1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.setup;
35
36 import info.magnolia.cms.security.Permission;
37 import info.magnolia.commands.impl.MarkNodeAsDeletedCommand;
38 import info.magnolia.jcr.util.NodeTypes;
39 import info.magnolia.module.AbstractModuleVersionHandler;
40 import info.magnolia.module.InstallContext;
41 import info.magnolia.module.delta.AddURIPermissionTask;
42 import info.magnolia.module.delta.ArrayDelegateTask;
43 import info.magnolia.module.delta.BootstrapConditionally;
44 import info.magnolia.module.delta.BootstrapSingleModuleResource;
45 import info.magnolia.module.delta.BootstrapSingleResource;
46 import info.magnolia.module.delta.CheckAndModifyPropertyValueTask;
47 import info.magnolia.module.delta.Condition;
48 import info.magnolia.module.delta.DeltaBuilder;
49 import info.magnolia.module.delta.FindAndChangeTemplateIdTask;
50 import info.magnolia.module.delta.FixUserRolePermissionsPropertyTask;
51 import info.magnolia.module.delta.MoveAndRenamePropertyTask;
52 import info.magnolia.module.delta.NoSameNameSiblingsCondition;
53 import info.magnolia.module.delta.NodeExistsDelegateTask;
54 import info.magnolia.module.delta.OrderFilterBeforeTask;
55 import info.magnolia.module.delta.OrderNodeBeforeTask;
56 import info.magnolia.module.delta.PartialBootstrapTask;
57 import info.magnolia.module.delta.PathExistenceDelegateTask;
58 import info.magnolia.module.delta.PropertyExistsDelegateTask;
59 import info.magnolia.module.delta.RemoveInstallFilesTask;
60 import info.magnolia.module.delta.RemoveNodeTask;
61 import info.magnolia.module.delta.RemovePermissionTask;
62 import info.magnolia.module.delta.Task;
63 import info.magnolia.module.delta.WarnTask;
64 import info.magnolia.module.delta.WebXmlConditionsUtil;
65 import info.magnolia.module.delta.WorkspaceXmlConditionsUtil;
66 import info.magnolia.repository.RepositoryConstants;
67 import info.magnolia.repository.RepositoryManager;
68 import info.magnolia.setup.for5_0.CheckOrCreateLastActivatedPropertyTask;
69 import info.magnolia.setup.for5_0.ConvertMetaDataUpdateTask;
70 import info.magnolia.setup.for5_0.Register50NodeTypeTask;
71 import info.magnolia.setup.for5_0.RemoveMetaDataInNodeTypeDefinitionTask;
72 import info.magnolia.setup.for5_2.AddActivatableMixinForContentNodeTask;
73 import info.magnolia.setup.for5_2.GrantReadPermissionToRolesTask;
74 import info.magnolia.setup.for5_2.IsNotAProblematicEnvironmentCondition;
75 import info.magnolia.setup.for5_2.RemoveOpenWFEPermissionsTask;
76 import info.magnolia.setup.initial.GenericTasks;
77
78 import java.util.ArrayList;
79 import java.util.Arrays;
80 import java.util.List;
81
82 import javax.inject.Inject;
83 import javax.jcr.ImportUUIDBehavior;
84
85
86
87
88
89 public class CoreModuleVersionHandler extends AbstractModuleVersionHandler {
90 public static final String BOOTSTRAP_AUTHOR_INSTANCE_PROPERTY = "magnolia.bootstrap.authorInstance";
91 public static final String SECURITY_BASE_ROLE = "security-base";
92
93
94 private final BootstrapConditionally auditTrailManagerTask = new BootstrapConditionally("New auditory log configuration", "Install new configuration for auditory log manager.", "/mgnl-bootstrap/core/config.server.auditLogging.xml");
95 private final BootstrapSingleResource bootstrapWebContainerResources = new BootstrapSingleResource("Web container resources configuration", "Global configuration which resources are not meant to be handled by Magnolia. For instance JSP files.", "/mgnl-bootstrap/core/config.server.webContainerResources.xml");
96 private final BootstrapSingleModuleResource bootstrapChannelManagement = new BootstrapSingleModuleResource("ChannelManagement configuration", "", "config.server.rendering.channelManagement.xml");
97
98 private final BootstrapSingleModuleResource bootstrapChannelFilter = new BootstrapSingleModuleResource("ChannelFilter configuration", "", "config.server.filters.channel.xml");
99 private final Task placeChannelBeforeLogout = new OrderFilterBeforeTask("channel", new String[]{"logout"});
100
101 private final Task removeObsoleteInstallFiles = new RemoveInstallFilesTask("Remove obsolete dms templates install files", "templates/dms");
102
103 private final RepositoryManager repositoryManager;
104
105
106
107
108 protected static List<String> PERMISSIONS_FOR_LEGACY_PAGES = Arrays.asList(
109 "/.magnolia/pages/messages*",
110 "/.magnolia/pages/installedModulesList*",
111 "/.magnolia/pages/jcrUtils*",
112 "/.magnolia/pages/configuration*",
113 "/.magnolia/pages/logViewer*",
114 "/.magnolia/pages/sendMail*",
115 "/.magnolia/pages/users*",
116 "/.magnolia/pages/activationTools*",
