Initial code commit for the ServiceUser WebConsole for SLING-7368
authorDan Klco <daniel.klco@gmail.com>
Fri, 12 Jan 2018 19:47:28 +0000 (14:47 -0500)
committerDan Klco <daniel.klco@gmail.com>
Fri, 12 Jan 2018 19:47:28 +0000 (14:47 -0500)
.gitignore [new file with mode: 0644]
LICENSE [new file with mode: 0644]
README.md [new file with mode: 0644]
pom.xml [new file with mode: 0644]
src/main/java/org/apache/sling/serviceuser/webconsole/impl/ServiceUserWebConsolePlugin.java [new file with mode: 0644]
src/main/java/org/apache/sling/serviceuser/webconsole/package-info.java [new file with mode: 0644]
src/main/resources/res/ui/serviceusermanager.js [new file with mode: 0644]

diff --git a/.gitignore b/.gitignore
new file mode 100644 (file)
index 0000000..5b783ed
--- /dev/null
@@ -0,0 +1,17 @@
+/target
+.idea
+.classpath
+.metadata
+.project
+.settings
+.externalToolBuilders
+maven-eclipse.xml
+*.swp
+*.iml
+*.ipr
+*.iws
+*.bak
+.vlt
+.DS_Store
+jcr.log
+atlassian-ide-plugin.xml
diff --git a/LICENSE b/LICENSE
new file mode 100644 (file)
index 0000000..d645695
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/README.md b/README.md
new file mode 100644 (file)
index 0000000..ea34da6
--- /dev/null
+++ b/README.md
@@ -0,0 +1,3 @@
+# Apache Sling Service User Console
+
+This module is part of the [Apache Sling](https://sling.apache.org) project.
diff --git a/pom.xml b/pom.xml
new file mode 100644 (file)
index 0000000..1b39b13
--- /dev/null
+++ b/pom.xml
@@ -0,0 +1,154 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+    
+    http://www.apache.org/licenses/LICENSE-2.0
+    
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.apache.sling</groupId>
+        <artifactId>sling</artifactId>
+        <version>30</version>
+        <relativePath />
+    </parent>
+
+    <artifactId>org.apache.sling.serviceuser.webconsole</artifactId>
+    <packaging>bundle</packaging>
+    <version>1.0.0-SNAPSHOT</version>
+
+    <name>Apache Sling Service User Web Console</name>
+    <description>
+        Provides an OSGi Web Console for creating, updating and viewing Service Users.
+    </description>
+
+    <scm>
+        <connection>scm:git:https://gitbox.apache.org/repos/asf/sling-org-apache-sling-serviceuser-webconsole.git</connection>
+        <developerConnection>scm:git:https://gitbox.apache.org/repos/asf/sling-org-apache-sling-serviceuser-webconsole.git</developerConnection>
+        <url>https://gitbox.apache.org/repos/asf?p=sling-org-apache-sling-serviceuser-webconsole.git</url>
+      <tag>HEAD</tag>
+  </scm>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-bundle-plugin</artifactId>
+                <extensions>true</extensions>
+                <configuration>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-javadoc-plugin</artifactId>
+                <configuration>
+                    <excludePackageNames>
+                        org.apache.sling.serviceuser.console.impl
+                    </excludePackageNames>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+    <dependencies>
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.api</artifactId>
+            <version>2.5.0</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+                       <artifactId>org.apache.sling.serviceusermapper</artifactId>
+                       <version>1.3.7-SNAPSHOT</version>
+            <scope>provided</scope>
+        </dependency>
+        
+        <!-- JCR Specific items -->
+        <dependency>
+            <groupId>org.apache.jackrabbit</groupId>
+            <artifactId>jackrabbit-api</artifactId>
+            <version>2.10.6</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.jcr</groupId>
+            <artifactId>jcr</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.jcr.base</artifactId>
+            <version>2.1.0</version>
+            <scope>provided</scope>
+        </dependency>
+  
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.osgi</groupId>
+            <artifactId>osgi.core</artifactId>
+        </dependency>
+        <dependency>
+               <groupId>org.osgi</groupId>
+               <artifactId>org.osgi.compendium</artifactId>
+               <version>4.2.0</version>
+               <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <version>3.3.2</version>
+            <scope>provided</scope>
+        </dependency>
+        
+        <!-- Webconsole Dependencies -->
+        <dependency>
+            <groupId>org.apache.felix</groupId>
+            <artifactId>org.apache.felix.webconsole</artifactId>
+            <version>4.2.0</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.sling</groupId>
+            <artifactId>org.apache.sling.xss</artifactId>
+            <version>1.0.0</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- Testing -->
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-simple</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-all</artifactId>
+            <version>1.9.5</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+</project>
diff --git a/src/main/java/org/apache/sling/serviceuser/webconsole/impl/ServiceUserWebConsolePlugin.java b/src/main/java/org/apache/sling/serviceuser/webconsole/impl/ServiceUserWebConsolePlugin.java
new file mode 100644 (file)
index 0000000..fd9ab5f
--- /dev/null
@@ -0,0 +1,905 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.sling.serviceuser.webconsole.impl;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.lang.reflect.Array;
+import java.net.URLEncoder;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.Property;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.jcr.nodetype.NodeType;
+import javax.jcr.query.Query;
+import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlList;
+import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.AccessControlPolicy;
+import javax.jcr.security.Privilege;
+import javax.servlet.Servlet;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.ArrayUtils;
+import org.apache.commons.lang3.ObjectUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.tuple.ImmutablePair;
+import org.apache.commons.lang3.tuple.Pair;
+import org.apache.felix.webconsole.SimpleWebConsolePlugin;
+import org.apache.felix.webconsole.WebConsoleConstants;
+import org.apache.felix.webconsole.WebConsoleUtil;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.sling.api.resource.ModifiableValueMap;
+import org.apache.sling.api.resource.PersistenceException;
+import org.apache.sling.api.resource.Resource;
+import org.apache.sling.api.resource.ResourceResolver;
+import org.apache.sling.api.resource.ResourceUtil;
+import org.apache.sling.api.resource.ValueMap;
+import org.apache.sling.jcr.base.util.AccessControlUtil;
+import org.apache.sling.serviceusermapping.Mapping;
+import org.apache.sling.serviceusermapping.ServiceUserMapper;
+import org.apache.sling.xss.XSSAPI;
+import org.osgi.framework.Bundle;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.Constants;
+import org.osgi.service.component.ComponentContext;
+import org.osgi.service.component.annotations.Activate;
+import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.Reference;
+import org.osgi.service.component.annotations.ReferencePolicyOption;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Web console plugin to test configuration resolution.
