diff --git a/README.md b/README.md
index 3dcee932..81ad9558 100644
--- a/README.md
+++ b/README.md
@@ -29,7 +29,7 @@ See also our talk at [adaptTo() 2016](https://adapt.to/2016/en/schedule/ac-tool.
The AC Tool requires **Java 11 and AEM 6.5.18** or above (use v3.x for older AEM versions which runs on Java 8 and AEM 6.4 or above) for on-premise installations. Since v2.5.0 **[AEM as a Cloud Service](https://www.adobe.com/marketing/experience-manager/cloud-service.html)** is supported, see [Startup Hook](https://github.com/Netcentric/accesscontroltool/blob/develop/docs/ApplyConfig.md#startup-hook) for details.
-It is also possible to run the AC Tool on **Apache Sling 12** or above (ensure system user `actool-service` has `jcr:all` permissions on root). When using the AC Tool with Sling, actions in ACE definitions and encrypted passwords cannot be used. To use the `externalId` attribute, ensure bundle `oak-auth-external` installed (not part of default Sling distribution).
+It is also possible to run the AC Tool on **Apache Sling 12** or above (ensure system user `actool-service` has `jcr:all` permissions on root). When using the AC Tool with Sling, actions in ACE definitions, encrypted passwords and user's key stores cannot be used. To use the `externalId` attribute, ensure bundle `oak-auth-external` installed (not part of default Sling Starter distribution).
# Installation
diff --git a/accesscontroltool-bundle/bnd.bnd b/accesscontroltool-bundle/bnd.bnd
index 5613d84f..e78aa697 100644
--- a/accesscontroltool-bundle/bnd.bnd
+++ b/accesscontroltool-bundle/bnd.bnd
@@ -7,6 +7,7 @@ Bundle-SymbolicName: biz.netcentric.cq.tools.accesscontroltool.bundle
# allow to run in Sling without AEM bundles
# allow to run without bouncycastle which is only necessary for some edge cases when managing keys
+# broader version range for JMX annotation as 2.0.0 was introduced in https://github.com/apache/jackrabbit-oak/commit/42b0a70d305372e9c228697012f12c59d643fe27#diff-776354a994a5afefbc8da17a75d83569e198589f2abe3be6890bb621f9a1a708 but is still compatible with our use cases
Import-Package: \
com.adobe.granite.crypto;resolution:=optional,\
com.adobe.granite.keystore;resolution:=optional,\
@@ -15,6 +16,7 @@ com.fasterxml.jackson.databind;resolution:=optional,\
org.apache.http.*;resolution:=optional,\
org.bouncycastle.*;resolution:=optional,\
org.apache.jackrabbit.oak.spi.security.authentication.external.*;resolution:=optional,\
+org.apache.jackrabbit.oak.commons.jmx;version="[1.1.0,3.0.0)",\
!jakarta.servlet.jsp.el,\
*
diff --git a/accesscontroltool-bundle/maximum-sling.bndrun b/accesscontroltool-bundle/maximum-sling.bndrun
new file mode 100644
index 00000000..e41ac476
--- /dev/null
+++ b/accesscontroltool-bundle/maximum-sling.bndrun
@@ -0,0 +1,17 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+-include ../target-osgi-environment/sling-maximum-version-environment/maximum-sling.bndrun
+
diff --git a/accesscontroltool-bundle/minimum-aem.bndrun b/accesscontroltool-bundle/minimum-aem.bndrun