117 "/.magnolia/pages/activationMonitor*",
118 "/.magnolia/pages/groovyInteractiveConsole*",
119 "/.magnolia/pages/migrationReport*",
120 "/.magnolia/pages/backup*",
121 "/.magnolia/pages/allModulesList*",
122 "/.magnolia/pages/cacheTools*",
123 "/.magnolia/pages/flows*",
124 "/.magnolia/pages/import*",
125 "/.magnolia/pages/export*",
126 "/.magnolia/pages/permission*",
127 "/.magnolia/pages/developmentUtils*"
128 );
129
130 protected Task updateSecurityBaseRolePermissions() {
131 ArrayDelegateTask permissionsTask = new ArrayDelegateTask("Update security-base role", "Disallows access to some sensitive URIs and grants basic access to AdminCentral.");
132 for (String path : PERMISSIONS_FOR_LEGACY_PAGES) {
133 permissionsTask.addTask(new RemovePermissionTask("", SECURITY_BASE_ROLE, "uri", path, AddURIPermissionTask.DENY));
134 }
135 permissionsTask.addTask(new RemovePermissionTask("", SECURITY_BASE_ROLE, RepositoryConstants.USER_ROLES, "/" + SECURITY_BASE_ROLE, Permission.READ));
136 return permissionsTask;
137 }
138
139 @Inject
140 public CoreModuleVersionHandler(RepositoryManager repositoryManager) {
141 super();
142 this.repositoryManager = repositoryManager;
143
144 register(DeltaBuilder.checkPrecondition("4.5", "5.0"));
145
146 register(DeltaBuilder.update("4.5.2", "")
147 .addTask(new PropertyExistsDelegateTask("Fix property name", "", RepositoryConstants.CONFIG, "/server/security/userManagers/system", "realName", new MoveAndRenamePropertyTask("Fix propertyName", "/server/security/userManagers/system", "realName", "/server/security/userManagers/system", "realmName")))
148 .addTask(new PropertyExistsDelegateTask("Fix property name", "", RepositoryConstants.CONFIG, "/server/security/userManagers/admin", "realName", new MoveAndRenamePropertyTask("Fix propertyName", "/server/security/userManagers/admin", "realName", "/server/security/userManagers/admin", "realmName"))));
149
150 register((DeltaBuilder.update("4.5.9", ""))
151 .addTask(new NodeExistsDelegateTask("AuditLogging configurations", "Add auditLogging configurations for delete action", "config", "/server/auditLogging/logConfigurations/delete", null, new PartialBootstrapTask("", "", "/mgnl-bootstrap/core/config.server.auditLogging.xml", "/auditLogging/logConfigurations/delete", ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW)))
152 .addTask(new CheckAndModifyPropertyValueTask("AuditLogging configurations", "Change auditLogging class", "config", "/server/auditLogging", "class", "info.magnolia.logging.AuditLoggingManager", "info.magnolia.audit.AuditLoggingManager")));
153
154 register(DeltaBuilder.update("5.0", "")
155 .addTask(new Register50NodeTypeTask("Register the new M5 node Type", "", RepositoryConstants.CONFIG))
156 .addTask(new RemoveMetaDataInNodeTypeDefinitionTask("Un register the metaData child node", "", RepositoryConstants.CONFIG))
157 .addTask(new ConvertMetaDataUpdateTask("Convert MetaData Task", "Remove the metaData sub node and replace them with mixIn when appropriate"))
158 .addTask(new RemoveNodeTask("Remove PageEditorServlet", "Remove obsolete PageEditorServlet configuration.", RepositoryConstants.CONFIG, "/server/filters/servlets/PageEditorServlet"))
159 .addTask(new RemoveNodeTask("Remove obsolete 'templating-editor' configuration", "", RepositoryConstants.CONFIG, "/modules/magnolia-templating-editor"))
160 .addTask(new PartialBootstrapTask("Bootstrap link transformers", "Bootstrap 'server/rendering/linkManagement/transformers", "/mgnl-bootstrap/core/config.server.rendering.linkManagement.xml", "/linkManagement/transformers")));
161 register((DeltaBuilder.update("5.0.1", ""))
162 .addTask(new CheckAndModifyPropertyValueTask("MIMEMapping", "Change xsl extension mime-type from text/xml to application/xml", RepositoryConstants.CONFIG, "/server/MIMEMapping/xsl", "mime-type", "text/xml", "application/xml"))
163 .addTask(new CheckAndModifyPropertyValueTask("MIMEMapping", "Change xml extension mime-type from text/xml to application/xml", RepositoryConstants.CONFIG, "/server/MIMEMapping/xml", "mime-type", "text/xml", "application/xml")));
164 register((DeltaBuilder.update("5.0.3", ""))
165 .addTask(new PartialBootstrapTask("JSON", "Add JSON mime-type", "/mgnl-bootstrap/core/config.server.MIMEMapping.xml", "/MIMEMapping/json")));
166 register((DeltaBuilder.update("5.1", ""))
167 .addTask(new WarnTask("respectOrderDocument parameter", "As of Magnolia 5.1, the respectOrderDocument parameter has been reintroduced in repo config files and set to true by default. You will need to set it manually for each workspace in your installation. Please, refer to the release notes for more details."))