+ */
+@Component(service = Servlet.class, property = {
+               Constants.SERVICE_DESCRIPTION + "=Apache Sling Service User Manager Web Console Plugin",
+               WebConsoleConstants.PLUGIN_LABEL + "=" + ServiceUserWebConsolePlugin.LABEL,
+               WebConsoleConstants.PLUGIN_TITLE + "=" + ServiceUserWebConsolePlugin.TITLE,
+               WebConsoleConstants.PLUGIN_CATEGORY + "=Sling" })
+@SuppressWarnings("serial")
+public class ServiceUserWebConsolePlugin extends SimpleWebConsolePlugin {
+
+       public ServiceUserWebConsolePlugin() {
+               super(LABEL, TITLE, "Sling", new String[0]);
+       }
+
+       public static final String COMPONENT_NAME = "org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended";
+       public static final String LABEL = "serviceusers";
+       public static final String TITLE = "Service Users";
+
+       public static final String PN_ACTION = "action";
+       public static final String PN_ALERT = "alert";
+       public static final String PN_APP_PATH = "appPath";
+       public static final String PN_BUNDLE = "bundle";
+       public static final String PN_NAME = "name";
+       public static final String PN_SUB_SERVICE = "subService";
+       public static final String PN_USER = "user";
+       public static final String PN_USER_PATH = "userPath";
+
+       private static final Logger log = LoggerFactory.getLogger(ServiceUserWebConsolePlugin.class);
+
+       private BundleContext bundleContext;
+
+       @Reference(policyOption = ReferencePolicyOption.GREEDY)
+       private XSSAPI xss;
+
+       @Reference
+       private ServiceUserMapper mapper;
+
+       private boolean createOrUpdateMapping(HttpServletRequest request, ResourceResolver resolver) {
+
+               String appPath = getParameter(request, PN_APP_PATH, "");
+
+               Iterator<Resource> configs = resolver.findResources("SELECT * FROM [sling:OsgiConfig] WHERE ISDESCENDANTNODE(["
+                               + appPath + "]) AND NAME() LIKE '" + COMPONENT_NAME + "%'", Query.JCR_SQL2);
+
+               try {
+                       boolean dirty = false;
+                       Resource config = null;
+                       if (configs.hasNext()) {
+
+                               config = configs.next();
+                               log.debug("Using existing configuration {}", config);
+                       } else {
+                               String path = appPath + "/config/" + COMPONENT_NAME + "-" + appPath.substring(appPath.lastIndexOf('/'));
+                               log.debug("Creating new configuration {}", path);
+                               config = ResourceUtil.getOrCreateResource(resolver, path, new HashMap<String, Object>() {
+                                       {
+                                               put(Property.JCR_PRIMARY_TYPE, "sling:OsgiConfig");
+                                       }
+                               }, NodeType.NT_FOLDER, false);
+                               dirty = true;
+                       }
+
+                       String bundle = getParameter(request, PN_BUNDLE, "");
+                       String subService = getParameter(request, PN_SUB_SERVICE, "");
+                       String name = getParameter(request, PN_NAME, "");
+                       String mapping = bundle + (StringUtils.isNotBlank(subService) ? ":" + subService : "") + "=" + name;
+
+                       ModifiableValueMap properties = config.adaptTo(ModifiableValueMap.class);
+                       String[] mappings = properties.get("user.mapping", new String[0]);
+                       if (!ArrayUtils.contains(mappings, mapping)) {
+                               log.debug("Adding {} into service user mapping", mapping);
+                               List<String> m = new ArrayList<String>();
+                               m.addAll(Arrays.asList(mappings));
+                               m.add(mapping);
+                               properties.put("user.mapping", m.toArray(new String[m.size()]));
+                               dirty = true;
+                       } else {
+                               log.debug("Already found {} in service user mapping", mapping);
+                       }
+                       if (dirty) {
+                               log.debug("Saving changes to osgi config");
+                               resolver.commit();
+                       }
+               } catch (PersistenceException e) {
+                       log.warn("Exception creating service mapping", e);
+                       return false;
+               }
+
+               return true;
+       }
+
+       @Override
+       protected void doPost(HttpServletRequest request, HttpServletResponse response)
+                       throws ServletException, IOException {
+               log.debug("Creating service user");
+
+               if (StringUtils.isBlank(getParameter(request, PN_NAME, ""))
+                               || StringUtils.isBlank(getParameter(request, PN_BUNDLE, ""))
+                               || StringUtils.isBlank(getParameter(request, PN_APP_PATH, ""))) {
+                       sendErrorRedirect(request, response, "Missing required parameters!");
+                       return;
+               }
+
+               ResourceResolver resolver = getResourceResolver(request);
+               if (resolver == null) {
+                       log.warn("Unable to get serviceresolver from request!");
+                       sendErrorRedirect(request, response, "Unable to get serviceresolver from request!");
+                       return;
+               } else {
+                       Resource userResource = getOrCreateServiceUser(request, resolver);
+                       if (userResource == null) {
+                               log.warn("Unable to create service user!");
+                               sendErrorRedirect(request, response, "Unable to create service user!");
+                               return;
+                       } else {
+                               if (createOrUpdateMapping(request, resolver)) {
+                                       if (updatePrivileges(request, resolver)) {
+                                               List<String> params = new ArrayList<String>();