index 8bdf1741..08e40d50 100644
--- a/accesscontroltool-bundle/minimum-aem.bndrun
+++ b/accesscontroltool-bundle/minimum-aem.bndrun
@@ -13,5 +13,5 @@
# See the License for the specific language governing permissions and
# limitations under the License.
--include ../target-osgi-environment/minimum-environment/minimum-aem.bndrun
+-include ../target-osgi-environment/aem-minimum-version-environment/minimum-aem.bndrun
diff --git a/accesscontroltool-bundle/minimum-sling.bndrun b/accesscontroltool-bundle/minimum-sling.bndrun
new file mode 100644
index 00000000..574a97dd
--- /dev/null
+++ b/accesscontroltool-bundle/minimum-sling.bndrun
@@ -0,0 +1,17 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+-include ../target-osgi-environment/sling-minimum-version-environment/minimum-sling.bndrun
+
diff --git a/accesscontroltool-bundle/pom.xml b/accesscontroltool-bundle/pom.xml
index 8bc1cefe..ea6bf238 100644
--- a/accesscontroltool-bundle/pom.xml
+++ b/accesscontroltool-bundle/pom.xml
@@ -117,6 +117,17 @@
oak-jackrabbit-api
provided
+
+
+ org.apache.jackrabbit
+ oak-api
+ provided
+
+
+ org.apache.jackrabbit
+ oak-core-spi
+ provided
+
org.apache.jackrabbit.vault
org.apache.jackrabbit.vault
@@ -199,12 +210,6 @@
httpclient-osgi
provided
-
-
- com.adobe.granite
- com.adobe.granite.jmx
- provided
-
com.adobe.granite
@@ -277,12 +282,6 @@
test
-
- org.apache.jackrabbit
- oak-api
- ${oak.testing.version}
- test
-
org.apache.jackrabbit
oak-core
@@ -380,11 +379,23 @@
oak-jackrabbit-api
${oak.testing.version}
+
+ org.apache.jackrabbit
+ oak-api
+ ${oak.testing.version}
+
+
+ org.apache.jackrabbit
+ oak-core-spi
+ ${oak.testing.version}
+
org.apache.jackrabbit:oak-security-spi
org.apache.jackrabbit:oak-auth-external
- org.apache.jackrabbit:jackrabbit-api
+ org.apache.jackrabbit:oak-jackrabbit-api
+ org.apache.jackrabbit:oak-api
+ org.apache.jackrabbit:oak-core-spi
@@ -412,7 +423,7 @@
bnd-resolver-maven-plugin
- resolve-against-minimum
+ resolve-against-minimum-aem
resolve
@@ -424,6 +435,32 @@
+
+ resolve-against-minimum-sling
+
+ resolve
+
+ verify
+
+ false
+
+ minimum-sling.bndrun
+
+
+
+
+ resolve-against-maximum-sling
+
+ resolve
+
+ verify
+
+ false
+
+ maximum-sling.bndrun
+
+
+
diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aem/AemUserKeyStoreService.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aem/AemUserKeyStoreService.java
new file mode 100644
index 00000000..6db774e6
--- /dev/null
+++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aem/AemUserKeyStoreService.java
@@ -0,0 +1,57 @@
+package biz.netcentric.cq.tools.actool.aem;
+
+/*-
+ * #%L
+ * Access Control Tool Bundle
+ * %%
+ * Copyright (C) 2015 - 2026 Cognizant Netcentric
+ * %%
+ * This program and the accompanying materials are made
+ * available under the terms of the Eclipse Public License 2.0
+ * which is available at https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ * #L%
+ */
+
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+
+import org.apache.sling.api.resource.ResourceResolver;
+import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.Reference;
+import org.osgi.service.component.annotations.ReferencePolicyOption;
+
+import com.adobe.granite.keystore.KeyStoreService;
+
+import biz.netcentric.cq.tools.actool.crypto.UserKeyStoreService;
+
+@Component
+public class AemUserKeyStoreService implements UserKeyStoreService {
+
+ @Reference(policyOption = ReferencePolicyOption.GREEDY)
+ private KeyStoreService delegate;
+
+ @Override
+ public boolean keyStoreExists(ResourceResolver resourceResolver, String userId) {
+ return delegate.keyStoreExists(resourceResolver, userId);
+ }
+
+ @Override
+ public void addKeyStoreKeyEntry(ResourceResolver resourceResolver, String userId, String key, PrivateKey privateKey,
+ Certificate[] certificates) {
+ delegate.addKeyStoreKeyEntry(resourceResolver, userId, key, privateKey, certificates);
+ }
+
+ @Override
+ public void addKeyStoreKeyPair(ResourceResolver resourceResolver, String userId, KeyPair keyPair, String key) {
+ delegate.addKeyStoreKeyPair(resourceResolver, userId, keyPair, key);
+ }
+
+ @Override
+ public void createKeyStore(ResourceResolver resourceResolver, String userId, char[] keyStorePasswordCharArray) {
+ delegate.createKeyStore(resourceResolver, userId, keyStorePasswordCharArray);
+ }
+
+}
diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImpl.java
index 8a891ad7..7348d5df 100644
--- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImpl.java
+++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/authorizableinstaller/impl/AuthorizableInstallerServiceImpl.java
@@ -36,7 +36,6 @@
