1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.setup;
35
36 import info.magnolia.cms.security.Permission;
37 import info.magnolia.commands.impl.MarkNodeAsDeletedCommand;
38 import info.magnolia.jcr.util.NodeNameHelper;
39 import info.magnolia.jcr.util.NodeTypes;
40 import info.magnolia.module.AbstractModuleVersionHandler;
41 import info.magnolia.module.InstallContext;
42 import info.magnolia.module.delta.AddURIPermissionTask;
43 import info.magnolia.module.delta.AddUsersPermissionTask;
44 import info.magnolia.module.delta.ArrayDelegateTask;
45 import info.magnolia.module.delta.BootstrapConditionally;
46 import info.magnolia.module.delta.BootstrapSingleModuleResource;
47 import info.magnolia.module.delta.BootstrapSingleResource;
48 import info.magnolia.module.delta.CheckAndModifyPropertyValueTask;
49 import info.magnolia.module.delta.Condition;
50 import info.magnolia.module.delta.DeltaBuilder;
51 import info.magnolia.module.delta.FindAndChangeTemplateIdTask;
52 import info.magnolia.module.delta.FixUserRolePermissionsPropertyTask;
53 import info.magnolia.module.delta.MoveAndRenamePropertyTask;
54 import info.magnolia.module.delta.NoSameNameSiblingsCondition;
55 import info.magnolia.module.delta.NodeExistsDelegateTask;
56 import info.magnolia.module.delta.OrderFilterBeforeTask;
57 import info.magnolia.module.delta.OrderNodeBeforeTask;
58 import info.magnolia.module.delta.PartialBootstrapTask;
59 import info.magnolia.module.delta.PathExistenceDelegateTask;
60 import info.magnolia.module.delta.PropertyExistsDelegateTask;
61 import info.magnolia.module.delta.PropertyValueDelegateTask;
62 import info.magnolia.module.delta.QueryElementsAndDisplayWarningTask;
63 import info.magnolia.module.delta.RemoveInstallFilesTask;
64 import info.magnolia.module.delta.RemoveNodeTask;
65 import info.magnolia.module.delta.RemovePermissionTask;
66 import info.magnolia.module.delta.SetPropertyTask;
67 import info.magnolia.module.delta.Task;
68 import info.magnolia.module.delta.WarnTask;
69 import info.magnolia.module.delta.WebXmlConditionsUtil;
70 import info.magnolia.module.delta.WorkspaceXmlConditionsUtil;
71 import info.magnolia.objectfactory.Components;
72 import info.magnolia.repository.RepositoryConstants;
73 import info.magnolia.repository.RepositoryManager;
74 import info.magnolia.setup.for5_0.CheckOrCreateLastActivatedPropertyTask;
75 import info.magnolia.setup.for5_0.ConvertMetaDataUpdateTask;
76 import info.magnolia.setup.for5_0.Register50NodeTypeTask;
77 import info.magnolia.setup.for5_0.RemoveMetaDataInNodeTypeDefinitionTask;
78 import info.magnolia.setup.for5_2.AddActivatableMixinForContentNodeTask;
79 import info.magnolia.setup.for5_2.GrantReadPermissionToRolesTask;
80 import info.magnolia.setup.for5_2.IsNotAProblematicEnvironmentCondition;
81 import info.magnolia.setup.for5_2.RemoveOpenWFEPermissionsTask;
82 import info.magnolia.setup.initial.GenericTasks;
83
84 import java.util.ArrayList;
85 import java.util.Arrays;
86 import java.util.List;
87
88 import javax.inject.Inject;
89 import javax.jcr.ImportUUIDBehavior;
90
91 import com.google.common.collect.Lists;
92
93
94
95
96
97 public class CoreModuleVersionHandler extends AbstractModuleVersionHandler {