+                                               params.add(PN_ACTION + "=" + "details");
+                                               params.add(PN_ALERT + "="
+                                                               + URLEncoder.encode(
+                                                                               "Service user " + userResource.getName() + " created / updated successfully!",
+                                                                               "UTF-8"));
+                                               params.add(PN_USER + "=" + URLEncoder.encode(userResource.getName(), "UTF-8"));
+
+                                               WebConsoleUtil.sendRedirect(request, response,
+                                                               "/system/console/" + LABEL + "?" + StringUtils.join(params, "&"));
+                                       } else {
+                                               sendErrorRedirect(request, response, "Unable to update service user permissions!");
+                                       }
+                               } else {
+                                       sendErrorRedirect(request, response, "Unable to create service user mapping!");
+                               }
+                       }
+               }
+
+       }
+
+       private boolean updatePrivileges(HttpServletRequest request, ResourceResolver resolver) {
+
+               List<Pair<String, String>> privileges = this.getPrivileges(request);
+               String name = getParameter(request, PN_NAME, "");
+
+               List<String> currentPolicies = new ArrayList<String>();
+               findACLs(resolver, name, currentPolicies);
+               for (int i = 0; i < currentPolicies.size(); i++) {
+                       String path = StringUtils.substringBefore(currentPolicies.get(i), "/rep:policy");
+                       currentPolicies.set(i, StringUtils.isNotBlank(path) ? path : "/");
+               }
+               log.debug("Loaded current policy paths: {}", currentPolicies);
+
+               Map<String, List<String>> toSet = new HashMap<String, List<String>>();
+               for (Pair<String, String> privilege : privileges) {
+                       if (!toSet.containsKey(privilege.getKey())) {
+                               toSet.put(privilege.getKey(), new ArrayList<String>());
+                       }
+                       toSet.get(privilege.getKey()).add(privilege.getValue());
+               }
+               log.debug("Loaded updated policy paths: {}", currentPolicies);
+
+               String lastEntry = null;
+
+               try {
+
+                       Session session = resolver.adaptTo(Session.class);
+                       AccessControlManager accessManager = session.getAccessControlManager();
+                       PrincipalManager principalManager = AccessControlUtil.getPrincipalManager(session);
+
+                       for (Entry<String, List<String>> pol : toSet.entrySet()) {
+                               lastEntry = pol.getKey();
+                               currentPolicies.remove(pol.getKey());
+                               log.debug("Updating policies for {}", pol.getKey());
+
+                               AccessControlPolicy[] policies = accessManager.getPolicies(pol.getKey());
+                               List<String> toRemove = new ArrayList<String>();
+                               for (AccessControlPolicy p : policies) {
+                                       if (p instanceof AccessControlList) {
+                                               AccessControlList policy = (AccessControlList) p;
+                                               for (AccessControlEntry entry : policy.getAccessControlEntries()) {
+                                                       Principal prin = entry.getPrincipal();
+                                                       if (prin.getName().equals(name)) {
+                                                               for (Privilege privilege : entry.getPrivileges()) {
+                                                                       if (!pol.getValue().contains(privilege.getName())) {
+                                                                               log.debug("Removing privilege {}", privilege);
+                                                                               toRemove.add(privilege.getName());
+                                                                       }
+                                                               }
+                                                       }
+                                               }
+                                       }
+                               }
+                               Principal principal = principalManager.getPrincipal(name);
+                               AccessControlUtil.replaceAccessControlEntry(session, pol.getKey(), principal,
+                                               pol.getValue().toArray(new String[pol.getValue().size()]), new String[0],
+                                               toRemove.toArray(new String[toRemove.size()]), null);
+                       }
+                       session.save();
+
+                       for (String oldPolicy : currentPolicies) {
+                               boolean removed = false;
+                               log.debug("Removing policy for {}", oldPolicy);
+                               AccessControlPolicy[] policies = accessManager.getPolicies(oldPolicy);
+                               AccessControlEntry toRemove = null;
+                               for (AccessControlPolicy p : policies) {
+                                       if (p instanceof AccessControlList) {
+                                               AccessControlList policy = (AccessControlList) p;
+                                               for (AccessControlEntry entry : policy.getAccessControlEntries()) {
+                                                       Principal prin = entry.getPrincipal();
+                                                       if (prin.getName().equals(name)) {
+                                                               toRemove = entry;
+                                                               break;