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
-import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.ValueFactory;
import org.apache.commons.collections4.CollectionUtils;
@@ -61,9 +60,6 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import com.adobe.granite.keystore.KeyStoreNotInitialisedException;
-import com.adobe.granite.keystore.KeyStoreService;
-
import biz.netcentric.cq.tools.actool.api.InstallationOptions;
import biz.netcentric.cq.tools.actool.authorizableinstaller.AuthorizableCreatorException;
import biz.netcentric.cq.tools.actool.authorizableinstaller.AuthorizableInstallerService;
@@ -73,6 +69,7 @@
import biz.netcentric.cq.tools.actool.configmodel.pkcs.Key;
import biz.netcentric.cq.tools.actool.configmodel.pkcs.RandomPassword;
import biz.netcentric.cq.tools.actool.crypto.DecryptionService;
+import biz.netcentric.cq.tools.actool.crypto.UserKeyStoreService;
import biz.netcentric.cq.tools.actool.externalusermanagement.ExternalGroupManagement;
import biz.netcentric.cq.tools.actool.helper.AcHelper;
import biz.netcentric.cq.tools.actool.helper.AccessControlUtils;
@@ -105,7 +102,7 @@ public class AuthorizableInstallerServiceImpl implements
DecryptionService decryptionService;
@Reference(cardinality = ReferenceCardinality.OPTIONAL, policy=ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
- volatile KeyStoreService keyStoreService;
+ volatile UserKeyStoreService keyStoreService;
@Reference(policyOption = ReferencePolicyOption.GREEDY)
ResourceResolverFactory resourceResolverFactory;
@@ -218,7 +215,7 @@ private void installAuthorizableConfigurationBean(final Session session,
}
}
- private void installKeys(boolean appendToKeyStore, User user, Map keys, String userId, String keyStorePassword, Session session, InstallationLogger installLog) throws LoginException, SlingIOException, SecurityException, KeyStoreNotInitialisedException, IOException, GeneralSecurityException, UnsupportedRepositoryOperationException, RepositoryException {
+ private void installKeys(boolean appendToKeyStore, User user, Map keys, String userId, String keyStorePassword, Session session, InstallationLogger installLog) throws LoginException, SlingIOException, SecurityException, IOException, RepositoryException {
Map authInfo = new HashMap<>();
authInfo.put(JcrResourceConstants.AUTHENTICATION_INFO_SESSION, session);
ResourceResolver resolver = resourceResolverFactory.getResourceResolver(authInfo);
@@ -234,7 +231,7 @@ private void installKeys(boolean appendToKeyStore, User user, Map k
}
}
- private void removeKeyStore(ResourceResolver resolver, User user, InstallationLogger installLog) throws UnsupportedRepositoryOperationException, RepositoryException, PersistenceException {
+ private void removeKeyStore(ResourceResolver resolver, User user, InstallationLogger installLog) throws RepositoryException, PersistenceException {
String keyStorePath = user.getPath() + "/" + USER_KEYSTORE_FOLDER;
Resource keyStoreResource = resolver.getResource(keyStorePath);
if (keyStoreResource != null) {
@@ -245,7 +242,7 @@ private void removeKeyStore(ResourceResolver resolver, User user, InstallationLo
}
}
- private void installKeys(Map keys, String userId, String keyStorePassword, ResourceResolver resourceResolver, InstallationLogger installLog) throws SlingIOException, SecurityException, KeyStoreNotInitialisedException, IOException, GeneralSecurityException {
+ private void installKeys(Map keys, String userId, String keyStorePassword, ResourceResolver resourceResolver, InstallationLogger installLog) throws SlingIOException, SecurityException {
if (keyStoreService == null) {
throw new IllegalStateException(
"Keys are used on the authorizable which require the AEM KeyStore Service which is missing.");
diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/crypto/UserKeyStoreService.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/crypto/UserKeyStoreService.java
new file mode 100644
index 00000000..e7c862d9
--- /dev/null
+++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/crypto/UserKeyStoreService.java
@@ -0,0 +1,36 @@
+package biz.netcentric.cq.tools.actool.crypto;
+
+/*-
+ * #%L
+ * Access Control Tool Bundle
+ * %%
+ * Copyright (C) 2015 - 2026 Cognizant Netcentric
+ * %%
+ * This program and the accompanying materials are made
+ * available under the terms of the Eclipse Public License 2.0
+ * which is available at https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ * #L%
+ */
+
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+
+import org.apache.sling.api.resource.ResourceResolver;
+
+/** Interface for managing user's key stores.