98 public static final String BOOTSTRAP_AUTHOR_INSTANCE_PROPERTY = "magnolia.bootstrap.authorInstance";
99 public static final String SECURITY_BASE_ROLE = "security-base";
100
101
102 private final BootstrapConditionally auditTrailManagerTask = new BootstrapConditionally("New auditory log configuration", "Install new configuration for auditory log manager.", "/mgnl-bootstrap/core/config.server.auditLogging.xml");
103 private final BootstrapSingleResource bootstrapWebContainerResources = new BootstrapSingleResource("Web container resources configuration", "Global configuration which resources are not meant to be handled by Magnolia. For instance JSP files.", "/mgnl-bootstrap/core/config.server.webContainerResources.xml");
104 private final BootstrapSingleModuleResource bootstrapChannelManagement = new BootstrapSingleModuleResource("ChannelManagement configuration", "", "config.server.rendering.channelManagement.xml");
105
106 private final BootstrapSingleModuleResource bootstrapChannelFilter = new BootstrapSingleModuleResource("ChannelFilter configuration", "", "config.server.filters.channel.xml");
107 private final Task placeChannelBeforeLogout = new OrderFilterBeforeTask("channel", new String[]{"logout"});
108
109 private final Task removeObsoleteInstallFiles = new RemoveInstallFilesTask("Remove obsolete dms templates install files", "templates/dms");
110
111 private final RepositoryManager repositoryManager;
112
113
114
115
116 protected static List<String> PERMISSIONS_FOR_LEGACY_PAGES = Arrays.asList(
117 "/.magnolia/pages/messages*",
118 "/.magnolia/pages/installedModulesList*",
119 "/.magnolia/pages/jcrUtils*",
120 "/.magnolia/pages/configuration*",
121 "/.magnolia/pages/logViewer*",
122 "/.magnolia/pages/sendMail*",
123 "/.magnolia/pages/users*",
124 "/.magnolia/pages/activationTools*",
125 "/.magnolia/pages/activationMonitor*",
126 "/.magnolia/pages/groovyInteractiveConsole*",
127 "/.magnolia/pages/migrationReport*",
128 "/.magnolia/pages/backup*",
129 "/.magnolia/pages/allModulesList*",
130 "/.magnolia/pages/cacheTools*",
131 "/.magnolia/pages/flows*",
132 "/.magnolia/pages/import*",
133 "/.magnolia/pages/export*",
134 "/.magnolia/pages/permission*",
135 "/.magnolia/pages/developmentUtils*"
136 );
137
138 protected Task updateSecurityBaseRolePermissions() {
139 ArrayDelegateTask permissionsTask = new ArrayDelegateTask("Update security-base role", "Disallows access to some sensitive URIs and grants basic access to AdminCentral.");
140 for (String path : PERMISSIONS_FOR_LEGACY_PAGES) {
141 permissionsTask.addTask(new RemovePermissionTask("", SECURITY_BASE_ROLE, "uri", path, AddURIPermissionTask.DENY));
142 }
143 permissionsTask.addTask(new RemovePermissionTask("", SECURITY_BASE_ROLE, RepositoryConstants.USER_ROLES, "/" + SECURITY_BASE_ROLE, Permission.READ));
144 return permissionsTask;
145 }
146
147 @Inject
148 public CoreModuleVersionHandler(RepositoryManager repositoryManager, NodeNameHelper nodeNameHelper) {
149 super();
150 this.repositoryManager = repositoryManager;
151
152 register(DeltaBuilder.checkPrecondition("4.5", "5.0"));
153
154 register(DeltaBuilder.update("4.5.2", "")
