jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tri...@apache.org
Subject svn commit: r810701 - in /jackrabbit/trunk: jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authoriza...
Date Wed, 02 Sep 2009 21:25:46 GMT
Author: tripod
Date: Wed Sep  2 21:25:45 2009
New Revision: 810701

URL: http://svn.apache.org/viewvc?rev=810701&view=rev
Log:
JCR-2289 Allow importing of ACL with unknown principals

Added:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/FallbackPrincipalProvider.java
  (with props)
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/UnknownPrincipal.java
  (with props)
Removed:
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/NoSuchPrincipalException.java
Modified:
    jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ProviderRegistryImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/xml/AccessControlImporter.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/xml/AccessControlImporterTest.java

Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java
(original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java
Wed Sep  2 21:25:45 2009
@@ -80,10 +80,9 @@
      * <code>PrincipalManager</code> has been built for.
      *
      * @param principalName the name of the principal to retrieve
-     * @return return the requested principal.
-     * @throws NoSuchPrincipalException If no principal with the given name exists.
+     * @return return the requested principal or <code>null</code> if not exists
      */
-    Principal getPrincipal(String principalName) throws NoSuchPrincipalException;
+    Principal getPrincipal(String principalName);
 
     /**
      * Gets the principals matching a simple filter expression applied against

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
Wed Sep  2 21:25:45 2009
@@ -62,6 +62,7 @@
 import org.apache.jackrabbit.core.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry;
 import org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl;
+import org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider;
 import org.apache.jackrabbit.core.security.user.UserManagerImpl;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -233,6 +234,15 @@
             principalProviderRegistry.registerProvider(props);
         }
 
+        // add fallback PP if needed. currently disabled.
+        /*
+        if (principalProviderRegistry.getProvider(FallbackPrincipalProvider.class.getName())
== null) {
+            Properties props = new Properties();
+            props.setProperty(LoginModuleConfig.PARAM_PRINCIPAL_PROVIDER_CLASS, FallbackPrincipalProvider.class.getName());
+            principalProviderRegistry.registerProvider(props);
+        }
+        */
+
         // create the principal manager for the security workspace
         systemPrincipalManager = new PrincipalManagerImpl(securitySession, principalProviderRegistry.getProviders());
 

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
Wed Sep  2 21:25:45 2009
@@ -34,7 +34,6 @@
 import javax.jcr.security.Privilege;
 
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
-import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.SessionImpl;
@@ -44,6 +43,7 @@
 import org.apache.jackrabbit.core.security.authorization.Permission;
 import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
 import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
+import org.apache.jackrabbit.core.security.principal.UnknownPrincipal;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -115,14 +115,7 @@
             NodeImpl aceNode = (NodeImpl) itr.nextNode();
             try {
                 String principalName = aceNode.getProperty(AccessControlConstants.P_PRINCIPAL_NAME).getString();
-                Principal princ = null;
-                if (principalMgr.hasPrincipal(principalName)) {
-                    try {
-                        princ = principalMgr.getPrincipal(principalName);
-                    } catch (NoSuchPrincipalException e) {
-                        // should not get here.
-                    }
-                }
+                Principal princ = principalMgr.getPrincipal(principalName);
                 if (princ == null) {
                     log.debug("Principal with name " + principalName + " unknown to PrincipalManager.");
                     princ = new PrincipalImpl(principalName);
@@ -169,14 +162,7 @@
             String principalName = aceNode.getProperty(AccessControlConstants.P_PRINCIPAL_NAME).getString();
             // only process aceNode if 'principalName' is contained in the given set
             if (princToEntries.containsKey(principalName)) {
-                Principal princ = null;
-                if (principalMgr.hasPrincipal(principalName)) {
-                    try {
-                        princ = principalMgr.getPrincipal(principalName);
-                    } catch (NoSuchPrincipalException e) {
-                        // should not get here
-                    }
-                }
+                Principal princ = principalMgr.getPrincipal(principalName);
                 if (princ == null) {
                     log.warn("Principal with name " + principalName + " unknown to PrincipalManager.");
                     princ = new PrincipalImpl(principalName);
@@ -287,9 +273,10 @@
         if (restrictions != null && !restrictions.isEmpty()) {
             throw new AccessControlException("This AccessControlList does not allow for additional
restrictions.");
         }
-
         // validate principal
-        if (!principalMgr.hasPrincipal(principal.getName())) {
+        if (principal instanceof UnknownPrincipal) {
+            log.debug("Consider fallback principal as valid: {}", principal.getName());
+        } else if (!principalMgr.hasPrincipal(principal.getName())) {
             throw new AccessControlException("Principal " + principal.getName() + " does
not exist.");
         }
     }

