jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dpfis...@apache.org
Subject svn commit: r792467 - in /jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core: ./ security/authentication/ security/user/
Date Thu, 09 Jul 2009 09:14:46 GMT
Author: dpfister
Date: Thu Jul  9 09:14:46 2009
New Revision: 792467

URL: http://svn.apache.org/viewvc?rev=792467&view=rev
Log:
JCR-2199 - Improvements to user management
- Allow subclasses of UserManagerImpl/UserImpl for custom implementations

Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java?rev=792467&r1=792466&r2=792467&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
Thu Jul  9 09:14:46 2009
@@ -112,7 +112,7 @@
      * configuration. If the config entry is missing a default id is used (see
      * {@link SecurityConstants#ADMIN_ID}).
      */
-    private String adminId;
+    protected String adminId;
 
     /**
      * The user id of the anonymous user. The value is retrieved from
@@ -126,7 +126,7 @@
      * key = name of the workspace,
      * value = {@link AccessControlProvider}
      */
-    private final Map<String, AccessControlProvider> acProviders = new HashMap();
+    private final Map<String, AccessControlProvider> acProviders = new HashMap<String,
AccessControlProvider>();
 
     /**
      * the AccessControlProviderFactory
@@ -203,7 +203,7 @@
         }
 
         // create the system userManager and make sure the system-users exist.
-        systemUserManager = new UserManagerImpl(securitySession, adminId);
+        systemUserManager = createUserManager(securitySession);
         createSystemUsers(systemUserManager, adminId, anonymousId);
 
         // init default ac-provider-factory
@@ -239,6 +239,20 @@
     }
 
     /**
+     * Creates a {@link UserManagerImpl} for the given session. May be overridden
+     * to return a custom implementation.
+     *
+     * @param session session
+     * @return user manager
+     * @throws RepositoryException if an error occurs
+     */
+    protected UserManagerImpl createUserManager(SessionImpl session)
+            throws RepositoryException {
+
+        return new UserManagerImpl(session, adminId);
+    }
+
+    /**
      * @see JackrabbitSecurityManager#dispose(String)
      */
     public void dispose(String workspaceName) {
@@ -324,10 +338,10 @@
                 SessionImpl sImpl = (SessionImpl) session;
                 UserManagerImpl uMgr;
                 if (workspaceName.equals(sImpl.getWorkspace().getName())) {
-                    uMgr = new UserManagerImpl(sImpl, adminId);
+                    uMgr = createUserManager(sImpl);
                 } else {
                     SessionImpl s = (SessionImpl) sImpl.createSession(workspaceName);
-                    uMgr = new UserManagerImpl(s, adminId);
+                    uMgr = createUserManager(s);
                     sImpl.addListener(uMgr);
                 }
                 return uMgr;
@@ -359,15 +373,16 @@
         */
         String uid = null;
         // try simple access to userID over SimpleCredentials first.
-        Iterator creds = subject.getPublicCredentials(SimpleCredentials.class).iterator();
+        Iterator<SimpleCredentials> creds = subject.getPublicCredentials(
+                SimpleCredentials.class).iterator();
         if (creds.hasNext()) {
-            SimpleCredentials sc = (SimpleCredentials) creds.next();
+            SimpleCredentials sc = creds.next();
             uid = sc.getUserID();
         } else {
             // no SimpleCredentials: retrieve authorizables corresponding to
             // a non-group principal. the first one present is used to determine
             // the userID.
-            for (Iterator it = subject.getPrincipals().iterator(); it.hasNext();) {
+            for (Iterator<Principal> it = subject.getPrincipals().iterator(); it.hasNext();)
{
                 Principal p = (Principal) it.next();
                 if (!(p instanceof Group)) {
                     Authorizable authorz = systemUserManager.getAuthorizable(p);
@@ -417,7 +432,7 @@
             // by the workspace-janitor until the garbage collector is done
             // TODO: review again... this workaround is now used in several places.
             repository.onSessionCreated(systemSession);
-            
+
             WorkspaceConfig conf = repository.getConfig().getWorkspaceConfig(workspaceName);
             WorkspaceSecurityConfig secConf = (conf == null) ?  null : conf.getSecurityConfig();
             synchronized (acProviders) {

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java?rev=792467&r1=792466&r2=792467&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ProtectedItemModifier.java
Thu Jul  9 09:14:46 2009
@@ -55,10 +55,10 @@
 
     protected ProtectedItemModifier(int permission) {
         Class cl = getClass();
-        if (!(cl.equals(UserManagerImpl.class) ||
-              cl.equals(RetentionManagerImpl.class) ||
-              cl.equals(ACLEditor.class) ||
-              cl.equals(org.apache.jackrabbit.core.security.authorization.principalbased.ACLEditor.class)))
{
+        if (!(UserManagerImpl.class.isAssignableFrom(cl) ||
+              RetentionManagerImpl.class.isAssignableFrom(cl) ||
+              ACLEditor.class.isAssignableFrom(cl) ||
+              org.apache.jackrabbit.core.security.authorization.principalbased.ACLEditor.class.isAssignableFrom(cl)))
{
             throw new IllegalArgumentException("Only UserManagerImpl, RetentionManagerImpl
and ACLEditor may extend from the ProtectedItemModifier");
         }
         this.permission = permission;

