1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.setup;
35
36 import info.magnolia.cms.security.Permission;
37 import info.magnolia.commands.impl.MarkNodeAsDeletedCommand;
38 import info.magnolia.jcr.util.NodeTypes;
39 import info.magnolia.module.AbstractModuleVersionHandler;
40 import info.magnolia.module.InstallContext;
41 import info.magnolia.module.delta.AddURIPermissionTask;
42 import info.magnolia.module.delta.ArrayDelegateTask;
43 import info.magnolia.module.delta.BootstrapConditionally;
44 import info.magnolia.module.delta.BootstrapSingleModuleResource;
45 import info.magnolia.module.delta.BootstrapSingleResource;
46 import info.magnolia.module.delta.CheckAndModifyPropertyValueTask;
47 import info.magnolia.module.delta.Condition;
48 import info.magnolia.module.delta.DeltaBuilder;
49 import info.magnolia.module.delta.FindAndChangeTemplateIdTask;
50 import info.magnolia.module.delta.FixUserRolePermissionsPropertyTask;
51 import info.magnolia.module.delta.MoveAndRenamePropertyTask;
52 import info.magnolia.module.delta.NoSameNameSiblingsCondition;
53 import info.magnolia.module.delta.NodeExistsDelegateTask;
54 import info.magnolia.module.delta.OrderFilterBeforeTask;
55 import info.magnolia.module.delta.OrderNodeBeforeTask;
56 import info.magnolia.module.delta.PartialBootstrapTask;
57 import info.magnolia.module.delta.PathExistenceDelegateTask;
58 import info.magnolia.module.delta.PropertyExistsDelegateTask;
59 import info.magnolia.module.delta.RemoveInstallFilesTask;
60 import info.magnolia.module.delta.RemoveNodeTask;
61 import info.magnolia.module.delta.RemovePermissionTask;
62 import info.magnolia.module.delta.Task;
63 import info.magnolia.module.delta.WarnTask;
64 import info.magnolia.module.delta.WebXmlConditionsUtil;
65 import info.magnolia.module.delta.WorkspaceXmlConditionsUtil;
66 import info.magnolia.repository.RepositoryConstants;
67 import info.magnolia.repository.RepositoryManager;
68 import info.magnolia.setup.for5_0.CheckOrCreateLastActivatedPropertyTask;
69 import info.magnolia.setup.for5_0.ConvertMetaDataUpdateTask;
70 import info.magnolia.setup.for5_0.Register50NodeTypeTask;
71 import info.magnolia.setup.for5_0.RemoveMetaDataInNodeTypeDefinitionTask;
72 import info.magnolia.setup.for5_2.AddActivatableMixinForContentNodeTask;
73 import info.magnolia.setup.for5_2.GrantReadPermissionToRolesTask;
74 import info.magnolia.setup.for5_2.IsNotAProblematicEnvironmentCondition;
75 import info.magnolia.setup.for5_2.RemoveOpenWFEPermissionsTask;
76 import info.magnolia.setup.initial.GenericTasks;
77
78 import java.util.ArrayList;
79 import java.util.List;
80
81 import javax.inject.Inject;
82 import javax.jcr.ImportUUIDBehavior;
83
84
85
86
87
88 public class CoreModuleVersionHandler extends AbstractModuleVersionHandler {
89 public static final String BOOTSTRAP_AUTHOR_INSTANCE_PROPERTY = "magnolia.bootstrap.authorInstance";
90 protected static final String SECURITY_BASE_ROLE = "security-base";
91
92
93 private final BootstrapConditionally auditTrailManagerTask = new BootstrapConditionally("New auditory log configuration", "Install new configuration for auditory log manager.", "/mgnl-bootstrap/core/config.server.auditLogging.xml");
94 private final BootstrapSingleResource bootstrapWebContainerResources = new BootstrapSingleResource("Web container resources configuration", "Global configuration which resources are not meant to be handled by Magnolia. For instance JSP files.", "/mgnl-bootstrap/core/config.server.webContainerResources.xml");
95 private final BootstrapSingleModuleResource bootstrapChannelManagement = new BootstrapSingleModuleResource("ChannelManagement configuration", "", "config.server.rendering.channelManagement.xml");
96
