Xinwen Deng / aem-src

DefaultAccessUserProfileHealthCheck.java 4.61 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 
/*
 * Decompiled with CFR 0_118.
 * 
 * Could not load the following classes:
 *  com.adobe.granite.security.user.UserManagementService
 *  javax.jcr.Credentials
 *  javax.jcr.GuestCredentials
 *  javax.jcr.RepositoryException
 *  javax.jcr.Session
 *  org.apache.felix.scr.annotations.Activate
 *  org.apache.felix.scr.annotations.Component
 *  org.apache.felix.scr.annotations.Properties
 *  org.apache.felix.scr.annotations.Property
 *  org.apache.felix.scr.annotations.PropertyUnbounded
 *  org.apache.felix.scr.annotations.Reference
 *  org.apache.felix.scr.annotations.Service
 *  org.apache.sling.hc.api.HealthCheck
 *  org.apache.sling.hc.api.Result
 *  org.apache.sling.hc.api.ResultLog
 *  org.apache.sling.hc.util.FormattingResultLog
 *  org.apache.sling.jcr.api.SlingRepository
 */
package com.adobe.granite.repository.hc.impl;

import com.adobe.granite.security.user.UserManagementService;
import javax.jcr.Credentials;
import javax.jcr.GuestCredentials;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.PropertyUnbounded;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.hc.api.HealthCheck;
import org.apache.sling.hc.api.Result;
import org.apache.sling.hc.api.ResultLog;
import org.apache.sling.hc.util.FormattingResultLog;
import org.apache.sling.jcr.api.SlingRepository;

@Component(metatype=1, label="Adobe Granite User Profile Access Health Check", description="This health check checks if the everyone principal has not read access to user profiles.")
@Properties(value={@Property(name="hc.name", value={"User Profile Default Access"}, propertyPrivate=1), @Property(name="hc.tags", unbounded=PropertyUnbounded.ARRAY, value={"acl", "security"}, label="Tags", description="Tags for this check to be used by composite health checks."), @Property(name="hc.mbean.name", value={"userProfileDefaultAccess"}, propertyPrivate=1)})
@Service(value={HealthCheck.class})
public class DefaultAccessUserProfileHealthCheck
implements HealthCheck {
    private static final String RANDOM_PROFILE_USERHOME_SUBPATH = "/random-42/profile";
    @Reference
    private SlingRepository repository;
    @Reference
    private UserManagementService userManagementService;

    @Activate
    protected void activate() {
    }

    /*
     * WARNING - Removed try catching itself - possible behaviour change.
     */
    public Result execute() {
        FormattingResultLog resultLog;
        block7 : {
            resultLog = new FormattingResultLog();
            Session anonymousSession = null;
            try {
                anonymousSession = this.repository.login((Credentials)new GuestCredentials());
                String userRootPath = this.userManagementService.getUserRootPath();
                if (anonymousSession.hasPermission(userRootPath + "/random-42/profile", "read")) {
                    resultLog.warn("Insecure policies for default user profiles have been found.", new Object[0]);
                    resultLog.warn("[Check section \"Default Access to User Profile(s) is everyone\" in the security guidelines.](https://www.adobe.com/go/aem6_2_docs_security_userprofile_en)", new Object[0]);
                    break block7;
                }
                resultLog.debug("No evidently insecure policy for user profiles has been found.", new Object[0]);
            }
            catch (RepositoryException e) {
                resultLog.warn("Could not login to the repository. Health Check not performed.", new Object[0]);
            }
            finally {
                if (anonymousSession != null && anonymousSession.isLive()) {
                    anonymousSession.logout();
                }
            }
        }
        return new Result((ResultLog)resultLog);
    }

    protected void bindRepository(SlingRepository slingRepository) {
        this.repository = slingRepository;
    }

    protected void unbindRepository(SlingRepository slingRepository) {
        if (this.repository == slingRepository) {
            this.repository = null;
        }
    }

    protected void bindUserManagementService(UserManagementService userManagementService) {
        this.userManagementService = userManagementService;
    }

    protected void unbindUserManagementService(UserManagementService userManagementService) {
        if (this.userManagementService == userManagementService) {
            this.userManagementService = null;
        }
    }
}