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
Wed Sep  2 21:25:45 2009
@@ -380,11 +380,7 @@
     private Principal getPrincipal(String pathToACNode) throws RepositoryException {
         String name = getPrincipalName(pathToACNode);
         PrincipalManager pMgr = session.getPrincipalManager();
-        if (pMgr.hasPrincipal(name)) {
-            return pMgr.getPrincipal(name);
-        } else {
-            return null;
-        }
+        return pMgr.getPrincipal(name);
     }
 
     private static String getPrincipalName(String pathToACNode) {

Added: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/FallbackPrincipalProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/FallbackPrincipalProvider.java?rev=810701&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/FallbackPrincipalProvider.java
(added)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/FallbackPrincipalProvider.java
Wed Sep  2 21:25:45 2009
@@ -0,0 +1,109 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.principal;
+
+import java.security.Principal;
+import java.util.Properties;
+
+import javax.jcr.Session;
+
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+
+/**
+ * The <code>FallbackPrincipalProvider</code> is used to provide any desired
+ * principal. It is used to defined ACE for principals that are not known to
+ * the repository yet or that were deleted.
+ */
+public class FallbackPrincipalProvider implements PrincipalProvider {
+
+    /**
+     * name of the "disabled" option.
+     */
+    public static final String OPTION_DISABLED = "disabled";
+
+    /**
+     * If <code>true</code> this principal provider is disabled.
+     */
+    private boolean disabled;
+
+    /**
+     * {@inheritDoc}
+     *
+     * @return a {@link UnknownPrincipal} with the given name.
+     */
+    public Principal getPrincipal(String principalName) {
+        return disabled ? null : new UnknownPrincipal(principalName);
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @return an empty principal iterator
+     */
+    public PrincipalIterator findPrincipals(String simpleFilter) {
+        return PrincipalIteratorAdapter.EMPTY;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @return an empty principal iterator
+     */
+    public PrincipalIterator findPrincipals(String simpleFilter, int searchType) {
+        return PrincipalIteratorAdapter.EMPTY;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @return an empty principal iterator
+     */
+    public PrincipalIterator getPrincipals(int searchType) {
+        return PrincipalIteratorAdapter.EMPTY;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @return an empty principal iterator
+     */
+    public PrincipalIterator getGroupMembership(Principal principal) {
+        return PrincipalIteratorAdapter.EMPTY;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void init(Properties options) {
+        disabled = "true".equals(options.get(OPTION_DISABLED));
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public void close() {
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * @return <code>true</code>
+     */
+    public boolean canReadPrincipal(Session session, Principal principalToRead) {
+        return true;
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/FallbackPrincipalProvider.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/FallbackPrincipalProvider.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev Url

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java
Wed Sep  2 21:25:45 2009
@@ -16,13 +16,6 @@
  */
 package org.apache.jackrabbit.core.security.principal;
 
-import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
-import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
-import org.apache.jackrabbit.api.security.principal.PrincipalManager;
-import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
-
-import javax.jcr.RepositoryException;
-import javax.jcr.Session;
 import java.security.Principal;
 import java.security.acl.Group;
 import java.util.ArrayList;
@@ -31,6 +24,13 @@
 import java.util.Iterator;
 import java.util.List;
 