97 private final BootstrapSingleModuleResource bootstrapChannelFilter = new BootstrapSingleModuleResource("ChannelFilter configuration", "", "config.server.filters.channel.xml");
98 private final Task placeChannelBeforeLogout = new OrderFilterBeforeTask("channel", new String[]{"logout"});
99 private final Task updateSecurityBaseRole = updateSecurityBaseRole();
100
101 private final Task removeObsoleteInstallFiles = new RemoveInstallFilesTask("Remove obsolete dms templates install files", "templates/dms");
102 private final Task adjustSecurityBaseRole = new ArrayDelegateTask("",
103 new RemovePermissionTask("Remove 'security-base' role permission", SECURITY_BASE_ROLE,
104 RepositoryConstants.USER_ROLES, "/" + SECURITY_BASE_ROLE, Permission.READ),
105 new RemovePermissionTask("Remove obsolete 'security-base' role permission", SECURITY_BASE_ROLE,
106 "uri", "/.magnolia/pages/sendMail*", AddURIPermissionTask.DENY),
107 new RemovePermissionTask("Remove obsolete 'security-base' role permission", SECURITY_BASE_ROLE,
108 "uri", "/.magnolia/pages/groovyInteractiveConsole*", AddURIPermissionTask.DENY)
109 );
110 private final RepositoryManager repositoryManager;
111
112 private Task updateSecurityBaseRole() {
113 ArrayDelegateTask permissionsTask = new ArrayDelegateTask("Update security-base role", "Disallow access to view configuration/tools pages");
114 permissionsTask.addTask(new RemovePermissionTask("", "", SECURITY_BASE_ROLE, "uri", "/.magnolia/pages/installedModulesList.html", AddURIPermissionTask.DENY));
115 permissionsTask.addTask(new RemovePermissionTask("", "", SECURITY_BASE_ROLE, "uri", "/.magnolia/pages/jcrUtils.html", AddURIPermissionTask.DENY));
116 permissionsTask.addTask(new RemovePermissionTask("", "", SECURITY_BASE_ROLE, "uri", "/.magnolia/pages/configuration.html", AddURIPermissionTask.DENY));
117 permissionsTask.addTask(new RemovePermissionTask("", "", SECURITY_BASE_ROLE, "uri", "/.magnolia/pages/logViewer.html", AddURIPermissionTask.DENY));
118 permissionsTask.addTask(new RemovePermissionTask("", "", SECURITY_BASE_ROLE, "uri", "/.magnolia/pages/sendMail.html", AddURIPermissionTask.DENY));
119 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/installedModulesList*", AddURIPermissionTask.DENY));
120 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/jcrUtils*", AddURIPermissionTask.DENY));
121 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/configuration*", AddURIPermissionTask.DENY));
122 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/logViewer*", AddURIPermissionTask.DENY));
123
124 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/users*", AddURIPermissionTask.DENY));
125 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/import*", AddURIPermissionTask.DENY));
126 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/export*", AddURIPermissionTask.DENY));
127 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/permission*", AddURIPermissionTask.DENY));
128 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/developmentUtils*", AddURIPermissionTask.DENY));
129 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/activationTools*", AddURIPermissionTask.DENY));
130 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/migrationReport*", AddURIPermissionTask.DENY));
131 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/backup*", AddURIPermissionTask.DENY));
132 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/activationMonitor*", AddURIPermissionTask.DENY));
133 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/installedModulesList*", AddURIPermissionTask.DENY));
134 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/allModulesList*", AddURIPermissionTask.DENY));
135 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/cacheTools*", AddURIPermissionTask.DENY));