+ * This allows to decouple from a concrete (AEM-specific) interface like {@link com.adobe.granite.keystore.KeyStoreService} */
+public interface UserKeyStoreService {
+
+ boolean keyStoreExists(ResourceResolver resourceResolver, String userId);
+
+ void addKeyStoreKeyEntry(ResourceResolver resourceResolver, String userId, String key, PrivateKey privateKey,
+ Certificate[] certificates);
+
+ void addKeyStoreKeyPair(ResourceResolver resourceResolver, String userId, KeyPair keyPair, String key);
+
+ void createKeyStore(ResourceResolver resourceResolver, String userId, char[] keyStorePasswordCharArray);
+
+}
diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/jmx/AceServiceMBean.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/jmx/AceServiceMBean.java
index c7a6d591..187287ac 100644
--- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/jmx/AceServiceMBean.java
+++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/jmx/AceServiceMBean.java
@@ -16,8 +16,9 @@
import javax.jcr.RepositoryException;
-import com.adobe.granite.jmx.annotation.Description;
-import com.adobe.granite.jmx.annotation.Name;
+import org.apache.jackrabbit.oak.api.jmx.Description;
+import org.apache.jackrabbit.oak.api.jmx.Name;
+
/**
* exposes functionalities of the Netcentric AC-Tool
diff --git a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/jmx/AceServiceMBeanImpl.java b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/jmx/AceServiceMBeanImpl.java
index d5348ed4..251f4069 100644
--- a/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/jmx/AceServiceMBeanImpl.java
+++ b/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/jmx/AceServiceMBeanImpl.java
@@ -22,6 +22,7 @@
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.StopWatch;
+import org.apache.jackrabbit.oak.commons.jmx.AnnotatedStandardMBean;
import org.apache.sling.jcr.api.SlingRepository;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
@@ -29,8 +30,6 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import com.adobe.granite.jmx.annotation.AnnotatedStandardMBean;
-
import biz.netcentric.cq.tools.actool.api.InstallationOptionsBuilder;
import biz.netcentric.cq.tools.actool.dumpservice.ConfigDumpService;
import biz.netcentric.cq.tools.actool.history.AcHistoryService;
@@ -167,6 +166,7 @@ public String showInstallationLog(final String n, boolean verbose) throws Reposi
public String purgeAllAuthorizablesFromConfiguration() {
return acInstallationService.purgeAuthorizablesFromConfig();
}
+
@Override
public String purgeAllAuthorizablesFromConfiguration(String configurationRootPath) {
InstallationOptionsBuilder builder = new InstallationOptionsBuilder();
@@ -192,7 +192,4 @@ public String getVersion() {
return acInstallationService.getVersion();
}
-
-
-
}
diff --git a/pom.xml b/pom.xml
index ccd5a692..9adc0313 100644
--- a/pom.xml
+++ b/pom.xml
@@ -149,9 +149,20 @@
${oak.version}
- com.adobe.granite
- com.adobe.granite.jmx
- 0.2.14
+ org.apache.jackrabbit
+ oak-api
+ ${oak.version}
+
+
+ org.apache.jackrabbit
+ oak-jackrabbit-api
+
+ 1.22.14
+
+
+ org.apache.jackrabbit
+ oak-core-spi
+ ${oak.version}
com.adobe.granite
diff --git a/target-osgi-environment/minimum-environment/minimum-aem.bndrun b/target-osgi-environment/aem-minimum-version-environment/minimum-aem.bndrun
similarity index 100%
rename from target-osgi-environment/minimum-environment/minimum-aem.bndrun
rename to target-osgi-environment/aem-minimum-version-environment/minimum-aem.bndrun
diff --git a/target-osgi-environment/minimum-environment/pom.xml b/target-osgi-environment/aem-minimum-version-environment/pom.xml
similarity index 100%
rename from target-osgi-environment/minimum-environment/pom.xml
rename to target-osgi-environment/aem-minimum-version-environment/pom.xml
diff --git a/target-osgi-environment/pom.xml b/target-osgi-environment/pom.xml
index 0210b582..53e30914 100644
--- a/target-osgi-environment/pom.xml
+++ b/target-osgi-environment/pom.xml
@@ -26,8 +26,11 @@
target-osgi-environment
pom
Target OSGi Environments
+ Defines the target OSGi environments for the Access Control Tool. Used with bnd-resolver-maven-plugin to check if ACTool bundles are resolvable in supported OSGi runtimes.