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+
+import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+
 /**
  * This principal manager implementation uses the {@link DefaultPrincipalProvider}
  * in order to dispatch the respective requests and assemble the required
@@ -69,14 +69,8 @@
     /**
      * {@inheritDoc}
      */
-    public Principal getPrincipal(String principalName) throws NoSuchPrincipalException {
-        Principal p = internalGetPrincipal(principalName);
-        if (p == null) {
-            // not found (or access denied)
-            throw new NoSuchPrincipalException("Unknown principal " + principalName);
-        } else {
-            return p;
-        }
+    public Principal getPrincipal(String principalName) {
+        return internalGetPrincipal(principalName);
     }
 
     /**

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ProviderRegistryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ProviderRegistryImpl.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ProviderRegistryImpl.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ProviderRegistryImpl.java
Wed Sep  2 21:25:45 2009
@@ -16,17 +16,18 @@
  */
 package org.apache.jackrabbit.core.security.principal;
 
+import java.util.Collection;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.jcr.RepositoryException;
+
 import org.apache.jackrabbit.core.config.BeanConfig;
 import org.apache.jackrabbit.core.config.LoginModuleConfig;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.jcr.RepositoryException;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Properties;
-
 /**
  * This is the default implementation of the {@link PrincipalProviderRegistry}
  * interface.
@@ -37,7 +38,7 @@
     private static final Logger log = LoggerFactory.getLogger(ProviderRegistryImpl.class);
 
     private final PrincipalProvider defaultPrincipalProvider;
-    private final Map<String, PrincipalProvider> providers = new HashMap<String,
PrincipalProvider>();
+    private final Map<String, PrincipalProvider> providers = new LinkedHashMap<String,
PrincipalProvider>();
 
     /**
      * Create an instance of <code>ProviderRegistryImpl</code> with the given

Added: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/UnknownPrincipal.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/UnknownPrincipal.java?rev=810701&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/UnknownPrincipal.java
(added)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/UnknownPrincipal.java
Wed Sep  2 21:25:45 2009
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.principal;
+
+/**
+ * Implements a principal that is used by the ACL importer for unknown
+ * principals.
+ */
+public class UnknownPrincipal extends PrincipalImpl {
+
+    public UnknownPrincipal(String name) {
+        super(name);
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/UnknownPrincipal.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/UnknownPrincipal.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev Url

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java
Wed Sep  2 21:25:45 2009
@@ -16,6 +16,25 @@
  */
 package org.apache.jackrabbit.core.security.simple;
 
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.Credentials;
+import javax.jcr.Repository;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
+import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.security.auth.Subject;
+
 import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.UserManager;
@@ -27,14 +46,14 @@
 import org.apache.jackrabbit.core.config.SecurityManagerConfig;
 import org.apache.jackrabbit.core.security.AMContext;
 import org.apache.jackrabbit.core.security.AccessManager;
-import org.apache.jackrabbit.core.security.JackrabbitSecurityManager;
-import org.apache.jackrabbit.core.security.UserPrincipal;
 import org.apache.jackrabbit.core.security.AnonymousPrincipal;
+import org.apache.jackrabbit.core.security.JackrabbitSecurityManager;
 import org.apache.jackrabbit.core.security.SecurityConstants;
-import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
-import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.core.security.UserPrincipal;
 import org.apache.jackrabbit.core.security.authentication.AuthContext;
 import org.apache.jackrabbit.core.security.authentication.AuthContextProvider;
+import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
 import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
 import org.apache.jackrabbit.core.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.core.security.principal.PrincipalIteratorAdapter;
@@ -45,24 +64,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.jcr.AccessDeniedException;
-import javax.jcr.Credentials;
-import javax.jcr.Repository;
-import javax.jcr.RepositoryException;
-import javax.jcr.Session;
-import javax.jcr.UnsupportedRepositoryOperationException;
-import javax.jcr.SimpleCredentials;
-import javax.security.auth.Subject;
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-import java.util.Iterator;
-
 /**
  * <code>SimpleSecurityManager</code>: simple implementation ignoring both
  * configuration entries for 'principalProvider' and for 'workspaceAccessManager'.
@@ -144,13 +145,13 @@
 