136 permissionsTask.addTask(new AddURIPermissionTask("", "", SECURITY_BASE_ROLE, "/.magnolia/pages/flows*", AddURIPermissionTask.DENY));
137 return permissionsTask;
138 }
139
140 @Inject
141 public CoreModuleVersionHandler(RepositoryManager repositoryManager) {
142 super();
143 this.repositoryManager = repositoryManager;
144
145 register(DeltaBuilder.checkPrecondition("4.5", "5.0"));
146
147 register(DeltaBuilder.update("4.5.2", "")
148 .addTask(new PropertyExistsDelegateTask("Fix property name", "", RepositoryConstants.CONFIG, "/server/security/userManagers/system", "realName", new MoveAndRenamePropertyTask("Fix propertyName", "/server/security/userManagers/system", "realName", "/server/security/userManagers/system", "realmName")))
149 .addTask(new PropertyExistsDelegateTask("Fix property name", "", RepositoryConstants.CONFIG, "/server/security/userManagers/admin", "realName", new MoveAndRenamePropertyTask("Fix propertyName", "/server/security/userManagers/admin", "realName", "/server/security/userManagers/admin", "realmName"))));
150
151 register((DeltaBuilder.update("4.5.9", ""))
152 .addTask(new NodeExistsDelegateTask("AuditLogging configurations", "Add auditLogging configurations for delete action", "config", "/server/auditLogging/logConfigurations/delete", null, new PartialBootstrapTask("", "", "/mgnl-bootstrap/core/config.server.auditLogging.xml", "/auditLogging/logConfigurations/delete", ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW)))
153 .addTask(new CheckAndModifyPropertyValueTask("AuditLogging configurations", "Change auditLogging class", "config", "/server/auditLogging", "class", "info.magnolia.logging.AuditLoggingManager", "info.magnolia.audit.AuditLoggingManager"))
154 .addTask(updateSecurityBaseRole));
155 register(DeltaBuilder.update("5.0", "")
156 .addTask(new Register50NodeTypeTask("Register the new M5 node Type", "", RepositoryConstants.CONFIG))
157 .addTask(new RemoveMetaDataInNodeTypeDefinitionTask("Un register the metaData child node", "", RepositoryConstants.CONFIG))
158 .addTask(new ConvertMetaDataUpdateTask("Convert MetaData Task", "Remove the metaData sub node and replace them with mixIn when appropriate"))
159 .addTask(new RemoveNodeTask("Remove PageEditorServlet", "Remove obsolete PageEditorServlet configuration.", RepositoryConstants.CONFIG, "/server/filters/servlets/PageEditorServlet"))
160 .addTask(new RemoveNodeTask("Remove obsolete 'templating-editor' configuration", "", RepositoryConstants.CONFIG, "/modules/magnolia-templating-editor"))
161 .addTask(new PartialBootstrapTask("Bootstrap link transformers", "Bootstrap 'server/rendering/linkManagement/transformers", "/mgnl-bootstrap/core/config.server.rendering.linkManagement.xml", "/linkManagement/transformers")));
162 register((DeltaBuilder.update("5.0.1", ""))
163 .addTask(new CheckAndModifyPropertyValueTask("MIMEMapping", "Change xsl extension mime-type from text/xml to application/xml", RepositoryConstants.CONFIG, "/server/MIMEMapping/xsl", "mime-type", "text/xml", "application/xml"))
164 .addTask(new CheckAndModifyPropertyValueTask("MIMEMapping", "Change xml extension mime-type from text/xml to application/xml", RepositoryConstants.CONFIG, "/server/MIMEMapping/xml", "mime-type", "text/xml", "application/xml")));
165 register((DeltaBuilder.update("5.0.3", ""))
166 .addTask(new PartialBootstrapTask("JSON", "Add JSON mime-type", "/mgnl-bootstrap/core/config.server.MIMEMapping.xml", "/MIMEMapping/json")));
167 register((DeltaBuilder.update("5.1", ""))
168 .addTask(new WarnTask("respectOrderDocument parameter", "As of Magnolia 5.1, the respectOrderDocument parameter has been reintroduced in repo config files and set to true by default. You will need to set it manually for each workspace in your installation. Please, refer to the release notes for more details."))
