https://github.com/netcentric/aem-content-package-namespace-validators
FileVault validators which verify that content packages comply with certain namespacing rules.
https://github.com/netcentric/aem-content-package-namespace-validators
aem filevault jackrabbit validator
Last synced: about 1 month ago
JSON representation
FileVault validators which verify that content packages comply with certain namespacing rules.
- Host: GitHub
- URL: https://github.com/netcentric/aem-content-package-namespace-validators
- Owner: Netcentric
- License: epl-2.0
- Created: 2024-11-30T12:07:58.000Z (5 months ago)
- Default Branch: main
- Last Pushed: 2025-03-12T15:56:52.000Z (about 2 months ago)
- Last Synced: 2025-03-12T16:41:05.579Z (about 2 months ago)
- Topics: aem, filevault, jackrabbit, validator
- Language: Java
- Homepage:
- Size: 130 KB
- Stars: 0
- Watchers: 4
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# AEM FileVault Content Package Namespace Validators
[](https://github.com/Netcentric/aem-content-package-namespace-validators/actions)
[](https://opensource.org/licenses/EPL-2.0)
[](https://central.sonatype.com/artifact/biz.netcentric.filevault.validator/aem-content-package-namespace-validators)
[](https://sonarcloud.io/summary/new_code?id=Netcentric_aem-content-package-namespace-validators)
[](https://sonarcloud.io/summary/new_code?id=Netcentric_aem-content-package-namespace-validators)
## Overview
Validates that FileVault content packages stick to certain namespacing rules. This is helpful to make sure that separate AEM applications may run in parallel on the same server without stepping on each other toes. This is particularly useful with [multiple teams working on the same AEM environment](https://experienceleague.adobe.com/en/docs/experience-manager-learn/assets/deployment/multitenancy-concurrent-article-understand) (also outlined in [Considerations for a multi-team setup](https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/using-cloud-manager/managing-code/enterprise-team-dev-setup#considerations)).
There are several validators included in this artifact, all relate to namespacing rules for certain aspects of AEM:
1. [FileVault Content Package Filter][filevault-workspace-filter] (`root` attribute of each `filter` element)
1. [FileVault Content Package ID][filevault-package-id] (both `group` and optionally `name` package properties)
1. [Oak Authorizables][oak-authorizables] (`rep:principalName` and optionally `rep:authorizableId` properties of users/groups)
1. [Oak Query Index Definition][oakindex] (path restrictions for [Lucene][oakindex-lucene-pathrestrictions] or [Property][oakindex-property-pathrestrictions] index definitions)
1. [OSGi Configuration][osgi-installer-configurations]
1. [Sling Resource Type and Resource Super Type][sling-resource-type] (`sling:resourceType` and `sling:resourceSuperType` properties)
1. [AEM Client Library][aem-clientlibrary] (`categories` property)
1. [Embedded Bundles][embedded] (the `Bundle-SymbolicName` of embedded bundles)
Namespacing has been explicitly mentioned in [Achim Koch's Blog: Hosting Multiple Tenants on AEM](https://blog.developer.adobe.com/hosting-multiple-tenants-on-aem-815c8ed0c9f9) but obviously namespacing is just one of multiple aspects to consider for multi-tenant AEM environments.
## Implementation
This artifact provides multiple validator implementations for the [FileVault Validation Module][filevault-validation] and can be used for example with the [filevault-package-maven-plugin][filevault-p-m-p] like outlined below.
## Settings
The following options are supported apart from the default settings mentioned in [FileVault validation][filevault-validation].
Leaving the validators with the default options will not emit validation issues at all, i.e. none of the options are mandatory.
