jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r713975 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/security/authorization/acl/ main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ main/java/org/apache/jackrabbit/core/security/u...
Date Fri, 14 Nov 2008 10:57:34 GMT
Author: angela
Date: Fri Nov 14 02:57:33 2008
New Revision: 713975

URL: http://svn.apache.org/viewvc?rev=713975&view=rev
Log:
JCR-1588: JSR 283 Access Control

Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java?rev=713975&r1=713974&r2=713975&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
Fri Nov 14 02:57:33 2008
@@ -22,6 +22,7 @@
 import org.apache.jackrabbit.api.jsr283.security.Privilege;
 import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
 import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.SessionImpl;
 import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
@@ -29,6 +30,9 @@
 import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
 import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
 import org.apache.jackrabbit.core.security.authorization.Permission;
+import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import javax.jcr.NodeIterator;
 import javax.jcr.RepositoryException;
@@ -50,6 +54,8 @@
  */
 class ACLTemplate implements JackrabbitAccessControlList {
 
+    private static final Logger log = LoggerFactory.getLogger(ACLTemplate.class);
+
     /**
      * Path of the node this ACL template has been created for.
      */
@@ -103,22 +109,36 @@
         NodeIterator itr = aclNode.getNodes();
         while (itr.hasNext()) {
             NodeImpl aceNode = (NodeImpl) itr.nextNode();
+            try {
+                String principalName = aceNode.getProperty(AccessControlConstants.P_PRINCIPAL_NAME).getString();
+                Principal princ = null;
+                if (principalMgr.hasPrincipal(principalName)) {
+                    try {
+                        princ = principalMgr.getPrincipal(principalName);
+                    } catch (NoSuchPrincipalException e) {
+                        // should not get here.
+                    }
+                }
+                if (princ == null) {
+                    log.debug("Principal with name " + principalName + " unknown to PrincipalManager.");
+                    princ = new PrincipalImpl(principalName);
+                }
 
-            String principalName = aceNode.getProperty(AccessControlConstants.P_PRINCIPAL_NAME).getString();
-            Principal princ = principalMgr.getPrincipal(principalName);
-
-            Value[] privValues = aceNode.getProperty(AccessControlConstants.P_PRIVILEGES).getValues();
-            Privilege[] privs = new Privilege[privValues.length];
-            for (int i = 0; i < privValues.length; i++) {
-                privs[i] = acMgr.privilegeFromName(privValues[i].getString());
+                Value[] privValues = aceNode.getProperty(AccessControlConstants.P_PRIVILEGES).getValues();
+                Privilege[] privs = new Privilege[privValues.length];
+                for (int i = 0; i < privValues.length; i++) {
+                    privs[i] = acMgr.privilegeFromName(privValues[i].getString());
+                }
+                // create a new ACEImpl (omitting validation check)
+                Entry ace = new Entry(
+                        princ,
+                        privs,
+                        aceNode.isNodeType(AccessControlConstants.NT_REP_GRANT_ACE));
+                // add the entry
+                internalAdd(ace);
+            } catch (RepositoryException e) {
+                log.debug("Failed to build ACE from content.", e.getMessage());
             }
-            // create a new ACEImpl (omitting validation check)
-            Entry ace = new Entry(
-                    princ,
-                    privs,
-                    aceNode.isNodeType(AccessControlConstants.NT_REP_GRANT_ACE));
-            // add the entry
-            internalAdd(ace);
         }
     }
 
@@ -144,7 +164,18 @@
             String principalName = aceNode.getProperty(AccessControlConstants.P_PRINCIPAL_NAME).getString();
             // only process aceNode if 'principalName' is contained in the given set
             if (princToEntries.containsKey(principalName)) {
-                Principal princ = principalMgr.getPrincipal(principalName);
+                Principal princ = null;
+                if (principalMgr.hasPrincipal(principalName)) {
+                    try {
+                        princ = principalMgr.getPrincipal(principalName);
+                    } catch (NoSuchPrincipalException e) {
+                        // should not get here
+                    }
+                }
+                if (princ == null) {
+                    log.warn("Principal with name " + principalName + " unknown to PrincipalManager.");
+                    princ = new PrincipalImpl(principalName);
+                }
 
