1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.setup;
35
36 import info.magnolia.cms.security.Permission;
37 import info.magnolia.commands.impl.MarkNodeAsDeletedCommand;
38 import info.magnolia.jcr.util.NodeTypes;
39 import info.magnolia.module.AbstractModuleVersionHandler;
40 import info.magnolia.module.InstallContext;
41 import info.magnolia.module.delta.AddURIPermissionTask;
42 import info.magnolia.module.delta.ArrayDelegateTask;
43 import info.magnolia.module.delta.BootstrapConditionally;
44 import info.magnolia.module.delta.BootstrapSingleModuleResource;
45 import info.magnolia.module.delta.BootstrapSingleResource;
46 import info.magnolia.module.delta.CheckAndModifyPropertyValueTask;
47 import info.magnolia.module.delta.Condition;
48 import info.magnolia.module.delta.CreateNodeTask;
49 import info.magnolia.module.delta.DeltaBuilder;
50 import info.magnolia.module.delta.FindAndChangeTemplateIdTask;
51 import info.magnolia.module.delta.MoveAndRenamePropertyTask;
52 import info.magnolia.module.delta.NoSameNameSiblingsCondition;
53 import info.magnolia.module.delta.NodeExistsDelegateTask;
54 import info.magnolia.module.delta.OrderFilterBeforeTask;
55 import info.magnolia.module.delta.PartialBootstrapTask;
56 import info.magnolia.module.delta.PropertyExistsDelegateTask;
57 import info.magnolia.module.delta.RemoveInstallFilesTask;
58 import info.magnolia.module.delta.RemoveNodeTask;
59 import info.magnolia.module.delta.RemovePermissionTask;
60 import info.magnolia.module.delta.Task;
61 import info.magnolia.module.delta.WarnTask;
62 import info.magnolia.module.delta.WebXmlConditionsUtil;
63 import info.magnolia.module.delta.WorkspaceXmlConditionsUtil;
64 import info.magnolia.repository.RepositoryConstants;
65 import info.magnolia.setup.for5_0.CheckOrCreateLastActivatedPropertyTask;
66 import info.magnolia.setup.for5_0.ConvertMetaDataUpdateTask;
67 import info.magnolia.setup.for5_0.Register50NodeTypeTask;
68 import info.magnolia.setup.for5_0.RemoveMetaDataInNodeTypeDefinitionTask;
69 import info.magnolia.setup.for5_2.AddActivatableMixinForContentNodeTask;
70 import info.magnolia.setup.for5_2.GrantReadPermissionToRolesTask;
71 import info.magnolia.setup.for5_2.IsNotAProblematicEnvironmentCondition;
72 import info.magnolia.setup.for5_2.RemoveOpenWFEPermissionsTask;
73 import info.magnolia.setup.initial.GenericTasks;
74
75 import java.util.ArrayList;
76 import java.util.List;
77
78 import javax.jcr.ImportUUIDBehavior;
79
80
81
82
83
84 public class CoreModuleVersionHandler extends AbstractModuleVersionHandler {
85 public static final String BOOTSTRAP_AUTHOR_INSTANCE_PROPERTY = "magnolia.bootstrap.authorInstance";
86 protected static final String SECURITY_BASE_ROLE = "security-base";
87
88
89 private final BootstrapConditionally auditTrailManagerTask = new BootstrapConditionally("New auditory log configuration", "Install new configuration for auditory log manager.", "/mgnl-bootstrap/core/config.server.auditLogging.xml");
90 private final BootstrapSingleResource bootstrapFreemarker = new BootstrapSingleResource("Freemarker configuration", "Freemarker template loaders can now be configured in Magnolia. Adds default configuration", "/mgnl-bootstrap/core/config.server.rendering.freemarker.xml");
91 private final CreateNodeTask addFreemarkerSharedVariables = new CreateNodeTask("Freemarker configuration", "Adds sharedVariables node to the Freemarker configuration",
92 RepositoryConstants.CONFIG, "/server/rendering/freemarker", "sharedVariables", NodeTypes.ContentNode.NAME);
93 private final BootstrapSingleResource bootstrapWebContainerResources = new BootstrapSingleResource("Web container resources configuration", "Global configuration which resources are not meant to be handled by Magnolia. For instance JSP files.", "/mgnl-bootstrap/core/config.server.webContainerResources.xml");
94 private final BootstrapSingleModuleResource bootstrapChannelManagement = new BootstrapSingleModuleResource("ChannelManagement configuration", "", "config.server.rendering.channelManagement.xml");
95
96 private final BootstrapSingleModuleResource bootstrapChannelFilter = new BootstrapSingleModuleResource("ChannelFilter configuration", "", "config.server.filters.channel.xml");
97 private final Task placeChannelBeforeLogout = new OrderFilterBeforeTask("channel", new String[] { "logout" });
