Merge branch 'release/1.9.5' into master_19x

ghenzler · ghenzler · commit d5e1be2d16fa · 2017-03-21T17:38:56.000+01:00
diff --git a/accesscontroltool-bundle/pom.xml b/accesscontroltool-bundle/pom.xml
@@ -11,7 +11,7 @@
     <parent>
         <groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
         <artifactId>accesscontroltool</artifactId>
-        <version>1.9.4</version>
+        <version>1.9.5</version>
     </parent>
 
     <!-- ====================================================================== -->
diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableutils/impl/AuthorizableCreatorServiceImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableutils/impl/AuthorizableCreatorServiceImpl.java
@@ -375,27 +375,18 @@ private Authorizable createNewAuthorizable(
 
         Authorizable newAuthorizable = null;
         
-        if (StringUtils.isNotEmpty(principalConfigBean.getExternalId())) {
-            // external group
-            if (!isGroup) {
-                throw new IllegalStateException("External IDs are only supported for groups (" + principalConfigBean.getPrincipalID()
-                        + " is using '" + principalConfigBean.getExternalId() + "')");
-            } 
-            if (externalGroupCreatorService == null) {
-                throw new IllegalStateException("External IDs are not availabe for your AEM version ("
-                        + principalConfigBean.getPrincipalID() + " is using '" + principalConfigBean.getExternalId() + "')");
-            }
-            newAuthorizable = externalGroupCreatorService.createGroupWithExternalId(userManager, principalConfigBean, status,
-                    authorizableInstallationHistory, vf, principalMapFromConfig, session);
-            LOG.info("Successfully created new external group: {}", principalId);
-        } else if (isGroup) {
-            // internal group
+        if (isGroup) {
             newAuthorizable = createNewGroup(userManager, principalConfigBean,
                     status, authorizableInstallationHistory, vf,
                     principalMapFromConfig, session);
             LOG.info("Successfully created new group: {}", principalId);
         } else {
-            // internal user
+            if (StringUtils.isNotEmpty(principalConfigBean.getExternalId())) {
+                throw new IllegalStateException("External IDs are not supported for users (" + principalConfigBean.getPrincipalID()
+                        + " is using '" + principalConfigBean.getExternalId()
+                        + "') - use a ootb sync handler to have users automatically created.");
+            }
+
             newAuthorizable = createNewUser(userManager, principalConfigBean, status, authorizableInstallationHistory, vf,
                     principalMapFromConfig, session);
             LOG.info("Successfully created new user: {}", principalId);
@@ -524,13 +515,27 @@ private Authorizable createNewGroup(
         // create new Group
         Group newGroup = null;
         try {
-            PrincipalImpl principalForNewGroup = new PrincipalImpl(groupID);
-            if (StringUtils.isNotBlank(intermediatePath)) {
-                newGroup = userManager.createGroup(principalForNewGroup, intermediatePath);
+
+            if (StringUtils.isNotEmpty(principalConfigBean.getExternalId())) {
+
+                if (externalGroupCreatorService == null) {
+                    throw new IllegalStateException("External IDs are not availabe for your AEM version ("
+                            + principalConfigBean.getPrincipalID() + " is using '" + principalConfigBean.getExternalId() + "')");
+                }
+                newGroup = (Group) externalGroupCreatorService.createGroupWithExternalId(userManager, principalConfigBean, status,
+                        authorizableInstallationHistory, vf, principalMapFromConfig, session);
+                LOG.info("Successfully created new external group: {}", groupID);
             } else {
-                newGroup = userManager.createGroup(principalForNewGroup);
+
+                PrincipalImpl principalForNewGroup = new PrincipalImpl(groupID);
+                if (StringUtils.isNotBlank(intermediatePath)) {
+                    newGroup = userManager.createGroup(principalForNewGroup, intermediatePath);
+                } else {
+                    newGroup = userManager.createGroup(principalForNewGroup);
+                }
             }
 
+
         } catch (AuthorizableExistsException e) {
             LOG.warn("Group {} already exists in system!", groupID);
             newGroup = (Group) userManager.getAuthorizable(groupID);
diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/AcHelper.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/helper/AcHelper.java
@@ -136,7 +136,13 @@ private static Principal getPrincipalForName(final Session session, String princ
         // Also see https://issues.apache.org/jira/browse/OAK-3228
         final JackrabbitSession js = (JackrabbitSession) session;
         final UserManager userManager = js.getUserManager();
-        final Authorizable authorizable = userManager.getAuthorizable(new PrincipalImpl(principalName));
+
+        Authorizable authorizable = userManager.getAuthorizable(new PrincipalImpl(principalName));
+        if (authorizable == null) {
+            // try interpreting principal name as authorizableId (this is significantly slower, but for LDAP case the principalName could
+            // be a plain id (and not a full LDAP DN like the principal name in repo is)
+            authorizable = userManager.getAuthorizable(principalName);
+        }
         principal = authorizable != null ? authorizable.getPrincipal() : null;
         return principal;
     }
diff --git a/accesscontroltool-exampleconfig-package/pom.xml b/accesscontroltool-exampleconfig-package/pom.xml
@@ -15,7 +15,7 @@
     <parent>
         <groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
         <artifactId>accesscontroltool</artifactId>
-        <version>1.9.4</version>
+        <version>1.9.5</version>
     </parent>
 
     <!-- ====================================================================== -->
diff --git a/accesscontroltool-oakindex-package/pom.xml b/accesscontroltool-oakindex-package/pom.xml
@@ -15,7 +15,7 @@
     <parent>
         <groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
         <artifactId>accesscontroltool</artifactId>
-        <version>1.9.4</version>
+        <version>1.9.5</version>
     </parent>
 
     <!-- ====================================================================== -->
diff --git a/accesscontroltool-package/pom.xml b/accesscontroltool-package/pom.xml
@@ -15,7 +15,7 @@
     <parent>
         <groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
         <artifactId>accesscontroltool</artifactId>
-        <version>1.9.4</version>
+        <version>1.9.5</version>
     </parent>
 
     <!-- ====================================================================== -->
diff --git a/pom.xml b/pom.xml
@@ -11,7 +11,7 @@
 
     <groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
     <artifactId>accesscontroltool</artifactId>
-    <version>1.9.4</version>
+    <version>1.9.5</version>
     <packaging>pom</packaging>
 
     <name>Access Control Tool - Reactor Project</name>