+                                                       }
+                                               }
+                                               if (toRemove != null) {
+                                                       removed = true;
+                                                       policy.removeAccessControlEntry(toRemove);
+                                                       accessManager.setPolicy(oldPolicy, policy);
+                                                       session.save();
+                                                       log.debug("Removed access control entry {}", toRemove);
+                                               }
+                                       }
+                               }
+                               if (!removed) {
+                                       log.warn("No policy found for {}", oldPolicy);
+                               }
+                       }
+               } catch (RepositoryException e) {
+                       log.error("Exception updating principals with {}, failed on {}", toSet, lastEntry, e);
+                       return false;
+               }
+
+               return true;
+       }
+
+       private List<String> extractPrincipals(Mapping mapping) {
+               List<String> principals = new ArrayList<String>();
+               String userName = mapping.map(mapping.getServiceName(), mapping.getSubServiceName());
+               if (StringUtils.isNotBlank(userName)) {
+                       principals.add(userName);
+               }
+               Iterable<String> ps = mapping.mapPrincipals(mapping.getServiceName(), mapping.getSubServiceName());
+               if (ps != null) {
+                       for (String principal : ps) {
+                               principals.add(principal);
+                       }
+               }
+               return principals;
+       }
+
+       private String[] findACLs(ResourceResolver resolver, String name, List<String> affectedPaths) {
+               List<String> acls = new ArrayList<String>();
+
+               Iterator<Resource> aclResources = resolver.findResources(
+                               "SELECT * FROM [rep:GrantACE] AS s WHERE  [rep:principalName] = '" + name + "'", Query.JCR_SQL2);
+               while (aclResources.hasNext()) {
+                       Resource aclResource = aclResources.next();
+                       affectedPaths.add(aclResource.getPath());
+                       ValueMap properties = aclResource.adaptTo(ValueMap.class);
+                       String acl = aclResource.getPath().substring(0, aclResource.getPath().indexOf("/rep:policy")) + "="
+                                       + StringUtils.join(properties.get("rep:privileges", String[].class), ",");
+                       acls.add(acl);
+               }
+               return acls.toArray(new String[acls.size()]);
+       }
+
+       private Bundle findBundle(String symbolicName, Map<String, Bundle> bundles) {
+               if (bundles.isEmpty()) {
+                       for (Bundle bundle : bundleContext.getBundles()) {
+                               bundles.put(bundle.getSymbolicName(), bundle);
+                       }
+               }
+               return bundles.get(symbolicName);
+       }
+
+       private Object findConfigurations(ResourceResolver resolver, String name, List<String> affectedPaths) {
+               List<String> configurations = new ArrayList<String>();
+
+               Iterator<Resource> configResources = resolver.findResources(
+                               "SELECT * FROM [sling:OsgiConfig] AS s WHERE (ISDESCENDANTNODE([/apps]) OR ISDESCENDANTNODE([/libs])) AND NAME(s) LIKE 'org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended%' AND [user.mapping] LIKE '%="
+                                               + name + "'",
+                               Query.JCR_SQL2);
+               while (configResources.hasNext()) {
+                       Resource configResource = configResources.next();
+                       affectedPaths.add(configResource.getPath());
+                       configurations.add(configResource.getPath());
+               }
+               configResources = resolver.findResources(
+                               "SELECT * FROM [nt:file] AS s WHERE (ISDESCENDANTNODE([/apps]) OR ISDESCENDANTNODE([/libs])) AND NAME(s) LIKE 'org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended%' AND [jcr:content/jcr:data] LIKE '%="
+                                               + name + "%'",
+                               Query.JCR_SQL2);
+               while (configResources.hasNext()) {
+                       Resource configResource = configResources.next();
+                       affectedPaths.add(configResource.getPath());
+                       configurations.add(configResource.getPath());
+               }
+
+               return configurations.toArray();
+       }
+
+       private String[] findMappings(ResourceResolver resolver, String name) {
+               List<String> mappings = new ArrayList<String>();
+               for (Mapping map : mapper.getActiveMappings()) {
+                       if (name.equals(map.map(map.getServiceName(), map.getSubServiceName())) || hasPrincipal(map, name)) {
+                               mappings.add(map.getServiceName()
+                                               + (map.getSubServiceName() != null ? (":" + map.getSubServiceName()) : ""));
+                       }
+               }
+               return mappings.toArray(new String[mappings.size()]);
+       }
+
+       private Collection<String> getBundles() {
+               List<String> bundles = new ArrayList<String>();
+               for (Bundle bundle : bundleContext.getBundles()) {
+                       bundles.add(bundle.getSymbolicName());
+               }
+               Collections.sort(bundles);
+               return bundles;
+       }
+
+       private Resource getOrCreateServiceUser(HttpServletRequest request, ResourceResolver resolver) {
+
+               final String name = getParameter(request, PN_NAME, "");
+
+               Session session = resolver.adaptTo(Session.class);
+               try {
+                       UserManager userManager = AccessControlUtil.getUserManager(session);