169 .addTask(new RemoveNodeTask("Remove intercept filter", "Removes no longer used intercept filter.", RepositoryConstants.CONFIG, "/server/filters/cms/intercept")));
170 register((DeltaBuilder.update("5.1.1", ""))
171 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the user superuser", "Set mgnl:lastActivated date of the user superuser (if not set yet)", RepositoryConstants.USERS, "/system/superuser",
172 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USERS, "/system/superuser")))
173 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the user anonymous", "Set mgnl:lastActivated date of the user anonymous (if not set yet)", RepositoryConstants.USERS, "/system/anonymous",
174 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USERS, "/system/anonymous")))
175 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the superuser role", "Set mgnl:lastActivated date of the superuser role (if not set yet)", RepositoryConstants.USER_ROLES, "/superuser",
176 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USER_ROLES, "/superuser")))
177 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the anonymous role", "Set mgnl:lastActivated date of the anonymous role (if not set yet)", RepositoryConstants.USER_ROLES, "/anonymous",
178 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USER_ROLES, "/anonymous")))
179 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the security-base role", "Set mgnl:lastActivated date of the security-base role (if not set yet)", RepositoryConstants.USER_ROLES, "/security-base",
180 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USER_ROLES, "/security-base")))
181 .addTask(new FindAndChangeTemplateIdTask("Change template id mgnlDelete", "Change template id mgnlDeleted to ui-admincentral:deleted for all content marked as deleted in website repository", RepositoryConstants.WEBSITE, "mgnlDeleted", MarkNodeAsDeletedCommand.DELETED_NODE_TEMPLATE))
182 .addTask(new FindAndChangeTemplateIdTask("Change template id adminInterface:mgnlDeleted", "Change template id adminInterface:mgnlDeleted to ui-admincentral:deleted for all content marked as deleted in website repository", RepositoryConstants.WEBSITE, "adminInterface:mgnlDeleted", MarkNodeAsDeletedCommand.DELETED_NODE_TEMPLATE)));
183 register((DeltaBuilder.update("5.1.2", ""))
184 .addTask(new ChangeNodeTypeOfSubAppsTask("Change primary node type of subapps", "If primary node type of subapps node is set to " + NodeTypes.Content.NAME + " then change it to " + NodeTypes.ContentNode.NAME))
185 .addTask(new PartialBootstrapTask("Anonymous user", "Change anonymous user permission. He can't have write access to himself.", "/mgnl-bootstrap/core/users.system.anonymous.xml", "/anonymous/acl_users")));
186
187 register((DeltaBuilder.update("5.2.1", ""))
188 .addTask(new RemoveOpenWFEPermissionsTask("Find and remove all openWFE permissions from the userroles workspace", ""))
189 .addTask(new GrantReadPermissionToRolesTask("Set read-permission to role itself", "If a role do not have a read permission to itself, add it")));
190 register((DeltaBuilder.update("5.2.2", ""))
191 .addTask(removeObsoleteInstallFiles)
192 .addTask(new AddActivatableMixinForContentNodeTask("Add the mixIn '" + NodeTypes.Activatable.NAME + "' to the '" + NodeTypes.ContentNode.NAME + "' node type definition", "", RepositoryConstants.CONFIG)));
193 register((DeltaBuilder.update("5.2.3", ""))
194 .addTask(new RemovePermissionTask("Remove 'anonymous' role permission", "anonymous",
195 RepositoryConstants.USER_ROLES, "/anonymous", Permission.READ))
196 .addTask(adjustSecurityBaseRole));
197
198 register((DeltaBuilder.update("5.3.2", ""))
199 .addTask(new NodeExistsDelegateTask("Add csrfSecurity Filter", "/server/filters/csrfSecurity",
200
201 new PathExistenceDelegateTask("Add csrfSecurity Filter", "", new String[]{"/server/filters/csrfSecurity/bypasses/BypassWhenVaadinRequest"}, new String[]{"/server/filters/csrfSecurity/bypasses/BypassWhenNotInAdminCentral", "/server/filters/csrfSecurity/bypasses/BypassWhenNotAuthenticated", "/server/filters/csrfSecurity/bypasses/BypassWhenNoQueryParameters"},
202 new PartialBootstrapTask("Add csrfSecurity Filter", "", "/mgnl-bootstrap/core/config.server.filters.xml", "/filters/csrfSecurity/bypasses/BypassWhenVaadinRequest", ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW)),
203
204 new PartialBootstrapTask("Add csrfSecurity Filter", "", "/mgnl-bootstrap/core/config.server.filters.xml", "/filters/csrfSecurity", ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW)))
205 .addTask(new NodeExistsDelegateTask("Order csrfSecurity Filter", "Put csrfSecurity before uriSecurity Filter.", RepositoryConstants.CONFIG, "/server/filters/uriSecurity",
206 new OrderNodeBeforeTask("Order csrfSecurity Filter", "Put csrfSecurity before uriSecurity Filter.", RepositoryConstants.CONFIG, "/server/filters/csrfSecurity", "uriSecurity"),
207 new WarnTask("CSRF Security Filter is inactive.", "CSRF Security Filter inactive. The installed csrfFilter would normally be ordered before the uriSecurity filter, but could not be moved there as a uriFilter node does not exist in the /server/filters node. The installed csrfFilter must be movded up the filters list manually.")))