98 private final Task updateSecurityBaseRole = updateSecurityBaseRole();
99
100 private final Task removeObsoleteInstallFiles = new RemoveInstallFilesTask("Remove obsolete dms templates install files", "templates/dms");
101 private final Task adjustSecurityBaseRole = new ArrayDelegateTask("",
102 new RemovePermissionTask("Remove 'security-base' role permission", SECURITY_BASE_ROLE,
103 RepositoryConstants.USER_ROLES, "/" + SECURITY_BASE_ROLE, Permission.READ),
104 new RemovePermissionTask("Remove obsolete 'security-base' role permission", SECURITY_BASE_ROLE,
105 "uri", "/.magnolia/pages/sendMail*", AddURIPermissionTask.DENY),
106 new RemovePermissionTask("Remove obsolete 'security-base' role permission", SECURITY_BASE_ROLE,
107 "uri", "/.magnolia/pages/groovyInteractiveConsole*", AddURIPermissionTask.DENY)
108 );
109
110 private Task updateSecurityBaseRole() {
111 ArrayDelegateTask permissionsTask = new ArrayDelegateTask("Update security-base role", "Disallow access to view configuration/tools pages");
112 permissionsTask.addTask(new RemovePermissionTask("", "", SECURITY_BASE_ROLE, "uri", "/.magnolia/pages/installedModulesList.html", AddURIPermissionTask.DENY));
113 permissionsTask.addTask(new RemovePermissionTask("", "", SECURITY_BASE_ROLE, "uri", "/.magnolia/pages/jcrUtils.html", AddURIPermissionTask.DENY));
114 permissionsTask.addTask(new RemovePermissionTask("", "", SECURITY_BASE_ROLE, "uri", "/.magnolia/pages/configuration.html", AddURIPermissionTask.DENY));
115 permissionsTask.addTask(new RemovePermissionTask("", "", SECURITY_BASE_ROLE, "uri", "/.magnolia/pages/logViewer.html", AddURIPermissionTask.DENY));
116 permissionsTask.addTask(new RemovePermissionTask("", "", SECURITY_BASE_ROLE, "uri", "/.magnolia/pages/sendMail.html", AddURIPermissionTask.DENY));
117 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/installedModulesList*", AddURIPermissionTask.DENY));
118 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/jcrUtils*", AddURIPermissionTask.DENY));
119 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/configuration*", AddURIPermissionTask.DENY));
120 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/logViewer*", AddURIPermissionTask.DENY));
121
122 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/users*", AddURIPermissionTask.DENY));
123 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/import*", AddURIPermissionTask.DENY));
124 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/export*", AddURIPermissionTask.DENY));
125 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/messages*", AddURIPermissionTask.DENY));
126 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/permission*", AddURIPermissionTask.DENY));
127 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/developmentUtils*", AddURIPermissionTask.DENY));
128 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/activationTools*", AddURIPermissionTask.DENY));
129 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/migrationReport*", AddURIPermissionTask.DENY));
130 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/backup*", AddURIPermissionTask.DENY));
131 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/activationMonitor*", AddURIPermissionTask.DENY));
132 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/installedModulesList*", AddURIPermissionTask.DENY));
133 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/allModulesList*", AddURIPermissionTask.DENY));
134 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/cacheTools*", AddURIPermissionTask.DENY));
135 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/flows*", AddURIPermissionTask.DENY));
136 return permissionsTask;
137 }
138
139 public CoreModuleVersionHandler() {
140 super();
141
142 register(DeltaBuilder.checkPrecondition("4.5", "5.0"));
143
144 register(DeltaBuilder.update("4.5.2", "")
145 .addTask(new PropertyExistsDelegateTask("Fix property name", "", RepositoryConstants.CONFIG, "/server/security/userManagers/system", "realName", new MoveAndRenamePropertyTask("Fix propertyName", "/server/security/userManagers/system", "realName", "/server/security/userManagers/system", "realmName")))
146 .addTask(new PropertyExistsDelegateTask("Fix property name", "", RepositoryConstants.CONFIG, "/server/security/userManagers/admin", "realName", new MoveAndRenamePropertyTask("Fix propertyName", "/server/security/userManagers/admin", "realName", "/server/security/userManagers/admin", "realmName"))));
