValidatorFactory { + + public FilterNamespaceValidatorFactory() { + super("netcentric-filter-namespace", "allowedFilterRootPatterns", false); + } + + @Override + public @Nullable Validator createValidator( + @NotNull Set patterns, @NotNull ValidationContext context, @NotNull ValidatorSettings settings) { + return new FilterNamespaceValidator(settings.getDefaultSeverity(), patterns); + } +} diff --git a/src/main/java/biz/netcentric/filevault/validator/aem/namespace/OakIndexNamespaceValidator.java b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/OakIndexNamespaceValidator.java new file mode 100644 index 0000000..1a71cab --- /dev/null +++ b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/OakIndexNamespaceValidator.java @@ -0,0 +1,93 @@ +/*- + * #%L + * AEM FileVault Content Package Namespace Validators + * %% + * Copyright (C) 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials are made available under the terms of the + * Eclipse Public License v2.0 which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-v20.html + * SPDX-License-Identifier: EPL-2.0 + * #L% + */ +package biz.netcentric.filevault.validator.aem.namespace; + +import java.util.Collection; +import java.util.Collections; +import java.util.Set; +import java.util.regex.Pattern; +import java.util.stream.Collectors; + +import org.apache.jackrabbit.spi.Name; +import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl; +import org.apache.jackrabbit.vault.util.DocViewNode2; +import org.apache.jackrabbit.vault.validation.spi.DocumentViewXmlValidator; +import org.apache.jackrabbit.vault.validation.spi.NodeContext; +import org.apache.jackrabbit.vault.validation.spi.ValidationMessage; +import org.apache.jackrabbit.vault.validation.spi.ValidationMessageSeverity; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; + +public class OakIndexNamespaceValidator implements DocumentViewXmlValidator { + + private static final Name PROPERTY_NAME_TYPE = NameFactoryImpl.getInstance().create(Name.NS_DEFAULT_URI, "type"); + private static final Name PROPERTY_NAME_INCLUDED_PATHS = + NameFactoryImpl.getInstance().create(Name.NS_DEFAULT_URI, "includedPaths"); + + private final ValidationMessageSeverity severity; + private final Set allowedPathPatterns; + + public OakIndexNamespaceValidator(ValidationMessageSeverity severity, Set allowedPathPatterns) { + super(); + this.severity = severity; + this.allowedPathPatterns = allowedPathPatterns; + } + + @Override + public @Nullable Collection validate( + @NotNull DocViewNode2 node, @NotNull NodeContext nodeContext, boolean isRoot) { + if (isOakIndexDefinition(node)) { + String type = node.getPropertyValue(PROPERTY_NAME_TYPE).orElse(null); + Collection includedPaths = null; + switch (type) { + case "lucene": + case "property": + // https://jackrabbit.apache.org/oak/docs/query/lucene.html#include-exclude + // https://jackrabbit.apache.org/oak/docs/query/property-index.html + includedPaths = node.getPropertyValues(PROPERTY_NAME_INCLUDED_PATHS); + break; + default: + return Collections.singleton(new ValidationMessage( + ValidationMessageSeverity.WARN, + "Unsupported Oak Query Index of type " + type + " found. Skip evaluation!")); + } + if (includedPaths == null) { + return Collections.singleton(new ValidationMessage( + severity, + "Oak Query Index does not have includedPaths property (is not restricted to specific paths)")); + } + return includedPaths.stream() + .filter(includedPath -> allowedPathPatterns.stream() + .noneMatch(pattern -> pattern.matcher(includedPath).matches())) + .map(includedPath -> new ValidationMessage( + severity, + String.format( + "Oak Query Index uses path restriction '%s' which is not allowed (does not match any of the allowed patterns [%s])", + includedPath, + allowedPathPatterns.stream() + .map(Pattern::pattern) + .collect(Collectors.joining(","))))) + .collect(Collectors.toList()); + } + return null; + } + + boolean isOakIndexDefinition(@NotNull DocViewNode2 node) { + return node.getPrimaryType().orElse("").equals("oak:QueryIndexDefinition"); + } + + @Override + public @Nullable Collection done() { + return null; + } +} diff --git a/src/main/java/biz/netcentric/filevault/validator/aem/namespace/OakIndexNamespaceValidatorFactory.java b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/OakIndexNamespaceValidatorFactory.java new file mode 100644 index 0000000..849372b --- /dev/null +++ b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/OakIndexNamespaceValidatorFactory.java @@ -0,0 +1,37 @@ +/*- + * #%L + * AEM FileVault Content Package Namespace Validators + * %% + * Copyright (C) 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials are made available under the terms of the + * Eclipse Public License v2.0 which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-v20.html + * SPDX-License-Identifier: EPL-2.0 + * #L% + */ +package biz.netcentric.filevault.validator.aem.namespace; + +import java.util.Set; +import java.util.regex.Pattern; + +import org.apache.jackrabbit.vault.validation.spi.ValidationContext; +import org.apache.jackrabbit.vault.validation.spi.Validator; +import org.apache.jackrabbit.vault.validation.spi.ValidatorFactory; +import org.apache.jackrabbit.vault.validation.spi.ValidatorSettings; +import org.jetbrains.annotations.NotNull; +import org.kohsuke.MetaInfServices; + +@MetaInfServices(ValidatorFactory.class) +public class OakIndexNamespaceValidatorFactory extends AbstractPatternSettingsValidatorFactory { + + public OakIndexNamespaceValidatorFactory() { + super("netcentric-oakindex-namespace", "allowedPathPatterns", false); + } + + @Override + protected Validator createValidator( + @NotNull Set patterns, @NotNull ValidationContext context, @NotNull ValidatorSettings settings) { + return new OakIndexNamespaceValidator(settings.getDefaultSeverity(), patterns); + } +} diff --git a/src/main/java/biz/netcentric/filevault/validator/aem/namespace/OsgiConfigurationNamespaceValidator.java b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/OsgiConfigurationNamespaceValidator.java new file mode 100644 index 0000000..b7bcc81 --- /dev/null +++ b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/OsgiConfigurationNamespaceValidator.java @@ -0,0 +1,92 @@ +/*- + * #%L + * AEM FileVault Content Package Namespace Validators + * %% + * Copyright (C) 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials are made available under the terms of the + * Eclipse Public License v2.0 which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-v20.html + * SPDX-License-Identifier: EPL-2.0 + * #L% + */ +package biz.netcentric.filevault.validator.aem.namespace; + +import java.util.Collection; +import java.util.LinkedList; +import java.util.Map; +import java.util.Set; +import java.util.regex.Pattern; +import java.util.stream.Collectors; + +import org.apache.jackrabbit.vault.validation.spi.OsgiConfigurationValidator; +import org.apache.jackrabbit.vault.validation.spi.ValidationMessage; +import org.apache.jackrabbit.vault.validation.spi.ValidationMessageSeverity; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; + +public class OsgiConfigurationNamespaceValidator implements OsgiConfigurationValidator { + + private final ValidationMessageSeverity severity; + private final Set allowedPidPatterns; + private final Set allowedFactoryPidNames; + private final boolean restrictFactoryConfigurationsToAllowedPidPatterns; + + public OsgiConfigurationNamespaceValidator( + @NotNull ValidationMessageSeverity severity, + @NotNull Set allowedPidPatterns, + @NotNull Set allowedFactoryPidNames, + boolean restrictFactoryConfigurationsToAllowedPidPatterns) { + super(); + this.severity = severity; + this.allowedPidPatterns = allowedPidPatterns; + this.allowedFactoryPidNames = + allowedFactoryPidNames; // this is not really technically restricting something, but at least could be + // used as pointer + this.restrictFactoryConfigurationsToAllowedPidPatterns = restrictFactoryConfigurationsToAllowedPidPatterns; + } + + @Override + public @Nullable Collection done() { + return null; + } + + @Override + public @Nullable Collection validateConfig( + @NotNull Map config, + @NotNull String pid, + @Nullable String subname, + @NotNull String nodePath) { + // is it a factory configuration? + boolean isFactoryConfig = subname != null; + Collection messages = new LinkedList<>(); + if (!isFactoryConfig || restrictFactoryConfigurationsToAllowedPidPatterns) { + if (allowedPidPatterns.stream() + .noneMatch(pattern -> pattern.matcher(pid).matches())) { + messages.add(new ValidationMessage( + severity, + String.format( + "OSGi configuration PID '%s' is not allowed to be configured (does not match any of the allowed patterns [%s])", + pid, + allowedPidPatterns.stream() + .map(Pattern::pattern) + .collect(Collectors.joining(","))))); + } + } + if (isFactoryConfig && !allowedFactoryPidNames.isEmpty()) { + if (allowedFactoryPidNames.stream() + .noneMatch(pattern -> pattern.matcher(subname).matches())) { + messages.add(new ValidationMessage( + severity, + String.format( + "OSGi factory configuration PID '%s' is not allowed with the given subname '%s' (does not match any of the allowed patterns [%s])", + pid, + subname, + allowedFactoryPidNames.stream() + .map(Pattern::pattern) + .collect(Collectors.joining(","))))); + } + } + return messages; + } +} diff --git a/src/main/java/biz/netcentric/filevault/validator/aem/namespace/OsgiConfigurationNamespaceValidatorFactory.java b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/OsgiConfigurationNamespaceValidatorFactory.java new file mode 100644 index 0000000..b649d06 --- /dev/null +++ b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/OsgiConfigurationNamespaceValidatorFactory.java @@ -0,0 +1,43 @@ +/*- + * #%L + * AEM FileVault Content Package Namespace Validators + * %% + * Copyright (C) 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials are made available under the terms of the + * Eclipse Public License v2.0 which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-v20.html + * SPDX-License-Identifier: EPL-2.0 + * #L% + */ +package biz.netcentric.filevault.validator.aem.namespace; + +import java.util.Set; +import java.util.regex.Pattern; + +import org.apache.jackrabbit.vault.validation.spi.ValidationContext; +import org.apache.jackrabbit.vault.validation.spi.Validator; +import org.apache.jackrabbit.vault.validation.spi.ValidatorFactory; +import org.apache.jackrabbit.vault.validation.spi.ValidatorSettings; +import org.jetbrains.annotations.NotNull; +import org.kohsuke.MetaInfServices; + +@MetaInfServices(ValidatorFactory.class) +public class OsgiConfigurationNamespaceValidatorFactory extends AbstractPatternSettingsValidatorFactory { + + public OsgiConfigurationNamespaceValidatorFactory() { + super("netcentric-osgiconfig-namespace", "allowedPidPatterns", true); + } + + @Override + protected Validator createValidator( + @NotNull Set patterns, @NotNull ValidationContext context, @NotNull ValidatorSettings settings) { + Set allowedFactoryPidNames = + createPatternsFromCommaSeparatedString(settings.getOptions().get("allowedFactoryPidNames")); + return new OsgiConfigurationNamespaceValidator( + settings.getDefaultSeverity(), + patterns, + allowedFactoryPidNames, + Boolean.parseBoolean(settings.getOptions().get("restrictFactoryConfigurationsToAllowedPidPatterns"))); + } +} diff --git a/src/main/java/biz/netcentric/filevault/validator/aem/namespace/PackageIdNamespaceValidator.java b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/PackageIdNamespaceValidator.java new file mode 100644 index 0000000..3516b71 --- /dev/null +++ b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/PackageIdNamespaceValidator.java @@ -0,0 +1,77 @@ +/*- + * #%L + * AEM FileVault Content Package Namespace Validators + * %% + * Copyright (C) 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials are made available under the terms of the + * Eclipse Public License v2.0 which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-v20.html + * SPDX-License-Identifier: EPL-2.0 + * #L% + */ +package biz.netcentric.filevault.validator.aem.namespace; + +import java.util.Collection; +import java.util.Collections; +import java.util.LinkedList; +import java.util.Set; +import java.util.regex.Pattern; +import java.util.stream.Collectors; + +import org.apache.jackrabbit.vault.packaging.PackageId; +import org.apache.jackrabbit.vault.packaging.PackageProperties; +import org.apache.jackrabbit.vault.validation.spi.PropertiesValidator; +import org.apache.jackrabbit.vault.validation.spi.ValidationMessage; +import org.apache.jackrabbit.vault.validation.spi.ValidationMessageSeverity; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; + +public class PackageIdNamespaceValidator implements PropertiesValidator { + + private final ValidationMessageSeverity severity; + private final Set allowedGroupPatterns; + private final Set allowedNamePatterns; + + public PackageIdNamespaceValidator( + @NotNull ValidationMessageSeverity severity, + @NotNull Set allowedGroupPatterns, + @NotNull Set allowedNamePatterns) { + this.severity = severity; + this.allowedGroupPatterns = allowedGroupPatterns; + this.allowedNamePatterns = allowedNamePatterns; + } + + @Override + public @Nullable Collection validate(@NotNull PackageProperties properties) { + PackageId id = properties.getId(); + if (id == null) { + return Collections.singleton(new ValidationMessage(severity, "Package ID is missing")); + } + Collection messages = new LinkedList<>(); + if (allowedGroupPatterns.stream() + .noneMatch(pattern -> pattern.matcher(id.getGroup()).matches())) { + messages.add(new ValidationMessage( + severity, + String.format( + "Package group '%s' is not allowed (does not match any of the group patterns [%s])", + id.getGroup(), + allowedGroupPatterns.stream().map(Pattern::pattern).collect(Collectors.joining(","))))); + } + if (allowedNamePatterns.stream() + .noneMatch(pattern -> pattern.matcher(id.getName()).matches())) { + messages.add(new ValidationMessage( + severity, + String.format( + "Package name '%s' is not allowed (does not match any of the name patterns [%s])", + id.getName(), + allowedNamePatterns.stream().map(Pattern::pattern).collect(Collectors.joining(","))))); + } + return messages; + } + + @Override + public @Nullable Collection done() { + return null; + } +} diff --git a/src/main/java/biz/netcentric/filevault/validator/aem/namespace/PackageIdNamespaceValidatorFactory.java b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/PackageIdNamespaceValidatorFactory.java new file mode 100644 index 0000000..0f39047 --- /dev/null +++ b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/PackageIdNamespaceValidatorFactory.java @@ -0,0 +1,39 @@ +/*- + * #%L + * AEM FileVault Content Package Namespace Validators + * %% + * Copyright (C) 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials are made available under the terms of the + * Eclipse Public License v2.0 which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-v20.html + * SPDX-License-Identifier: EPL-2.0 + * #L% + */ +package biz.netcentric.filevault.validator.aem.namespace; + +import java.util.Set; +import java.util.regex.Pattern; + +import org.apache.jackrabbit.vault.validation.spi.ValidationContext; +import org.apache.jackrabbit.vault.validation.spi.Validator; +import org.apache.jackrabbit.vault.validation.spi.ValidatorFactory; +import org.apache.jackrabbit.vault.validation.spi.ValidatorSettings; +import org.jetbrains.annotations.NotNull; +import org.kohsuke.MetaInfServices; + +@MetaInfServices(ValidatorFactory.class) +public class PackageIdNamespaceValidatorFactory extends AbstractPatternSettingsValidatorFactory { + + public PackageIdNamespaceValidatorFactory() { + super("netcentric-packageid-namespace", "allowedGroupPatterns", true); + } + + @Override + protected Validator createValidator( + @NotNull Set patterns, @NotNull ValidationContext context, @NotNull ValidatorSettings settings) { + Set allowedNamePatterns = + createPatternsFromCommaSeparatedString(settings.getOptions().get("allowedNamePatterns")); + return new PackageIdNamespaceValidator(settings.getDefaultSeverity(), patterns, allowedNamePatterns); + } +} diff --git a/src/main/java/biz/netcentric/filevault/validator/aem/namespace/ResourceTypeNamespaceValidator.java b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/ResourceTypeNamespaceValidator.java new file mode 100644 index 0000000..1256f7d --- /dev/null +++ b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/ResourceTypeNamespaceValidator.java @@ -0,0 +1,91 @@ +/*- + * #%L + * AEM FileVault Content Package Namespace Validators + * %% + * Copyright (C) 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials are made available under the terms of the + * Eclipse Public License v2.0 which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-v20.html + * SPDX-License-Identifier: EPL-2.0 + * #L% + */ +package biz.netcentric.filevault.validator.aem.namespace; + +import java.util.Collection; +import java.util.LinkedList; +import java.util.Set; +import java.util.regex.Pattern; +import java.util.stream.Collectors; + +import org.apache.jackrabbit.spi.Name; +import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl; +import org.apache.jackrabbit.vault.util.DocViewNode2; +import org.apache.jackrabbit.vault.validation.spi.DocumentViewXmlValidator; +import org.apache.jackrabbit.vault.validation.spi.NodeContext; +import org.apache.jackrabbit.vault.validation.spi.ValidationMessage; +import