+                       if (userManager.getAuthorizable(name) != null) {
+                               Authorizable user = userManager.getAuthorizable(name);
+                               log.debug("Using existing user: {}", user);
+                               return resolver.getResource(user.getPath());
+                       } else {
+
+                               final String userPath = getParameter(request, PN_USER_PATH, "system");
+
+                               log.debug("Creating new user with name {} and intermediate path {}", name, userPath);
+
+                               User user = userManager.createSystemUser(name, userPath);
+                               session.save();
+
+                               String path = "/home/users/" + userPath + "/" + name;
+                               log.debug("Moving {} to {}", user.getPath(), path);
+                               session.getWorkspace().move(user.getPath(), path);
+                               session.save();
+
+                               return resolver.getResource(path);
+                       }
+               } catch (RepositoryException e) {
+                       log.warn("Exception getting / creating service user {}", name, e);
+                       try {
+                               session.refresh(false);
+                       } catch (RepositoryException e1) {
+                               log.error("Unexpected exception reverting changes", e1);
+                       }
+               }
+               return null;
+       }
+
+       private String getParameter(final HttpServletRequest request, final String name, final String defaultValue) {
+               String value = request.getParameter(name);
+               if (value != null && !value.trim().isEmpty()) {
+                       return value.trim();
+               }
+               return defaultValue;
+       }
+
+       private ResourceResolver getResourceResolver(HttpServletRequest request) {
+               ResourceResolver resolver = (ResourceResolver) request
+                               .getAttribute("org.apache.sling.auth.core.ResourceResolver");
+               return resolver;
+       }
+
+       private boolean hasPrincipal(Mapping map, String name) {
+               Iterable<String> principals = map.mapPrincipals(map.getServiceName(), map.getSubServiceName());
+               if (principals != null) {
+                       for (String principal : principals) {
+                               if (principal.equals(name)) {
+                                       return true;
+                               }
+                       }
+               }
+               return false;
+       }
+
+       private void info(PrintWriter pw, String text) {
+               pw.print("<p class='statline ui-state-highlight'>");
+               pw.print(xss.encodeForHTML(text));
+               pw.println("</p>");
+       }
+
+       private void infoDiv(PrintWriter pw, String text) {
+               if (StringUtils.isBlank(text)) {
+                       return;
+               }
+               pw.println("<div>");
+               pw.print("<span style='float:left'>");
+               pw.print(xss.encodeForHTML(text));
+               pw.println("</span>");
+               pw.println("</div>");
+       }
+
+       @Activate
+       protected void init(ComponentContext context) {
+               this.bundleContext = context.getBundleContext();
+       }
+
+       private void printPrincipals(List<Mapping> activeMappings, PrintWriter pw) {
+               List<Pair<String, Mapping>> mappings = new ArrayList<Pair<String, Mapping>>();
+               for (Mapping mapping : activeMappings) {
+                       for (String principal : extractPrincipals(mapping)) {
+                               mappings.add(new ImmutablePair<String, Mapping>(principal, mapping));
+                       }
+               }
+               Collections.sort(mappings, new Comparator<Pair<String, Mapping>>() {
+                       @Override
+                       public int compare(Pair<String, Mapping> o1, Pair<String, Mapping> o2) {
+                               if (o1.getKey().equals(o2.getKey())) {
+                                       return o1.getValue().getServiceName().compareTo(o2.getValue().getServiceName());
+                               } else {
+                                       return o1.getKey().compareTo(o2.getKey());
+                               }
+                       }
+               });
+
+               for (Pair<String, Mapping> mapping : mappings) {
+                       tableRows(pw);
+                       pw.println("<td><a href=\"/system/console/serviceusers?action=details&amp;user="
+                                       + xss.encodeForHTML(mapping.getKey()) + "\">" + xss.encodeForHTML(mapping.getKey()) + "</a></td>");
+
+                       Map<String, Bundle> bundles = new HashMap<String, Bundle>();
+                       Bundle bundle = findBundle(mapping.getValue().getServiceName(), bundles);
+                       if (bundle != null) {
+                               bundleContext.getBundle();
+                               pw.println("<td><a href=\"/system/console/bundles/" + bundle.getBundleId() + "\">"
+                                               + xss.encodeForHTML(
+                                                               bundle.getHeaders().get(Constants.BUNDLE_NAME) + " (" + bundle.getSymbolicName())
+                                               + ")</a></td>");
+                               pw.println("<td>" + xss.encodeForHTML(mapping.getValue().getSubServiceName()) + "</td>");
+                       } else {
+                               bundleContext.getBundle();
+                               pw.println("<td>" + xss.encodeForHTML(mapping.getValue().getServiceName()) + "</td>");
+                               pw.println("<td>" + xss.encodeForHTML(
+                                               mapping.getValue().getSubServiceName() != null ? mapping.getValue().getSubServiceName() : "")
+                                               + "</td>");
+                       }
+               }
+
+       }
+