155 .addTask(new PropertyExistsDelegateTask("Fix property name", "", RepositoryConstants.CONFIG, "/server/security/userManagers/system", "realName", new MoveAndRenamePropertyTask("Fix propertyName", "/server/security/userManagers/system", "realName", "/server/security/userManagers/system", "realmName")))
156 .addTask(new PropertyExistsDelegateTask("Fix property name", "", RepositoryConstants.CONFIG, "/server/security/userManagers/admin", "realName", new MoveAndRenamePropertyTask("Fix propertyName", "/server/security/userManagers/admin", "realName", "/server/security/userManagers/admin", "realmName"))));
157
158 register((DeltaBuilder.update("4.5.9", ""))
159 .addTask(new NodeExistsDelegateTask("AuditLogging configurations", "Add auditLogging configurations for delete action", "config", "/server/auditLogging/logConfigurations/delete", null, new PartialBootstrapTask("", "", "/mgnl-bootstrap/core/config.server.auditLogging.xml", "/auditLogging/logConfigurations/delete", ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW)))
160 .addTask(new CheckAndModifyPropertyValueTask("AuditLogging configurations", "Change auditLogging class", "config", "/server/auditLogging", "class", "info.magnolia.logging.AuditLoggingManager", "info.magnolia.audit.AuditLoggingManager")));
161
162 register(DeltaBuilder.update("5.0", "")
163 .addTask(new Register50NodeTypeTask("Register the new M5 node Type", "", RepositoryConstants.CONFIG))
164 .addTask(new RemoveMetaDataInNodeTypeDefinitionTask("Un register the metaData child node", "", RepositoryConstants.CONFIG))
165 .addTask(new ConvertMetaDataUpdateTask("Convert MetaData Task", "Remove the metaData sub node and replace them with mixIn when appropriate"))
166 .addTask(new RemoveNodeTask("Remove PageEditorServlet", "Remove obsolete PageEditorServlet configuration.", RepositoryConstants.CONFIG, "/server/filters/servlets/PageEditorServlet"))
167 .addTask(new RemoveNodeTask("Remove obsolete 'templating-editor' configuration", "", RepositoryConstants.CONFIG, "/modules/magnolia-templating-editor"))
168 .addTask(new BootstrapSingleModuleResource("Bootstrap link transformers", "Bootstrap 'server/rendering/linkManagement/transformers", "config.server.rendering.linkManagement.xml", "/linkManagement/transformers")));
169 register((DeltaBuilder.update("5.0.1", ""))
170 .addTask(new CheckAndModifyPropertyValueTask("MIMEMapping", "Change xsl extension mime-type from text/xml to application/xml", RepositoryConstants.CONFIG, "/server/MIMEMapping/xsl", "mime-type", "text/xml", "application/xml"))
171 .addTask(new CheckAndModifyPropertyValueTask("MIMEMapping", "Change xml extension mime-type from text/xml to application/xml", RepositoryConstants.CONFIG, "/server/MIMEMapping/xml", "mime-type", "text/xml", "application/xml")));
172 register((DeltaBuilder.update("5.0.3", ""))
173 .addTask(new BootstrapSingleModuleResource("JSON", "Add JSON mime-type", "config.server.MIMEMapping.xml", "/MIMEMapping/json")));
174 register((DeltaBuilder.update("5.1", ""))
175 .addTask(new WarnTask("respectOrderDocument parameter", "As of Magnolia 5.1, the respectOrderDocument parameter has been reintroduced in repo config files and set to true by default. You will need to set it manually for each workspace in your installation. Please, refer to the release notes for more details."))