147
148 register((DeltaBuilder.update("4.5.9", ""))
149 .addTask(new NodeExistsDelegateTask("AuditLogging configurations", "Add auditLogging configurations for delete action", "config", "/server/auditLogging/logConfigurations/delete", null, new PartialBootstrapTask("", "", "/mgnl-bootstrap/core/config.server.auditLogging.xml", "/auditLogging/logConfigurations/delete", ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW)))
150 .addTask(new CheckAndModifyPropertyValueTask("AuditLogging configurations", "Change auditLogging class", "config", "/server/auditLogging", "class", "info.magnolia.logging.AuditLoggingManager", "info.magnolia.audit.AuditLoggingManager"))
151 .addTask(updateSecurityBaseRole));
152 register(DeltaBuilder.update("5.0", "")
153 .addTask(new Register50NodeTypeTask("Register the new M5 node Type", "", RepositoryConstants.CONFIG))
154 .addTask(new RemoveMetaDataInNodeTypeDefinitionTask("Un register the metaData child node", "", RepositoryConstants.CONFIG))
155 .addTask(new ConvertMetaDataUpdateTask("Convert MetaData Task", "Remove the metaData sub node and replace them with mixIn when appropriate"))
156 .addTask(new RemoveNodeTask("Remove PageEditorServlet", "Remove obsolete PageEditorServlet configuration.", RepositoryConstants.CONFIG, "/server/filters/servlets/PageEditorServlet"))
157 .addTask(new RemoveNodeTask("Remove obsolete 'templating-editor' configuration", "", RepositoryConstants.CONFIG, "/modules/magnolia-templating-editor"))
158 .addTask(new PartialBootstrapTask("Bootstrap link transformers", "Bootstrap 'server/rendering/linkManagement/transformers", "/mgnl-bootstrap/core/config.server.rendering.linkManagement.xml", "/linkManagement/transformers")));
159 register((DeltaBuilder.update("5.0.1", ""))
160 .addTask(new CheckAndModifyPropertyValueTask("MIMEMapping", "Change xsl extension mime-type from text/xml to application/xml", RepositoryConstants.CONFIG, "/server/MIMEMapping/xsl", "mime-type", "text/xml", "application/xml"))
161 .addTask(new CheckAndModifyPropertyValueTask("MIMEMapping", "Change xml extension mime-type from text/xml to application/xml", RepositoryConstants.CONFIG, "/server/MIMEMapping/xml", "mime-type", "text/xml", "application/xml")));
162 register((DeltaBuilder.update("5.0.3", ""))
163 .addTask(new PartialBootstrapTask("JSON", "Add JSON mime-type", "/mgnl-bootstrap/core/config.server.MIMEMapping.xml", "/MIMEMapping/json")));
164 register((DeltaBuilder.update("5.1", ""))
165 .addTask(new WarnTask("respectOrderDocument parameter", "As of Magnolia 5.1, the respectOrderDocument parameter has been reintroduced in repo config files and set to true by default. You will need to set it manually for each workspace in your installation. Please, refer to the release notes for more details."))
166 .addTask(new RemoveNodeTask("Remove intercept filter", "Removes no longer used intercept filter.", RepositoryConstants.CONFIG, "/server/filters/cms/intercept")));
167 register((DeltaBuilder.update("5.1.1", ""))
168 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the user superuser", "Set mgnl:lastActivated date of the user superuser (if not set yet)", RepositoryConstants.USERS, "/system/superuser",
169 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USERS, "/system/superuser")))
170 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the user anonymous", "Set mgnl:lastActivated date of the user anonymous (if not set yet)", RepositoryConstants.USERS, "/system/anonymous",
171 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USERS, "/system/anonymous")))
172 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the superuser role", "Set mgnl:lastActivated date of the superuser role (if not set yet)", RepositoryConstants.USER_ROLES, "/superuser",
173 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USER_ROLES, "/superuser")))
174 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the anonymous role", "Set mgnl:lastActivated date of the anonymous role (if not set yet)", RepositoryConstants.USER_ROLES, "/anonymous",
175 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USER_ROLES, "/anonymous")))