- minimum-environment
+ aem-minimum-version-environment
+ sling-minimum-version-environment
+ sling-maximum-version-environment
diff --git a/target-osgi-environment/sling-maximum-version-environment/maximum-sling.bndrun b/target-osgi-environment/sling-maximum-version-environment/maximum-sling.bndrun
new file mode 100644
index 00000000..b3cd8a09
--- /dev/null
+++ b/target-osgi-environment/sling-maximum-version-environment/maximum-sling.bndrun
@@ -0,0 +1,22 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+-standalone: ${fileuri;${.}/target/index.xml}
+
+-runfw: org.apache.felix.framework
+-runee: JavaSE-21
+
+# disable capability matching as too many headers are missing (https://github.com/bndtools/bnd/issues/7232)
+# -resolve.effective: active
\ No newline at end of file
diff --git a/target-osgi-environment/sling-maximum-version-environment/pom.xml b/target-osgi-environment/sling-maximum-version-environment/pom.xml
new file mode 100644
index 00000000..d3e27f53
--- /dev/null
+++ b/target-osgi-environment/sling-maximum-version-environment/pom.xml
@@ -0,0 +1,339 @@
+
+
+ 4.0.0
+
+
+ biz.netcentric.cq.tools.accesscontroltool
+ target-osgi-environment
+ ../pom.xml
+ 4.1.2-SNAPSHOT
+
+
+ sling-maximum-version-environment
+ pom
+ Maximum Sling Target OSGi Environment for Access Control Tool
+ The bndrun files and the used bundles for resolving all bundles in the maximum supported version of Sling (Sling Starter 14)
+
+
+ 1.90.0
+ 2.22.3
+ 2.21.1
+
+
+
+
+
+
+
+
+
+ biz.aQute.bnd
+ bnd-indexer-maven-plugin
+ ${bnd.version}
+
+
+ index
+
+ index
+
+
+ false
+ false
+ compile,runtime,provided
+
+
+
+
+
+
+
+
+
+
+ org.apache.felix
+ org.apache.felix.framework
+ 7.0.5
+ provided
+
+
+ org.osgi
+ org.osgi.service.component
+ 1.5.1
+ provided
+
+
+ org.osgi
+ org.osgi.util.function
+ 1.2.0
+ provided
+
+
+ org.osgi
+ org.osgi.util.promise
+ 1.3.0
+ provided
+
+
+ org.apache.felix
+ org.apache.felix.converter
+ 1.0.18
+ provided
+
+
+ org.apache.felix
+ org.apache.felix.scr
+ 2.2.14
+ provided
+
+
+ org.apache.felix
+ org.apache.felix.configadmin
+ 1.9.26
+ provided
+
+
+ org.apache.felix
+ org.apache.felix.eventadmin
+ 1.6.4
+ provided
+
+
+ org.apache.felix
+ org.apache.felix.http.jetty12
+ 1.1.8
+ provided
+
+
+ org.apache.felix
+ org.apache.felix.http.servlet-api
+ 6.1.0
+ provided
+
+
+ org.apache.aries.spifly
+ org.apache.aries.spifly.dynamic.bundle
+ 1.3.7
+ provided
+
+
+ org.slf4j
+ slf4j-api
+ 2.0.17
+ provided
+
+
+ org.apache.httpcomponents
+ httpcore-osgi
+ 4.4.16
+ provided
+
+
+ org.apache.httpcomponents
+ httpclient-osgi
+ 4.5.14
+ provided
+
+
+ commons-io
+ commons-io
+ 2.21.0
+ provided
+
+
+ org.apache.commons
+ commons-lang3
+ 3.20.0
+ provided
+
+
+ commons-collections
+ commons-collections
+ 3.2.2
+ provided
+
+
+ org.apache.commons
+ commons-collections4
+ 4.5.0
+ provided
+
+
+ commons-codec
+ commons-codec
+ 1.21.0
+ provided
+
+
+ commons-fileupload
+ commons-fileupload
+ 1.6.0
+ provided
+
+
+ org.daisy.libs
+ commons-httpclient
+ 3.1.0