176 .addTask(new RemoveNodeTask("Remove intercept filter", "Removes no longer used intercept filter.", RepositoryConstants.CONFIG, "/server/filters/cms/intercept")));
177 register((DeltaBuilder.update("5.1.1", ""))
178 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the user superuser", "Set mgnl:lastActivated date of the user superuser (if not set yet)", RepositoryConstants.USERS, "/system/superuser",
179 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USERS, "/system/superuser")))
180 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the user anonymous", "Set mgnl:lastActivated date of the user anonymous (if not set yet)", RepositoryConstants.USERS, "/system/anonymous",
181 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USERS, "/system/anonymous")))
182 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the superuser role", "Set mgnl:lastActivated date of the superuser role (if not set yet)", RepositoryConstants.USER_ROLES, "/superuser",
183 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USER_ROLES, "/superuser")))
184 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the anonymous role", "Set mgnl:lastActivated date of the anonymous role (if not set yet)", RepositoryConstants.USER_ROLES, "/anonymous",
185 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USER_ROLES, "/anonymous")))
186 .addTask(new NodeExistsDelegateTask("Set mgnl:lastActivated date of the security-base role", "Set mgnl:lastActivated date of the security-base role (if not set yet)", RepositoryConstants.USER_ROLES, "/security-base",
187 new CheckOrCreateLastActivatedPropertyTask("", "", RepositoryConstants.USER_ROLES, "/security-base")))
188 .addTask(new FindAndChangeTemplateIdTask("Change template id mgnlDelete", "Change template id mgnlDeleted to ui-admincentral:deleted for all content marked as deleted in website repository", RepositoryConstants.WEBSITE, "mgnlDeleted", MarkNodeAsDeletedCommand.DELETED_NODE_TEMPLATE))
189 .addTask(new FindAndChangeTemplateIdTask("Change template id adminInterface:mgnlDeleted", "Change template id adminInterface:mgnlDeleted to ui-admincentral:deleted for all content marked as deleted in website repository", RepositoryConstants.WEBSITE, "adminInterface:mgnlDeleted", MarkNodeAsDeletedCommand.DELETED_NODE_TEMPLATE)));
190 register((DeltaBuilder.update("5.1.2", ""))
191 .addTask(new ChangeNodeTypeOfSubAppsTask("Change primary node type of subapps", "If primary node type of subapps node is set to " + NodeTypes.Content.NAME + " then change it to " + NodeTypes.ContentNode.NAME))
192 .addTask(new BootstrapSingleModuleResource("Anonymous user", "Change anonymous user permission. He can't have write access to himself.", "users.system.anonymous.xml", "/anonymous/acl_users")));
193
194 register((DeltaBuilder.update("5.2.1", ""))
195 .addTask(new RemoveOpenWFEPermissionsTask("Find and remove all openWFE permissions from the userroles workspace", ""))
196 .addTask(new GrantReadPermissionToRolesTask("Set read-permission to role itself", "If a role do not have a read permission to itself, add it")));
197 register((DeltaBuilder.update("5.2.2", ""))
198 .addTask(removeObsoleteInstallFiles)
199 .addTask(new AddActivatableMixinForContentNodeTask("Add the mixIn '" + NodeTypes.Activatable.NAME + "' to the '" + NodeTypes.ContentNode.NAME + "' node type definition", "", RepositoryConstants.CONFIG)));
200 register((DeltaBuilder.update("5.2.3", ""))
201 .addTask(new RemovePermissionTask("Remove 'anonymous' role permission", "anonymous", RepositoryConstants.USER_ROLES, "/anonymous", Permission.READ)));
202
203 register((DeltaBuilder.update("5.3.2", ""))
204 .addTask(new NodeExistsDelegateTask("Add csrfSecurity Filter", "/server/filters/csrfSecurity",
205
206 new PathExistenceDelegateTask("Add csrfSecurity Filter", "", new String[]{"/server/filters/csrfSecurity/bypasses/BypassWhenVaadinRequest"}, new String[]{"/server/filters/csrfSecurity/bypasses/BypassWhenNotInAdminCentral", "/server/filters/csrfSecurity/bypasses/BypassWhenNotAuthenticated", "/server/filters/csrfSecurity/bypasses/BypassWhenNoQueryParameters"},
207 new PartialBootstrapTask("Add csrfSecurity Filter", "", "/mgnl-bootstrap/core/config.server.filters.xml", "/filters/csrfSecurity/bypasses/BypassWhenVaadinRequest", ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW)),
208
209 new PartialBootstrapTask("Add csrfSecurity Filter", "", "/mgnl-bootstrap/core/config.server.filters.xml", "/filters/csrfSecurity", ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW)))
210 .addTask(new NodeExistsDelegateTask("Order csrfSecurity Filter", "Put csrfSecurity before uriSecurity Filter.", RepositoryConstants.CONFIG, "/server/filters/uriSecurity",
211 new OrderNodeBeforeTask("Order csrfSecurity Filter", "Put csrfSecurity before uriSecurity Filter.", RepositoryConstants.CONFIG, "/server/filters/csrfSecurity", "uriSecurity"),
212 new WarnTask("CSRF Security Filter is inactive.", "CSRF Security Filter inactive. The installed csrfFilter would normally be ordered before the uriSecurity filter, but could not be moved there as a uriFilter node does not exist in the /server/filters node. The installed csrfFilter must be moved up the filters list manually.")))