208 .addTask(new NodeExistsDelegateTask("Add csrfSecurity Filter", "/server/auditLogging/logConfigurations/security", null,
209 new PartialBootstrapTask("Add 'security' AuditLogging logConfiguration.", "", "/mgnl-bootstrap/core/config.server.auditLogging.xml", "/auditLogging/logConfigurations/security", ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW))));
210
211 register((DeltaBuilder.update("5.3.5", ""))
212 .addTask(new RemovePermissionTask("Edit security-base role", "Remove messages page deny rule", "security-base", "uri", "/.magnolia/pages/messages*", AddURIPermissionTask.DENY))
213 .addTask(new FixUserRolePermissionsPropertyTask("/superuser")));
214
215
216 }
217
218 @Override
219 protected List<Task> getBasicInstallTasks(InstallContext ctx) {
220 final List<Task> tasks = new ArrayList<Task>();
221 tasks.addAll(GenericTasks.genericTasksForNewInstallation());
222 tasks.add(auditTrailManagerTask);
223 tasks.add(bootstrapWebContainerResources);
224 tasks.add(new BootstrapConditionally("Security", "Bootstraps security-base role.", "/mgnl-bootstrap/core/userroles.security-base.xml"));
225
226 tasks.add(new HashUsersPasswords());
227 tasks.add(bootstrapChannelManagement);
228 tasks.add(bootstrapChannelFilter);
229 tasks.add(placeChannelBeforeLogout);
230
231 return tasks;
232 }
233
234 @Override
235 protected List<Condition> getInstallConditions() {
236 final ArrayList<Condition> conditions = new ArrayList<Condition>();
237
238 conditions.add(new IsNotAProblematicEnvironmentCondition());
239
240 final WebXmlConditionsUtil u = new WebXmlConditionsUtil(conditions);
241 u.servletIsNowWrapped("ActivationHandler");
242 u.servletIsNowWrapped("AdminTreeServlet");
243 u.servletIsNowWrapped("classpathspool");
244 u.servletIsNowWrapped("DialogServlet");
245 u.servletIsNowWrapped("PageServlet");
246 u.servletIsNowWrapped("log4j");
247 u.servletIsNowWrapped("FCKEditorSimpleUploadServlet");
248 u.servletIsDeprecated("uuidRequestDispatcher");
249 u.filterIsDeprecated("info.magnolia.cms.filters.MagnoliaManagedFilter", "info.magnolia.cms.filters.MgnlMainFilter");
250 u.filterMustBeRegisteredWithCorrectDispatchers("info.magnolia.cms.filters.MgnlMainFilter");
251 u.listenerIsDeprecated("info.magnolia.cms.servlets.PropertyInitializer", "info.magnolia.cms.servlets.MgnlServletContextListener");
252 u.listenerIsDeprecated("info.magnolia.cms.beans.config.ShutdownManager", "info.magnolia.cms.servlets.MgnlServletContextListener");
253 final WorkspaceXmlConditionsUtil u2 = new WorkspaceXmlConditionsUtil(conditions);
254 u2.textFilterClassesAreNotSet();
255
256 conditions.add(new SystemTmpDirCondition());
257 conditions.add(new NoSameNameSiblingsCondition(repositoryManager));
258
259 return conditions;
260 }
261 }
262