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.api
+ 3.0.2
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.commons.log
+ 6.0.4
+ all
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.commons.osgi
+ 2.4.2
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.commons.scheduler
+ 2.7.14
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.commons.classloader
+ 1.4.4
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.hc.api
+ 1.0.4
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.serviceusermapper
+ 1.5.8
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.settings
+ 1.5.0
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.event
+ 4.4.0
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.event.api
+ 1.0.4
+ provided
+
+
+ io.dropwizard.metrics
+ metrics-core
+ 3.2.6
+ provided
+
+
+ javax.jcr
+ jcr
+ provided
+
+
+ org.apache.jackrabbit
+ oak-jackrabbit-api
+ ${oak.version}
+ provided
+
+
+ org.apache.jackrabbit
+ jackrabbit-webdav
+ ${jackrabbit.version}
+ provided
+
+
+ org.apache.jackrabbit
+ jackrabbit-jcr-commons
+ ${jackrabbit.version}
+ provided
+
+
+ org.apache.jackrabbit
+ jackrabbit-spi-commons
+ ${jackrabbit.version}
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.jcr.api
+ 2.4.2
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.jcr.base
+ 3.2.0
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.jcr.oak.server
+
+ 1.4.4
+ provided
+
+
+ org.apache.jackrabbit
+ oak-security-spi
+ ${oak.version}
+ provided
+
+
+ org.apache.jackrabbit.vault
+ org.apache.jackrabbit.vault
+ 4.2.0
+ provided
+
+
+ com.fasterxml.jackson.core
+ jackson-core
+ ${jackson.version}
+ provided
+
+
+ com.fasterxml.jackson.core
+ jackson-databind
+ ${jackson.version}
+ provided
+
+
+ com.fasterxml.jackson.core
+ jackson-annotations
+ 2.21
+ provided
+
+
+
diff --git a/target-osgi-environment/sling-minimum-version-environment/minimum-sling.bndrun b/target-osgi-environment/sling-minimum-version-environment/minimum-sling.bndrun
new file mode 100644
index 00000000..5b296ac5
--- /dev/null
+++ b/target-osgi-environment/sling-minimum-version-environment/minimum-sling.bndrun
@@ -0,0 +1,22 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+-standalone: ${fileuri;${.}/target/index.xml}
+
+-runfw: org.apache.felix.framework
+-runee: JavaSE-11
+
+# disable capability matching as too many headers are missing (https://github.com/bndtools/bnd/issues/7232)
+# -resolve.effective: active
\ No newline at end of file
diff --git a/target-osgi-environment/sling-minimum-version-environment/pom.xml b/target-osgi-environment/sling-minimum-version-environment/pom.xml
new file mode 100644
index 00000000..6d4a6773
--- /dev/null
+++ b/target-osgi-environment/sling-minimum-version-environment/pom.xml
@@ -0,0 +1,301 @@
+
+
+ 4.0.0
+
+
+ biz.netcentric.cq.tools.accesscontroltool
+ target-osgi-environment
+ ../pom.xml
+ 4.1.2-SNAPSHOT
+
+
+ sling-minimum-version-environment
+ pom
+ Minimum Sling Target OSGi Environment for Access Control Tool