168 .addTask(new RemoveNodeTask("Remove intercept filter", "Removes no longer used intercept filter.", RepositoryConstants.CONFIG, "/server/filters/cms/intercept")));
169 register((DeltaBuilder.update("5.1.1", ""))
170 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the user superuser", "Set mgnl:lastActivated date of the user superuser (if not set yet)", RepositoryConstants.USERS, "/system/superuser",
171 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USERS, "/system/superuser")))
172 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the user anonymous", "Set mgnl:lastActivated date of the user anonymous (if not set yet)", RepositoryConstants.USERS, "/system/anonymous",
173 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USERS, "/system/anonymous")))
174 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the superuser role", "Set mgnl:lastActivated date of the superuser role (if not set yet)", RepositoryConstants.USER_ROLES, "/superuser",
175 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USER_ROLES, "/superuser")))
176 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the anonymous role", "Set mgnl:lastActivated date of the anonymous role (if not set yet)", RepositoryConstants.USER_ROLES, "/anonymous",
177 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USER_ROLES, "/anonymous")))
178 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the security-base role", "Set mgnl:lastActivated date of the security-base role (if not set yet)", RepositoryConstants.USER_ROLES, "/security-base",
179 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USER_ROLES, "/security-base")))
180 .addTask(new FindAndChangeTemplateIdTask("Change template id mgnlDelete", "Change template id mgnlDeleted to ui-admincentral:deleted for all content marked as deleted in website repository", RepositoryConstants.WEBSITE, "mgnlDeleted", MarkNodeAsDeletedCommand.DELETED_NODE_TEMPLATE))
181 .addTask(new FindAndChangeTemplateIdTask("Change template id adminInterface:mgnlDeleted", "Change template id adminInterface:mgnlDeleted to ui-admincentral:deleted for all content marked as deleted in website repository", RepositoryConstants.WEBSITE, "adminInterface:mgnlDeleted", MarkNodeAsDeletedCommand.DELETED_NODE_TEMPLATE)));
182 register((DeltaBuilder.update("5.1.2", ""))
183 .addTask(new ChangeNodeTypeOfSubAppsTask("Change primary node type of subapps", "If primary node type of subapps node is set to " + NodeTypes.Content.NAME + " then change it to " + NodeTypes.ContentNode.NAME))
184 .addTask(new PartialBootstrapTask("Anonymous user", "Change anonymous user permission. He can't have write access to himself.", "/mgnl-bootstrap/core/users.system.anonymous.xml", "/anonymous/acl_users")));
185
186 register((DeltaBuilder.update("5.2.1", ""))
187 .addTask(new RemoveOpenWFEPermissionsTask("Find and remove all openWFE permissions from the userroles workspace", ""))
188 .addTask(new GrantReadPermissionToRolesTask("Set read-permission to role itself", "If a role do not have a read permission to itself, add it")));
189 register((DeltaBuilder.update("5.2.2", ""))
190 .addTask(removeObsoleteInstallFiles)
191 .addTask(new AddActivatableMixinForContentNodeTask("Add the mixIn '" + NodeTypes.Activatable.NAME + "' to the '" + NodeTypes.ContentNode.NAME + "' node type definition", "", RepositoryConstants.CONFIG)));
192 register((DeltaBuilder.update("5.2.3", ""))
193 .addTask(new RemovePermissionTask("Remove 'anonymous' role permission", "anonymous", RepositoryConstants.USER_ROLES, "/anonymous", Permission.READ)));
194
195 register((DeltaBuilder.update("5.3.2", ""))
196 .addTask(new NodeExistsDelegateTask("Add csrfSecurity Filter", "/server/filters/csrfSecurity",
197
198 new PathExistenceDelegateTask("Add csrfSecurity Filter", "", new String[]{"/server/filters/csrfSecurity/bypasses/BypassWhenVaadinRequest"}, new String[]{"/server/filters/csrfSecurity/bypasses/BypassWhenNotInAdminCentral", "/server/filters/csrfSecurity/bypasses/BypassWhenNotAuthenticated", "/server/filters/csrfSecurity/bypasses/BypassWhenNoQueryParameters"},