                 Value[] privValues = aceNode.getProperty(AccessControlConstants.P_PRIVILEGES).getValues();
                 Privilege[] privs = new Privilege[privValues.length];

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java?rev=713975&r1=713974&r2=713975&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
Fri Nov 14 02:57:33 2008
@@ -18,6 +18,7 @@
 import org.apache.jackrabbit.api.jsr283.security.Privilege;
 import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
 import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.SecurityItemModifier;
 import org.apache.jackrabbit.core.SessionImpl;
@@ -326,14 +327,18 @@
             throw new RepositoryException("Expected node of type rep:AccessControl.");
         }
 
-        Principal principal;
+        Principal principal = null;
         String principalName = Text.unescapeIllegalJcrChars(acNode.getName());
         PrincipalManager pMgr = ((SessionImpl) acNode.getSession()).getPrincipalManager();
         if (pMgr.hasPrincipal(principalName)) {
-            principal = pMgr.getPrincipal(principalName);
-        } else {
+            try {
+                principal = pMgr.getPrincipal(principalName);
+            } catch (NoSuchPrincipalException e) {
+                // should not get here. 
+            }
+        }
+        if (principal == null) {
             log.warn("Principal with name " + principalName + " unknown to PrincipalManager.");
-            // TODO: rather throw?
             principal = new PrincipalImpl(principalName);
         }
         return new ACLTemplate(principal, acNode);

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java?rev=713975&r1=713974&r2=713975&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
Fri Nov 14 02:57:33 2008
@@ -18,6 +18,7 @@
 
 import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
 import org.apache.jackrabbit.api.security.user.Group;
@@ -81,12 +82,19 @@
         PrincipalManager prMgr = getSession().getPrincipalManager();
         for (Iterator it = getRefereeValues().iterator(); it.hasNext();) {
             String refName = ((Value) it.next()).getString();
+            Principal princ = null;
             if (prMgr.hasPrincipal(refName)) {
-                coll.add(prMgr.getPrincipal(refName));
-            } else {
+                try {
+                    princ = prMgr.getPrincipal(refName);
+                } catch (NoSuchPrincipalException e) {
+                    // should not get here
+                }
+            }
+            if (princ == null) {
                 log.warn("Principal "+ refName +" unknown to PrincipalManager.");
-                coll.add(new PrincipalImpl(refName));
+                princ = new PrincipalImpl(refName);
             }
+            coll.add(princ);
         }
         return new PrincipalIteratorAdapter(coll);
     }

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java?rev=713975&r1=713974&r2=713975&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java
Fri Nov 14 02:57:33 2008
@@ -108,7 +108,7 @@
         }
         // make sure all ac info is removed
         clearACInfo();
-        if (testGroup != null) {
+        if (testGroup != null && testUser != null) {
             testGroup.removeMember(testUser);
             testGroup.remove();
         }
@@ -123,7 +123,6 @@
         if (!(session instanceof JackrabbitSession)) {
             throw new NotExecutableException();
         }
-
         try {
             return ((JackrabbitSession) session).getUserManager();
         } catch (RepositoryException e) {
@@ -899,6 +898,20 @@
         assertTrue(testSession.hasPermission(childPath, org.apache.jackrabbit.api.jsr283.Session.ACTION_ADD_NODE));
     }
 
+    public void testAclReferingToRemovedPrincipal() throws
+            NotExecutableException, RepositoryException {
+
+        JackrabbitAccessControlList acl = givePrivileges(path, privilegesFromName(Privilege.JCR_WRITE),
getRestrictions(path));
+        String acPath = acl.getPath();
+
+        // remove the test user
+        testUser.remove();
+        testUser = null;
+
+        // try to retrieve the acl again
+        AccessControlManager acMgr = getAccessControlManager(helper.getSuperuserSession());
+        acMgr.getPolicies(acPath);
+    }
 
     private static Node findPolicyNode(Node start) throws RepositoryException {
         Node policyNode = null;



Mime
View raw message