Validator ID | Option | Description | Since
--- | --- | --- | ---
`netcentric-filter-namespace` | `allowedPathPatterns` | Comma-separated list of regular expression patterns. Each package filter `root` must match at least one of the given patterns. | 1.0.0
`netcentric-packageid-namespace` | `allowedGroupPatterns` | Comma-separated list of regular expression patterns. The package's group must match at least one of the given patterns. | 1.0.0
`netcentric-packageid-namespace` | `allowedNamePatterns` | Comma-separated list of regular expression patterns. The package's name must match at least one of the given patterns. | 1.0.0
`netcentric-authorizable-namespace` | `allowedPrincipalNamePatterns` | Comma-separated list of regular expression patterns. The authorizable's `rep:principalName` must match at least one of the given patterns. | 1.0.0
`netcentric-authorizable-namespace` | `allowedAuthorizableIdPatterns` | Comma-separated list of regular expression patterns. The authorizable's `rep:authorizableId` or its node name (if the property does not exist( must match at least one of the given patterns. | 1.0.0
`netcentric-authorizable-namespace` | `allowedAuthorizableIdPatterns` | Comma-separated list of regular expression patterns. The authorizable's `rep:authorizableId` or its node name (if the property does not exist) must match at least one of the given patterns. | 1.0.0
`netcentric-oakindex-namespace` | `allowedPathPatterns` | Comma-separated list of regular expression patterns. Each Oak index definition's path restriction ([for `lucene` index types][oakindex-lucene-pathrestrictions] or [`property` index types][oakindex-property-pathrestrictions]) must match at least one of the given patterns. | 1.0.0
`netcentric-osgiconfig-namespace` | `allowedPidPatterns` | Comma-separated list of regular expression patterns. Each (non-factory) configuration name given via the [OSGi Installer][osgi-installer-configurations] must have a PID matching at least one of the given patterns. | 1.0.0
`netcentric-osgiconfig-namespace` | `allowedFactoryPidNames` | Comma-separated list of regular expression patterns. Each factory configuration name given via the [OSGi Installer][osgi-installer-configurations] must have a name matching at least one of the given patterns. | 1.0.0
`netcentric-osgiconfig-namespace` | `restrictFactoryConfigurationsToAllowedPidPatterns` | Boolean flag, `false` by default. If set to `true` each factory configuration PID given via the [OSGi Installer][osgi-installer-configurations] must also matching at least one of the given patterns from `allowedPidPatterns`. | 1.0.0
`netcentric-resourcetype-namespace` | `allowedTypePatterns` | Comma-separated list of regular expression patterns. Each `sling:resourceType` property of arbitrary JCR nodes must match at least one of the given patterns. | 1.0.0
`netcentric-resourcetype-namespace` | `allowedSuperTypePatterns` | Comma-separated list of regular expression patterns. Each `sling:resourceSuperType` property of arbitrary JCR nodes must match at least one of the given patterns. | 1.0.0
`netcentric-clientlibrary-namespace` | `allowedCategoryPatterns` | Comma-separated list of regular expression patterns. Each [client library's `categories` value][aem-clientlibrary] must match at least one of the given patterns. | 1.0.0
`netcentric-embedded-namespace` | `allowedBundleSymbolicNamePatterns` | Comma-separated list of regular expression patterns. Each [embedded bundle in the package][embedded] must have a `Bundle-SymbolicName` in its manifest which matches at least one of the given patterns. | 1.1.0
*Due to the use of comma-separated strings it is not possible to use a comma within the regular expressions. However, as those are matched against names/paths (which don't allow a comma anyhow) using the comma inside the regular expressions shouldn't be necessary anyhow.*
## Fix Violations
Make the relevant attribute value/name/property value match one of the given patterns.
## Usage with Maven
You can use this validator with the [FileVault Package Maven Plugin][filevault-p-m-p] in version 1.4.0 or higher like this
```
org.apache.jackrabbit
filevault-package-maven-plugin
mytenant-.*
mytenant-.*
mytenant-.*
/apps/mytenant(/.*)?,/conf/mytenant(/.*)?,/home/users/mytenant(/.*)?,/oak:index/mytenant-(.*)
/content/mytenant(/.*)?
com\.example\.mytenant\..*
name.*
true
biz\.netcentric\.filevault\.validator\.aem\.namespace\.it
.*-package
/apps/mytenant2/components/.*
/apps/mytenant2/components/.*
mytenant-.*
biz.netcentric.filevault.validators
aem-content-package-namespace-validators
```
Adobe, and AEM are either registered trademarks or trademarks of Adobe in the United States and/or other countries.
[aemanalyser-maven-plugin]: https://github.com/adobe/aemanalyser-maven-plugin/tree/main/aemanalyser-maven-plugin
[filevault-validation]: https://jackrabbit.apache.org/filevault/validation.html
[filevault-p-m-p]: https://jackrabbit.apache.org/filevault-package-maven-plugin/index.html
[filevault-workspace-filter]: https://jackrabbit.apache.org/filevault/filter.html
[oakindex]: https://jackrabbit.apache.org/oak/docs/query/indexing.html#index-defnitions
[oakindex-lucene-pathrestrictions]: https://jackrabbit.apache.org/oak/docs/query/lucene.html#path-restrictions
[oakindex-property-pathrestrictions]: https://jackrabbit.apache.org/oak/docs/query/property-index.html
[aem-clientlibrary]: https://experienceleague.adobe.com/en/docs/experience-manager-cloud-service/content/implementing/developing/full-stack/clientlibs#clientlib-folders
[osgi-installer-configurations]: https://sling.apache.org/documentation/bundles/configuration-installer-factory.html#applying-of-configurations
[filevault-package-id]: https://jackrabbit.apache.org/filevault/properties.html
[sling-resource-type]: https://sling.apache.org/documentation/the-sling-engine/resources.html#resource-types
[oak-authorizables]: https://jackrabbit.apache.org/oak/docs/security/user/default.html#representation-in-the-repository
[embedded]: https://jackrabbit.apache.org/filevault-package-maven-plugin/osgi.html#bundles-and-configurations