+       private void printServiceUserDetails(HttpServletRequest request, PrintWriter pw)
+                       throws AccessDeniedException, UnsupportedRepositoryOperationException, RepositoryException {
+               String name = getParameter(request, PN_USER, "");
+
+               tableStart(pw, "Details for " + name, 2);
+
+               ResourceResolver resolver = getResourceResolver(request);
+
+               List<String> affectedPaths = new ArrayList<String>();
+               td(pw, "Service User Name");
+               td(pw, name);
+
+               tableRows(pw);
+
+               td(pw, "User Path");
+               Session session = resolver.adaptTo(Session.class);
+               UserManager userManager = AccessControlUtil.getUserManager(session);
+               if (userManager.getAuthorizable(name) != null) {
+                       Authorizable user = userManager.getAuthorizable(name);
+                       td(pw, user.getPath());
+                       affectedPaths.add(user.getPath());
+               }
+
+               tableRows(pw);
+
+               String[] mappings = findMappings(resolver, name);
+               td(pw, "Mappings");
+               td(pw, mappings);
+
+               tableRows(pw);
+
+               td(pw, "OSGi Configurations");
+               td(pw, findConfigurations(resolver, name, affectedPaths));
+
+               tableRows(pw);
+
+               td(pw, "ACLs");
+               td(pw, findACLs(resolver, name, affectedPaths));
+
+               tableEnd(pw);
+
+               pw.write("<br/>");
+
+               pw.write("<h3>Example Filter</h3>");
+
+               pw.write("<br/>");
+
+               pw.write("<pre><code>&lt;workspaceFilter version=\"1.0\"&gt;<br/>");
+               for (String affectedPath : affectedPaths) {
+                       pw.write("  &lt;filter root=\"" + affectedPath + "\" /&gt;<br/>");
+               }
+               pw.write("&lt;/workspaceFilter\"&gt</code></pre>");
+
+               pw.write("<br/>");
+
+               pw.write("<h3>Use Example(s)</h3>");
+
+               pw.write("<br/>");
+
+               pw.write("<pre><code>");
+
+               boolean includeNonSubService = false;
+               for (String mapping : mappings) {
+                       if (mapping.contains(":")) {
+                               String subService = StringUtils.substringAfter(mapping, ":");
+                               pw.write("// Example using Sub Service " + subService
+                                               + "<br/>ResourceResolver resolver = resolverFactory.getServiceResourceResolver(new HashMap<String, Object>() {<br/>  private static final long serialVersionUID = 1L;<br/>  {<br/>    put(ResourceResolverFactory.SUBSERVICE,\""
+                                               + subService + "\");<br/>  }<br/>});<br/><br/>");
+                       } else {
+                               includeNonSubService = true;
+                       }
+               }
+               if (includeNonSubService) {
+                       pw.write(
+                                       "// Example using bundle authentication<br/>ResourceResolver resolver = resolverFactory.getServiceResourceResolver(null);");
+               }
+               pw.write("</code></pre>");
+       }
+
+       private void printServiceUsers(HttpServletRequest request, PrintWriter pw) {
+
+               try {
+
+                       pw.println("<form method='post' action='/system/console/serviceusers'>");
+
+                       tableStart(pw, "Create Service User", 2);
+
+                       String name = getParameter(request, PN_NAME, "");
+                       textField(pw, "Service User Name", PN_NAME, name,
+                                       "The name of the service user to create, can already exist");
+
+                       tableRows(pw);
+                       String userContextPath = getParameter(request, PN_USER_PATH, "");
+                       textField(pw, "Intermediate Path", PN_USER_PATH, userContextPath,
+                                       "Optional: The intermediate path under which to create the user. Should start with system, e.g. system/myapp");
+
+                       tableRows(pw);
+                       String bundle = getParameter(request, PN_BUNDLE, "");
+                       selectField(pw, "Bundle", PN_BUNDLE, bundle, getBundles(),
+                                       "The bundle from which this service user will be useable");
+
+                       tableRows(pw);
+                       String serviceName = getParameter(request, PN_SUB_SERVICE, "");
+                       textField(pw, "Sub Service Name", PN_SUB_SERVICE, serviceName,
+                                       "Optional: Allows for different permissions for different services within a bundle");
+
+                       tableRows(pw);
+                       String appPath = getParameter(request, PN_APP_PATH, "");
+                       textField(pw, "Application Path", PN_APP_PATH, appPath,
+                                       "The application under which to create the OSGi Configuration for the Service User Mapping, e.g. /apps/myapp");
+
+                       tableRows(pw);
+
+                       List<Pair<String, String>> privileges = getPrivileges(request);
+                       printPrivilegeSelect(pw, "ACLs", privileges, getSupportedPrivileges(request),
+                                       "Set the privileges for this service user");
+
+                       tableRows(pw);
+
+                       pw.println("<td></td>");
+                       pw.println("<td><input type='submit' value='Create / Update'/></td>");
+                       tableEnd(pw);
+
+                       pw.println("</form>");
+
+                       pw.println("<br/><br/>");
+
+                       // Service Users
+                       List<Mapping> activeMappings = mapper.getActiveMappings();
+                       tableStart(pw, "Active Service Users", 3);
+                       pw.println("<th>Name</th>");
+                       pw.println("<th>Bundle</th>");
+                       pw.println("<th>SubService</th>");
+                       printPrincipals(activeMappings, pw);
+
+                       tableEnd(pw);
+