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java?rev=792467&r1=792466&r2=792467&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java
Thu Jul  9 09:14:46 2009
@@ -524,9 +524,7 @@
                 callbackHandler.handle(new Callback[]{callback});
                 Credentials creds = callback.getCredentials();
                 if (null != creds) {
-                    if (creds instanceof SimpleCredentials) {
-                       credentials = creds;
-                    } else if (creds instanceof GuestCredentials) {
+                    if (supportsCredentials(creds)) {
                        credentials = creds;
                     }
                     if (credentials != null) {
@@ -558,6 +556,20 @@
     }
 
     /**
+     * Return a flag indicating whether the credentials are supported by
+     * this login module. Default implementation supports
+     * {@link SimpleCredentials} and {@link GuestCredentials}.
+     *
+     * @param creds credentials
+     * @return <code>true</code> if the credentials are supported;
+     *         <code>false</code> otherwise
+     */
+    protected boolean supportsCredentials(Credentials creds) {
+        return creds instanceof SimpleCredentials ||
+            creds instanceof GuestCredentials;
+    }
+
+    /**
      * Method supports tries to acquire a UserID in the follwing order:
      * <ol>
      * <li>If passed credentials are {@link GuestCredentials} the anonymous user id

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java?rev=792467&r1=792466&r2=792467&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/DefaultLoginModule.java
Thu Jul  9 09:14:46 2009
@@ -48,7 +48,7 @@
 
     private static final Logger log = LoggerFactory.getLogger(AbstractLoginModule.class);
 
-    private User user;
+    protected User user;
     private UserManager userManager;
 
     /**

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java?rev=792467&r1=792466&r2=792467&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java
Thu Jul  9 09:14:46 2009
@@ -34,35 +34,20 @@
 /**
  * UserImpl
  */
-class UserImpl extends AuthorizableImpl implements User {
+public class UserImpl extends AuthorizableImpl implements User {
 
     private final String id;
 
     private Principal principal;
     private Impersonation impersonation;
 
-    private UserImpl(NodeImpl node, UserManagerImpl userManager) throws RepositoryException
{
+    protected UserImpl(NodeImpl node, UserManagerImpl userManager) throws RepositoryException
{
         super(node, userManager);
 
         id = node.getProperty(P_USERID).getString();
     }
 
     //--------------------------------------------------------------------------
-    /**
-     * @param node
-     * @param userManager
-     * @return
-     * @throws RepositoryException
-     */
-    static User create(NodeImpl node, UserManagerImpl userManager) throws RepositoryException
{
-        if (node == null || !node.isNodeType(NT_REP_USER)) {
-            throw new IllegalArgumentException();
-        }
-        if (!Text.isDescendant(USERS_PATH, node.getPath())) {
-            throw new IllegalArgumentException("User has to be within the User Path");
-        }
-        return new UserImpl(node, userManager);
-    }
 
     /**
      *

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java?rev=792467&r1=792466&r2=792467&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserManagerImpl.java
Thu Jul  9 09:14:46 2009
@@ -207,7 +207,7 @@
             throw new IllegalArgumentException("Cannot create user: null password.");
         }
         if (!isValidPrincipal(principal)) {
-            throw new IllegalArgumentException("Cannot create user: Principal may not be
null and must have a valid name.");            
+            throw new IllegalArgumentException("Cannot create user: Principal may not be
null and must have a valid name.");
         }
         if (getAuthorizable(userID) != null) {
             throw new AuthorizableExistsException("User for '" + userID + "' already exists");
@@ -362,12 +362,31 @@
      * @throws RepositoryException
      */
     User createUser(NodeImpl userNode) throws RepositoryException {
-        User user = UserImpl.create(userNode, this);
+        if (userNode == null || !userNode.isNodeType(NT_REP_USER)) {
+            throw new IllegalArgumentException();
+        }
+        if (!Text.isDescendant(USERS_PATH, userNode.getPath())) {
+            throw new IllegalArgumentException("User has to be within the User Path");
+        }
+        User user = doCreateUser(userNode);
         idPathMap.put(user.getID(), userNode.getPath());
         return user;
     }
 
     /**
+     * Build the user object from the given user node. May be overridden to
+     * return a custom implementation.
+     *
+     * @param node user node
+     * @return user object
+     * @throws RepositoryException if an error occurs
+     */
+    protected User doCreateUser(NodeImpl node) throws RepositoryException {
+        return new UserImpl(node, this);
+    }
+
+
+    /**
      * Build the Group object from the given group node.
      *
      * @param groupNode
@@ -464,7 +483,7 @@
     private static boolean isValidPrincipal(Principal principal) {
         return principal != null && principal.getName() != null && principal.getName().length()
> 0;
     }
-    
+
     private static String getParentPath(String hint, String root) {
         StringBuffer b = new StringBuffer();
         if (hint == null || !hint.startsWith(root)) {
@@ -520,7 +539,7 @@
     }
 
     /**
-     * @see SessionListener#loggedOut(org.apache.jackrabbit.core.SessionImpl) 
+     * @see SessionListener#loggedOut(org.apache.jackrabbit.core.SessionImpl)
      */
     public void loggedOut(SessionImpl session) {
         // clear the map



Mime
View raw message