/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.sling.jcr.base.internal;

import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;

@ObjectClassDefinition(
    name = "Apache Sling Login Admin Whitelist",
    description = "Defines which bundles can use SlingRepository.loginAdministrative()"
)
@interface LoginAdminWhitelistConfiguration {

    /**
     * Need to allow for bypassing the whitelist, for backwards
     * compatibility with previous Sling versions which didn't
     * implement it. Setting this to true is not recommended
     * and logged as a warning.
     */
    @AttributeDefinition(
        name = "Bypass the whitelist",
        description = "Allow all bundles to use loginAdministrative(). Should ONLY be used " +
                      "for backwards compatibility reasons and if you are aware of " +
                      "the related security risks."
    )
    boolean whitelist_bypass() default false;

    /**
     * Regular expression for bundle symbolic names for which loginAdministrative()
     * is allowed. NOT recommended for production use, but useful for testing with
     * generated bundles.
     * <br>
     * Note that this property is hidden in order not to advertise its presence,
     * because it is intended only for testing purposes. Specifically for use-cases
     * like Pax-Exam, where bundles are generated on the fly and the bundle symbolic
     * name cannot be predicted, but follows a predictable pattern.
     *
     * @return The configured regular exression.
     */
    @AttributeDefinition(
            name = "Whitelist regexp",
            description = "Regular expression for bundle symbolic names for which loginAdministrative() " +
                    "is allowed. NOT recommended for production use, but useful for testing with " +
                    "generated bundles."
    )
    String whitelist_bundles_regexp() default "";
}