213 .addTask(new NodeExistsDelegateTask("Add csrfSecurity Filter", "/server/auditLogging/logConfigurations/security", null,
214 new PartialBootstrapTask("Add 'security' AuditLogging logConfiguration.", "", "/mgnl-bootstrap/core/config.server.auditLogging.xml", "/auditLogging/logConfigurations/security", ImportUUIDBehavior.IMPORT_UUID_CREATE_NEW))));
215
216 register((DeltaBuilder.update("5.3.5", ""))
217
218 .addTask(new FixUserRolePermissionsPropertyTask("/superuser")));
219
220 register((DeltaBuilder.update("5.4.1", ""))
221 .addTask(updateSecurityBaseRolePermissions()));
222
223 register((DeltaBuilder.update("5.4.3", ""))
224 .addTask(new PropertyValueDelegateTask("Change MIME mapping of Javascript resources", "/server/MIMEMapping/js", "mime-type", "application/x-javascript", true,
225 new SetPropertyTask("config", "/server/MIMEMapping/js", "mime-type", "application/javascript"))));
226
227 register((DeltaBuilder.update("5.4.5", ""))
228 .addTask(new BootstrapSingleModuleResource("Add mime mapping for .map", "Add mime mapping for .map", "config.server.MIMEMapping.xml", "/MIMEMapping/map")));
229
230 register((DeltaBuilder.update("5.4.6", ""))
231 .addTask(new QueryElementsAndDisplayWarningTask("Check SimpleUrlPatterns in user roles",
232 "SimpleUrlPattern no longer misinterprets dots as regular expression wildcard characters. User roles will be checked whether they are affected.",
233 RepositoryConstants.USER_ROLES, "SELECT * FROM [nt:base] WHERE path LIKE '%.%'", NodeTypes.Role.NAME,
234 "SimpleUrlPattern no longer misinterprets dots as regular expression wildcard characters. As a result, the following roles might need your attention:\n%s" +
235 "\nRead more at http://documentation.magnolia-cms.com/display/DOCS/Release+notes+for+Magnolia+5.4.6.",
236 Lists.newArrayList("/rest", "/security-base", "/anonymous", "/forum_ALL-moderator", "/forum_ALL-user", "/forum_ALL-admin", "/public-user-registration-base"))));
237
238 register((DeltaBuilder.update("5.4.7", ""))
239 .addTask(new AddUsersPermissionTask("Allow users to edit their timezone setting", "/admin", RepositoryConstants.USERS, AddUsersPermissionTask.USER_PATH_REPLACEMENT + "/timezone", Permission.ALL, nodeNameHelper)));
240
241 register(DeltaBuilder.update("5.4.8", "")
242 .addTask(new NodeExistsDelegateTask("If exists, remove legacy log4j servlet", "/server/filters/servlets/log4j", new RemoveNodeTask("", "/server/filters/servlets/log4j"))));
243
244 register(DeltaBuilder.update("5.4.9", "")
245 .addTask(new AddActivatableMixinForMgnlResourceTask("Update mgnl:resource node type", "Add mgnl:activatable mixin to the mgnl:resource node type", RepositoryConstants.WEBSITE))
246 );
247
248 register(DeltaBuilder.update("5.5", "")
249 .addTask(new MigrateVersionWorkspacesToNewStructureTask(repositoryManager))
250 .addTasks(getLockableMixinAdditionTasksForAllWorkspaces())
251 .addTask(new NodeExistsDelegateTask("Add korean language into system languages", "/server/i18n/system/ko", null,
252 new BootstrapSingleModuleResource("", "", "config.server.i18n.system.xml", "/system/languages/ko")))
253 );
254