199 new PartialBootstrapTask("Add csrfSecurity Filter", "", "/mgnl-bootstrap/core/config.server.filters.xml", "/filters/csrfSecurity/bypasses/BypassWhenVaadinRequest", ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW)),
200
201 new PartialBootstrapTask("Add csrfSecurity Filter", "", "/mgnl-bootstrap/core/config.server.filters.xml", "/filters/csrfSecurity", ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW)))
202 .addTask(new NodeExistsDelegateTask("Order csrfSecurity Filter", "Put csrfSecurity before uriSecurity Filter.", RepositoryConstants.CONFIG, "/server/filters/uriSecurity",
203 new OrderNodeBeforeTask("Order csrfSecurity Filter", "Put csrfSecurity before uriSecurity Filter.", RepositoryConstants.CONFIG, "/server/filters/csrfSecurity", "uriSecurity"),
204 new WarnTask("CSRF Security Filter is inactive.", "CSRF Security Filter inactive. The installed csrfFilter would normally be ordered before the uriSecurity filter, but could not be moved there as a uriFilter node does not exist in the /server/filters node. The installed csrfFilter must be movded up the filters list manually.")))
205 .addTask(new NodeExistsDelegateTask("Add csrfSecurity Filter", "/server/auditLogging/logConfigurations/security", null,
206 new PartialBootstrapTask("Add 'security' AuditLogging logConfiguration.", "", "/mgnl-bootstrap/core/config.server.auditLogging.xml", "/auditLogging/logConfigurations/security", ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW))));
207
208 register((DeltaBuilder.update("5.3.5", ""))
209
210 .addTask(new FixUserRolePermissionsPropertyTask("/superuser")));
211
212 register((DeltaBuilder.update("5.4.1", ""))
213 .addTask(updateSecurityBaseRolePermissions()));
214
215 }
216
217 @Override
218 protected List<Task> getBasicInstallTasks(InstallContext ctx) {
219 final List<Task> tasks = new ArrayList<Task>();
220 tasks.addAll(GenericTasks.genericTasksForNewInstallation());
221 tasks.add(auditTrailManagerTask);
222 tasks.add(bootstrapWebContainerResources);
223 tasks.add(new BootstrapConditionally("Security", "Bootstraps security-base role.", "/mgnl-bootstrap/core/userroles.security-base.xml"));
224
225 tasks.add(new HashUsersPasswords());
226 tasks.add(bootstrapChannelManagement);
227 tasks.add(bootstrapChannelFilter);
228 tasks.add(placeChannelBeforeLogout);
229
230 return tasks;
231 }
232
233 @Override
234 protected List<Condition> getInstallConditions() {
235 final ArrayList<Condition> conditions = new ArrayList<Condition>();
236
237 conditions.add(new IsNotAProblematicEnvironmentCondition());
238
239 final WebXmlConditionsUtil u = new WebXmlConditionsUtil(conditions);
240 u.servletIsNowWrapped("ActivationHandler");
241 u.servletIsNowWrapped("AdminTreeServlet");
242 u.servletIsNowWrapped("classpathspool");
243 u.servletIsNowWrapped("DialogServlet");
244 u.servletIsNowWrapped("PageServlet");
245 u.servletIsNowWrapped("log4j");
246 u.servletIsNowWrapped("FCKEditorSimpleUploadServlet");
247 u.servletIsDeprecated("uuidRequestDispatcher");
248 u.filterIsDeprecated("info.magnolia.cms.filters.MagnoliaManagedFilter", "info.magnolia.cms.filters.MgnlMainFilter");
249 u.filterMustBeRegisteredWithCorrectDispatchers("info.magnolia.cms.filters.MgnlMainFilter");
250 u.listenerIsDeprecated("info.magnolia.cms.servlets.PropertyInitializer", "info.magnolia.cms.servlets.MgnlServletContextListener");
251 u.listenerIsDeprecated("info.magnolia.cms.beans.config.ShutdownManager", "info.magnolia.cms.servlets.MgnlServletContextListener");
252 final WorkspaceXmlConditionsUtil u2 = new WorkspaceXmlConditionsUtil(conditions);
253 u2.textFilterClassesAreNotSet();
254
255 conditions.add(new SystemTmpDirCondition());
256 conditions.add(new NoSameNameSiblingsCondition(repositoryManager));
257
258 return conditions;
259 }
260 }
261