+                       pw.println("<br/>");
+
+               } finally {
+               }
+       }
+
+       private List<Pair<String, String>> getPrivileges(HttpServletRequest request) {
+               List<Pair<String, String>> privileges = new ArrayList<Pair<String, String>>();
+               List<String> params = Collections.list(request.getParameterNames());
+
+               for (String param : params) {
+                       if (param.startsWith("acl-path-")) {
+                               String path = request.getParameter(param);
+                               String privilege = request.getParameter(param.replace("-path-", "-privilege-"));
+                               if (StringUtils.isNotBlank(path) && StringUtils.isNotBlank(privilege)) {
+                                       privileges.add(new ImmutablePair<String, String>(path, privilege));
+                               } else {
+                                       log.warn("Unable to load ACL due to missing value {}={}", path, privilege);
+                               }
+                       }
+               }
+
+               return privileges;
+       }
+
+       private String[] getSupportedPrivileges(HttpServletRequest request) {
+               String[] names = null;
+               try {
+                       ResourceResolver resolver = getResourceResolver(request);
+                       Session session = resolver.adaptTo(Session.class);
+                       AccessControlManager accessControl = session.getAccessControlManager();
+                       Privilege[] privileges = accessControl.getSupportedPrivileges("/");
+                       names = new String[privileges.length];
+                       for (int i = 0; i < privileges.length; i++) {
+                               names[i] = privileges[i].getName();
+                       }
+                       Arrays.sort(names);
+               } catch (RepositoryException re) {
+                       log.error("Exception loading Supported Privileges", re);
+               }
+               return names;
+
+       }
+
+       @Override
+       protected void renderContent(HttpServletRequest request, HttpServletResponse response)
+                       throws ServletException, IOException {
+
+               final PrintWriter pw = response.getWriter();
+
+               pw.println("<br/>");
+
+               String alert = getParameter(request, "alert", "");
+               if (StringUtils.isNotBlank(alert)) {
+                       info(pw, alert);
+               }
+
+               String action = getParameter(request, "action", "");
+               if (StringUtils.isBlank(action)) {
+                       log.debug("Rendering service users page");
+                       info(pw, "Service users are used by OSGi Services to access the Sling repository. Use this form to find and create service users.");
+                       printServiceUsers(request, pw);
+               } else if ("details".equals(action)) {
+                       log.debug("Rendering service user details page");
+                       try {
+                               printServiceUserDetails(request, pw);
+                       } catch (RepositoryException e) {
+                               log.warn("Exception rendering details for user", e);
+                               info(pw, "Exception rendering details for user");
+                       }
+               } else {
+                       info(pw, "Unknown action: " + action);
+               }
+       }
+
+       private void printPrivilegeSelect(PrintWriter pw, String label, List<Pair<String, String>> privileges,
+                       String[] supportedPrivileges, String alertMessage) {
+               pw.print("<td style='width:20%'>");
+               pw.print(xss.encodeForHTMLAttr(label));
+               pw.println("</td>");
+               pw.print("<td><table class=\"repeating-container\" style=\"width: 100%\" data-length=\"" + privileges.size()
+                               + "\"><tr><td>Path</td><td>Privilege</td><td></td>");
+
+               int idx = 0;
+               for (Pair<String, String> privilege : privileges) {
+                       pw.print("</tr><tr class=\"repeating-item\"><td>");
+
+                       pw.print("<input type=\"text\"  name=\"acl-path-" + idx + "\" value='");
+                       pw.print(xss.encodeForHTMLAttr(StringUtils.defaultString(privilege.getKey())));
+                       pw.print("' style='width:100%' />");
+
+                       pw.print("</td><td>");
+
+                       pw.print("<input type=\"text\" list=\"data-privileges\" name=\"acl-privilege-" + idx + "\" value='");
+                       pw.print(xss.encodeForHTMLAttr(StringUtils.defaultString(privilege.getValue())));
+                       pw.print("' style='width:100%' />");
+
+                       pw.print("</td><td>");
+
+                       pw.print("<input type=\"button\" value=\"&nbsp;-&nbsp;\" class=\"repeating-remove\" /></td>");
+               }
+               pw.print("</tr></table>");
+
+               pw.print("<input type=\"button\" value=\"&nbsp;+&nbsp;\" class=\"repeating-add\" />");
+
+               pw.print("<datalist id=\"data-privileges\">");
+               for (String option : supportedPrivileges) {
+                       pw.print("<option");
+                       pw.print(">");
+                       pw.print(xss.encodeForHTMLAttr(option));
+                       pw.print("</option>");
+               }
+               pw.print("</datalist><script src=\"/system/console/serviceusers/res/ui/serviceusermanager.js\"></script>");
+               infoDiv(pw, alertMessage);
+               pw.println("</td>");
+       }
+
+       private void selectField(PrintWriter pw, String label, String fieldName, String value, Collection<String> options,
+                       String... alertMessages) {
+               pw.print("<td style='width:20%'>");
+               pw.print(xss.encodeForHTMLAttr(label));
+               pw.println("</td>");
+               pw.print("<td><input type=\"text\" list=\"data-" + xss.encodeForHTMLAttr(fieldName) + "\" name='");
+               pw.print(xss.encodeForHTMLAttr(fieldName));
+               pw.print("' value='");