255 register(DeltaBuilder.update("5.5.4", "")
256 .addTask(new BootstrapSingleModuleResource("Add mime mapping for YAML", "Add mime mapping for YAML", "config.server.MIMEMapping.xml", "/MIMEMapping/x-yaml"))
257 .addTask(new RenameVersionNodesTask(repositoryManager))
258 );
259 }
260
261
262
263
264 @Deprecated
265 public CoreModuleVersionHandler(RepositoryManager repositoryManager) {
266 this(repositoryManager, Components.getComponent(NodeNameHelper.class));
267 }
268
269 private List<Task> getLockableMixinAdditionTasksForAllWorkspaces() {
270 List<Task> tasks = Lists.newArrayList();
271 for (String workspaceName : repositoryManager.getWorkspaceNames()) {
272 tasks.add(new AddLockableMixinToVersionableMixinTask("",
273 "Adding lockable mixing as supertype to versionable mixin for workspace '{" + workspaceName + "}'", workspaceName));
274 tasks.add(new AddLockableMixinToActivatableMixinTask("",
275 "Adding lockable mixing as supertype to activatable mixin for workspace '{" + workspaceName + "}'", workspaceName));
276 }
277 return tasks;
278 }
279
280 @Override
281 protected List<Task> getBasicInstallTasks(InstallContext ctx) {
282 final List<Task> tasks = new ArrayList<>();
283 tasks.addAll(GenericTasks.genericTasksForNewInstallation());
284 tasks.add(auditTrailManagerTask);
285 tasks.add(bootstrapWebContainerResources);
286 tasks.add(new BootstrapConditionally("Security", "Bootstraps security-base role.", "/mgnl-bootstrap/core/userroles.security-base.xml"));
287
288 tasks.add(new HashUsersPasswords());
289 tasks.add(bootstrapChannelManagement);
290 tasks.add(bootstrapChannelFilter);
291 tasks.add(placeChannelBeforeLogout);
292
293 return tasks;
294 }
295
296 @Override
297 protected List<Condition> getInstallConditions() {
298 final List<Condition> conditions = new ArrayList<>();
299
300 conditions.add(new IsNotAProblematicEnvironmentCondition());
301
302 final WebXmlConditionsUtil u = new WebXmlConditionsUtil(conditions);
303 u.servletIsNowWrapped("ActivationHandler");
304 u.servletIsNowWrapped("AdminTreeServlet");
305 u.servletIsNowWrapped("classpathspool");
306 u.servletIsNowWrapped("DialogServlet");
307 u.servletIsNowWrapped("PageServlet");
308 u.servletIsNowWrapped("log4j");
309 u.servletIsNowWrapped("FCKEditorSimpleUploadServlet");
310 u.servletIsDeprecated("uuidRequestDispatcher");
311 u.filterIsDeprecated("info.magnolia.cms.filters.MagnoliaManagedFilter", "info.magnolia.cms.filters.MgnlMainFilter");
312 u.filterMustBeRegisteredWithCorrectDispatchers("info.magnolia.cms.filters.MgnlMainFilter");
313 u.listenerIsDeprecated("info.magnolia.cms.servlets.PropertyInitializer", "info.magnolia.cms.servlets.MgnlServletContextListener");
314 u.listenerIsDeprecated("info.magnolia.cms.beans.config.ShutdownManager", "info.magnolia.cms.servlets.MgnlServletContextListener");
315 final WorkspaceXmlConditionsUtil u2 = new WorkspaceXmlConditionsUtil(conditions);
316 u2.textFilterClassesAreNotSet();
317
318 conditions.add(new SystemTmpDirCondition());
319 conditions.add(new NoSameNameSiblingsCondition(repositoryManager));
320
321 return conditions;
322 }
323 }
324