176 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the security-base role", "Set mgnl:lastActivated date of the security-base role (if not set yet)", RepositoryConstants.USER_ROLES, "/security-base",
177 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USER_ROLES, "/security-base")))
178 .addTask(new FindAndChangeTemplateIdTask("Change template id mgnlDelete", "Change template id mgnlDeleted to ui-admincentral:deleted for all content marked as deleted in website repository", RepositoryConstants.WEBSITE, "mgnlDeleted", MarkNodeAsDeletedCommand.DELETED_NODE_TEMPLATE))
179 .addTask(new FindAndChangeTemplateIdTask("Change template id adminInterface:mgnlDeleted", "Change template id adminInterface:mgnlDeleted to ui-admincentral:deleted for all content marked as deleted in website repository", RepositoryConstants.WEBSITE, "adminInterface:mgnlDeleted", MarkNodeAsDeletedCommand.DELETED_NODE_TEMPLATE)));
180 register((DeltaBuilder.update("5.1.2", ""))
181 .addTask(new ChangeNodeTypeOfSubAppsTask("Change primary node type of subapps", "If primary node type of subapps node is set to " + NodeTypes.Content.NAME + " then change it to " + NodeTypes.ContentNode.NAME))
182 .addTask(new PartialBootstrapTask("Anonymous user", "Change anonymous user permission. He can't have write access to himself.", "/mgnl-bootstrap/core/users.system.anonymous.xml", "/anonymous/acl_users")));
183 register((DeltaBuilder.update("5.2.1", ""))
184 .addTask(new RemoveOpenWFEPermissionsTask("Find and remove all openWFE permissions from the userroles workspace", ""))
185 .addTask(new GrantReadPermissionToRolesTask("Set read-permission to role itself", "If a role do not have a read permission to itself, add it")));
186 register((DeltaBuilder.update("5.2.2", ""))
187 .addTask(removeObsoleteInstallFiles)
188 .addTask(new AddActivatableMixinForContentNodeTask("Add the mixIn '" + NodeTypes.Activatable.NAME + "' to the '" + NodeTypes.ContentNode.NAME + "' node type definition", "", RepositoryConstants.CONFIG)));
189 register((DeltaBuilder.update("5.2.3", ""))
190 .addTask(new RemovePermissionTask("Remove 'anonymous' role permission", "anonymous",
191 RepositoryConstants.USER_ROLES, "/anonymous", Permission.READ))
192 .addTask(adjustSecurityBaseRole));
193 }
194
195 @Override
196 protected List<Task> getBasicInstallTasks(InstallContext ctx) {
197 final List<Task> tasks = new ArrayList<Task>();
198 tasks.addAll(GenericTasks.genericTasksForNewInstallation());
199 tasks.add(auditTrailManagerTask);
200 tasks.add(bootstrapFreemarker);
201 tasks.add(addFreemarkerSharedVariables);
202 tasks.add(bootstrapWebContainerResources);
203 tasks.add(new BootstrapConditionally("Security", "Bootstraps security-base role.", "/mgnl-bootstrap/core/userroles.security-base.xml"));
204
205 tasks.add(new HashUsersPasswords());
206 tasks.add(bootstrapChannelManagement);
207 tasks.add(bootstrapChannelFilter);
208 tasks.add(placeChannelBeforeLogout);
209
210 return tasks;
211 }
212
213 @Override
214 protected List<Condition> getInstallConditions() {
215 final ArrayList<Condition> conditions = new ArrayList<Condition>();
216
217 conditions.add(new IsNotAProblematicEnvironmentCondition());
218
219 final WebXmlConditionsUtil u = new WebXmlConditionsUtil(conditions);
220 u.servletIsNowWrapped("ActivationHandler");
221 u.servletIsNowWrapped("AdminTreeServlet");
222 u.servletIsNowWrapped("classpathspool");
223 u.servletIsNowWrapped("DialogServlet");
224 u.servletIsNowWrapped("PageServlet");
225 u.servletIsNowWrapped("log4j");
226 u.servletIsNowWrapped("FCKEditorSimpleUploadServlet");
227 u.servletIsDeprecated("uuidRequestDispatcher");
228 u.filterIsDeprecated("info.magnolia.cms.filters.MagnoliaManagedFilter", "info.magnolia.cms.filters.MgnlMainFilter");
229 u.filterMustBeRegisteredWithCorrectDispatchers("info.magnolia.cms.filters.MgnlMainFilter");
230 u.listenerIsDeprecated("info.magnolia.cms.servlets.PropertyInitializer", "info.magnolia.cms.servlets.MgnlServletContextListener");
231 u.listenerIsDeprecated("info.magnolia.cms.beans.config.ShutdownManager", "info.magnolia.cms.servlets.MgnlServletContextListener");
232 final WorkspaceXmlConditionsUtil u2 = new WorkspaceXmlConditionsUtil(conditions);
233 u2.textFilterClassesAreNotSet();
234
235 conditions.add(new SystemTmpDirCondition());
236 conditions.add(new NoSameNameSiblingsCondition());
237
238 return conditions;
239 }
240 }