+ The bndrun files and the used bundles for resolving all bundles in the minimum supported version of Sling (Sling Starter 12)
+
+
+ 1.42.0
+ 2.20.4
+ 2.13.1
+
+
+
+
+
+
+
+
+
+ biz.aQute.bnd
+ bnd-indexer-maven-plugin
+ ${bnd.version}
+
+
+ index
+
+ index
+
+
+ false
+ false
+ compile,runtime,provided
+
+
+
+
+
+
+
+
+
+
+ org.apache.felix
+ org.apache.felix.framework
+ 7.0.3
+ provided
+
+
+ org.osgi
+ org.osgi.util.function
+ 1.2.0
+ provided
+
+
+ org.osgi
+ org.osgi.util.promise
+ 1.2.0
+ provided
+
+
+ org.apache.felix
+ org.apache.felix.converter
+ 1.0.18
+ provided
+
+
+ org.apache.felix
+ org.apache.felix.scr
+ 2.2.0
+ provided
+
+
+ org.apache.felix
+ org.apache.felix.configadmin
+ 1.9.22
+ provided
+
+
+ org.apache.felix
+ org.apache.felix.eventadmin
+ 1.6.2
+ provided
+
+
+ org.apache.felix
+ org.apache.felix.http.servlet-api
+ 1.2.0
+ provided
+
+
+ org.slf4j
+ slf4j-api
+ provided
+
+
+ org.apache.httpcomponents
+ httpcore-osgi
+ 4.4.15
+ provided
+
+
+ org.apache.httpcomponents
+ httpclient-osgi
+ 4.5.13
+ provided
+
+
+ commons-io
+ commons-io
+ 2.11.0
+ provided
+
+
+ org.apache.commons
+ commons-lang3
+ 3.12.0
+ provided
+
+
+ commons-collections
+ commons-collections
+ 3.2.2
+ provided
+
+
+ org.apache.commons
+ commons-collections4
+ 4.4
+ provided
+
+
+ org.daisy.libs
+ commons-httpclient
+ 3.1.0
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.api
+ 2.24.0
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.commons.log
+ 5.1.10
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.commons.osgi
+ 2.4.2
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.commons.scheduler
+ 2.7.12
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.commons.classloader
+ 1.4.4
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.hc.api
+ 1.0.4
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.serviceusermapper
+ 1.5.4
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.settings
+ 1.4.2
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.event
+ 4.3.0
+ provided
+
+
+ io.dropwizard.metrics
+ metrics-core
+ 3.2.6
+ provided
+
+
+ javax.jcr
+ jcr
+ provided
+
+
+ org.apache.jackrabbit
+ oak-jackrabbit-api
+ ${oak.version}
+ provided
+
+
+ org.apache.jackrabbit
+ jackrabbit-webdav
+ ${jackrabbit.version}
+ provided
+
+
+ org.apache.jackrabbit
+ jackrabbit-jcr-commons
+ ${jackrabbit.version}
+ provided
+
+
+ org.apache.jackrabbit
+ jackrabbit-spi-commons
+ ${jackrabbit.version}
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.jcr.api
+ 2.4.0
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.jcr.base
+ 3.1.10
+ provided
+
+
+ org.apache.sling
+ org.apache.sling.jcr.oak.server
+
+ 1.2.10
+ provided
+
+
+ org.apache.jackrabbit
+ oak-security-spi
+ ${oak.version}
+ provided
+
+
+ org.apache.jackrabbit.vault
+ org.apache.jackrabbit.vault
+ 3.6.0
+ provided
+
+
+ com.fasterxml.jackson.core
+ jackson-core
+ ${jackson.version}
+ provided
+
+
+ com.fasterxml.jackson.core
+ jackson-databind
+ ${jackson.version}
+ provided
+
+
+ com.fasterxml.jackson.core
+ jackson-annotations
+ ${jackson.version}
+ provided
+
+
+