org.apache.jackrabbit.vault.validation.spi.ValidationMessageSeverity; +import org.apache.sling.api.SlingConstants; +import org.apache.sling.jcr.resource.api.JcrResourceConstants; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; + +public class ResourceTypeNamespaceValidator implements DocumentViewXmlValidator { + + private static final Name PROPERTY_NAME_RESOURCE_TYPE = NameFactoryImpl.getInstance() + .create(JcrResourceConstants.SLING_NAMESPACE_URI, SlingConstants.PROPERTY_RESOURCE_TYPE); + private static final Name PROPERTY_NAME_RESOURCE_SUPER_TYPE = NameFactoryImpl.getInstance() + .create(JcrResourceConstants.SLING_NAMESPACE_URI, SlingConstants.PROPERTY_RESOURCE_SUPER_TYPE); + + private final ValidationMessageSeverity severity; + private final Set allowedTypePatterns; + private final Set allowedSuperTypePatterns; + + public ResourceTypeNamespaceValidator( + ValidationMessageSeverity severity, + Set allowedTypePatterns, + Set allowedSuperTypePatterns) { + super(); + this.severity = severity; + this.allowedTypePatterns = allowedTypePatterns; + this.allowedSuperTypePatterns = allowedSuperTypePatterns; + } + + @Override + public @Nullable Collection validate( + @NotNull DocViewNode2 node, @NotNull NodeContext nodeContext, boolean isRoot) { + Collection messages = new LinkedList<>(); + String type = node.getPropertyValue(PROPERTY_NAME_RESOURCE_TYPE).orElse(null); + if (type != null + && allowedTypePatterns.stream() + .noneMatch(pattern -> pattern.matcher(type).matches())) { + messages.add(new ValidationMessage( + severity, + String.format( + "Resource is using type '%s' which is not allowed (does not match any of the allowed patterns [%s])", + type, + allowedTypePatterns.stream().map(Pattern::pattern).collect(Collectors.joining(","))))); + } + String superType = + node.getPropertyValue(PROPERTY_NAME_RESOURCE_SUPER_TYPE).orElse(null); + if (superType != null + && !allowedSuperTypePatterns.isEmpty() + && allowedSuperTypePatterns.stream() + .noneMatch(pattern -> pattern.matcher(superType).matches())) { + messages.add(new ValidationMessage( + severity, + String.format( + "Resource is using super type '%s' which is not allowed (does not match any of the allowed patterns [%s])", + superType, + allowedSuperTypePatterns.stream() + .map(Pattern::pattern) + .collect(Collectors.joining(","))))); + } + return messages; + } + + @Override + public @Nullable Collection done() { + return null; + } +} diff --git a/src/main/java/biz/netcentric/filevault/validator/aem/namespace/ResourceTypeNamespaceValidatorFactory.java b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/ResourceTypeNamespaceValidatorFactory.java new file mode 100644 index 0000000..2288a3a --- /dev/null +++ b/src/main/java/biz/netcentric/filevault/validator/aem/namespace/ResourceTypeNamespaceValidatorFactory.java @@ -0,0 +1,39 @@ +/*- + * #%L + * AEM FileVault Content Package Namespace Validators + * %% + * Copyright (C) 2024 Cognizant Netcentric + * %% + * All rights reserved. This program and the accompanying materials are made available under the terms of the + * Eclipse Public License v2.0 which accompanies this distribution, and is available at + * https://www.eclipse.org/legal/epl-v20.html + * SPDX-License-Identifier: EPL-2.0 + * #L% + */ +package biz.netcentric.filevault.validator.aem.namespace; + +import java.util.Set; +import java.util.regex.Pattern; + +import org.apache.jackrabbit.vault.validation.spi.ValidationContext; +import org.apache.jackrabbit.vault.validation.spi.Validator; +import org.apache.jackrabbit.vault.validation.spi.ValidatorFactory; +import org.apache.jackrabbit.vault.validation.spi.ValidatorSettings; +import org.jetbrains.annotations.NotNull; +import org.kohsuke.MetaInfServices; + +@MetaInfServices(ValidatorFactory.class) +public class ResourceTypeNamespaceValidatorFactory extends AbstractPatternSettingsValidatorFactory { + + public ResourceTypeNamespaceValidatorFactory() { + super("netcentric-resourcetype-namespace", "allowedTypePatterns", true); + } + + @Override + protected Validator createValidator( + @NotNull Set patterns, @NotNull ValidationContext context, @NotNull ValidatorSettings settings) { + Set allowedSuperTypePatterns = + createPatternsFromCommaSeparatedString(settings.getOptions().get("allowedSuperTypePatterns")); + return new ResourceTypeNamespaceValidator(settings.getDefaultSeverity(), patterns, allowedSuperTypePatterns); + } +}