+               pw.print(xss.encodeForHTMLAttr(StringUtils.defaultString(value)));
+               pw.print("' style='width:100%' />");
+               pw.print("<datalist id=\"data-" + xss.encodeForHTMLAttr(fieldName) + "\">");
+               for (String option : options) {
+                       pw.print("<option");
+                       pw.print(">");
+                       pw.print(xss.encodeForHTMLAttr(option));
+                       pw.print("</option>");
+               }
+               pw.print("</datalist>");
+               for (String alertMessage : alertMessages) {
+                       infoDiv(pw, alertMessage);
+               }
+               pw.println("</td>");
+       }
+
+       private void sendErrorRedirect(HttpServletRequest request, HttpServletResponse response, String alert)
+                       throws IOException {
+               List<String> params = new ArrayList<String>();
+               for (String param : new String[] { PN_APP_PATH, PN_BUNDLE, PN_NAME, PN_SUB_SERVICE, PN_USER_PATH }) {
+                       params.add(param + "=" + URLEncoder.encode(this.getParameter(request, param, ""), "UTF-8"));
+               }
+
+               int idx = 0;
+               List<Pair<String, String>> privs = getPrivileges(request);
+               for (Pair<String, String> priv : privs) {
+                       params.add("acl-path-" + idx + "=" + URLEncoder.encode(priv.getKey(), "UTF-8"));
+                       params.add("acl-privilege-" + idx + "=" + URLEncoder.encode(priv.getValue(), "UTF-8"));
+                       idx++;
+               }
+
+               if (StringUtils.isNotBlank(alert)) {
+                       params.add(PN_ALERT + "=" + URLEncoder.encode(alert, "UTF-8"));
+               }
+
+               WebConsoleUtil.sendRedirect(request, response,
+                               "/system/console/" + LABEL + "?" + StringUtils.join(params, "&"));
+       }
+
+       private void tableEnd(PrintWriter pw) {
+               pw.println("</tr>");
+               pw.println("</tbody>");
+               pw.println("</table>");
+       }
+
+       private void tableRows(PrintWriter pw) {
+               pw.println("</tr>");
+               pw.println("<tr>");
+       }
+
+       private void tableStart(PrintWriter pw, String title, int colspan) {
+               pw.println("<table class='nicetable ui-widget'>");
+               pw.println("<thead class='ui-widget-header'>");
+               pw.println("<tr>");
+               pw.print("<th colspan=");
+               pw.print(String.valueOf(colspan));
+               pw.print(">");
+               pw.print(xss.encodeForHTML(title));
+               pw.println("</th>");
+               pw.println("</tr>");
+               pw.println("</thead>");
+               pw.println("<tbody class='ui-widget-content'>");
+               pw.println("<tr>");
+       }
+
+       private void td(PrintWriter pw, Object value, String... title) {
+               pw.print("<td");
+               if (title.length > 0 && !StringUtils.isBlank(title[0])) {
+                       pw.print(" title='");
+                       pw.print(xss.encodeForHTML(title[0]));
+                       pw.print("'");
+               }
+               pw.print(">");
+
+               if (value != null) {
+                       if (value.getClass().isArray()) {
+                               for (int i = 0; i < Array.getLength(value); i++) {
+                                       Object itemValue = Array.get(value, i);
+                                       pw.print(xss.encodeForHTML(ObjectUtils.defaultIfNull(itemValue, "").toString()));
+                                       pw.println("<br>");
+                               }
+                       } else {
+                               pw.print(xss.encodeForHTML(value.toString()));
+                       }
+               }
+
+               if (title.length > 0 && !StringUtils.isBlank(title[0])) {
+                       pw.print("<span class='ui-icon ui-icon-info' style='float:left'></span>");
+               }
+               pw.print("</td>");
+       }
+
+       private void textField(PrintWriter pw, String label, String fieldName, String value, String... alertMessages) {
+               pw.print("<td style='width:20%'>");
+               pw.print(xss.encodeForHTMLAttr(label));
+               pw.println("</td>");
+               pw.print("<td><input name='");
+               pw.print(xss.encodeForHTMLAttr(fieldName));
+               pw.print("' value='");
+               pw.print(xss.encodeForHTMLAttr(StringUtils.defaultString(value)));
+               pw.print("' style='width:100%'/>");
+               for (String alertMessage : alertMessages) {
+                       infoDiv(pw, alertMessage);
+               }
+               pw.println("</td>");
+       }
+
+}
diff --git a/src/main/java/org/apache/sling/serviceuser/webconsole/package-info.java b/src/main/java/org/apache/sling/serviceuser/webconsole/package-info.java
new file mode 100644 (file)
index 0000000..452b0ba
--- /dev/null
@@ -0,0 +1,22 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+@org.osgi.annotation.versioning.Version("1.0.0")
+package org.apache.sling.serviceuser.webconsole;
+
diff --git a/src/main/resources/res/ui/serviceusermanager.js b/src/main/resources/res/ui/serviceusermanager.js
new file mode 100644 (file)
index 0000000..c830f5d
--- /dev/null
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+var repeatingRemove = function(){
+       $(this).parents('.repeating-item').remove();
+       return false;
+}
+$('.repeating-remove').click(repeatingRemove);
+$('.repeating-add').click(function(){
+       var idx = $('.repeating-container').data('length');
+       var div = $('.repeating-container').append('<tr class="repeating-item"><td>'+'<input type="text"  name="acl-path-'
+                       + idx + '"  style="width:100%" /></td><td>'+
+                       '<input type="text" list="data-privileges" name="acl-privilege-' + idx + '" style="width:100%" />'+
+                       '</td><td><input type="button" value="-" class="repeating-remove" /></td></tr>');
+       $('.repeating-container').data('length', idx + 1);
+       $(div).find('.repeating-remove').click(repeatingRemove);
+       return false;
+});
\ No newline at end of file