         Properties[] moduleConfig = authCtxProvider.getModuleConfig();
 
-        // retrieve default-ids (admin and anomymous) from login-module-configuration.
-        for (int i = 0; i < moduleConfig.length; i++) {
-            if (moduleConfig[i].containsKey(LoginModuleConfig.PARAM_ADMIN_ID)) {
-                adminID = moduleConfig[i].getProperty(LoginModuleConfig.PARAM_ADMIN_ID);
+        // retrieve default-ids (admin and anonymous) from login-module-configuration.
+        for (Properties aModuleConfig1 : moduleConfig) {
+            if (aModuleConfig1.containsKey(LoginModuleConfig.PARAM_ADMIN_ID)) {
+                adminID = aModuleConfig1.getProperty(LoginModuleConfig.PARAM_ADMIN_ID);
             }
-            if (moduleConfig[i].containsKey(LoginModuleConfig.PARAM_ANONYMOUS_ID)) {
-                anonymID = moduleConfig[i].getProperty(LoginModuleConfig.PARAM_ANONYMOUS_ID);
+            if (aModuleConfig1.containsKey(LoginModuleConfig.PARAM_ANONYMOUS_ID)) {
+                anonymID = aModuleConfig1.getProperty(LoginModuleConfig.PARAM_ANONYMOUS_ID);
             }
         }
         // fallback:
@@ -169,8 +170,8 @@
         // skip init of provider (nop)
         principalProviderRegistry = new ProviderRegistryImpl(principalProvider);
         // register all configured principal providers.
-        for (int i = 0; i < moduleConfig.length; i++) {
-            principalProviderRegistry.registerProvider(moduleConfig[i]);
+        for (Properties aModuleConfig : moduleConfig) {
+            principalProviderRegistry.registerProvider(aModuleConfig);
         }
 
         SecurityManagerConfig smc = config.getSecurityManagerConfig();

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
Wed Sep  2 21:25:45 2009
@@ -16,8 +16,23 @@
  */
 package org.apache.jackrabbit.core.security.user;
 
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.PathNotFoundException;
+import javax.jcr.Property;
+import javax.jcr.PropertyIterator;
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.jcr.nodetype.ConstraintViolationException;
+import javax.jcr.nodetype.PropertyDefinition;
+
 import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
-import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
 import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.Authorizable;
@@ -34,21 +49,6 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.jcr.ItemNotFoundException;
-import javax.jcr.PathNotFoundException;
-import javax.jcr.Property;
-import javax.jcr.PropertyIterator;
-import javax.jcr.RepositoryException;
-import javax.jcr.Value;
-import javax.jcr.nodetype.ConstraintViolationException;
-import javax.jcr.nodetype.PropertyDefinition;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.List;
-
 /**
  * AuthorizableImpl
  */
@@ -87,14 +87,7 @@
         PrincipalManager prMgr = getSession().getPrincipalManager();
         for (Object o : getRefereeValues()) {
             String refName = ((Value) o).getString();
-            Principal princ = null;
-            if (prMgr.hasPrincipal(refName)) {
-                try {
-                    princ = prMgr.getPrincipal(refName);
-                } catch (NoSuchPrincipalException e) {
-                    // should not get here
-                }
-            }
+            Principal princ = prMgr.getPrincipal(refName);
             if (princ == null) {
                 log.warn("Principal " + refName + " unknown to PrincipalManager.");
                 princ = new PrincipalImpl(refName);

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java
Wed Sep  2 21:25:45 2009
@@ -24,7 +24,6 @@
 import javax.jcr.Value;
 import javax.security.auth.Subject;
 
-import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
 import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.Authorizable;
@@ -67,14 +66,7 @@
 
             Set<Principal> s = new HashSet<Principal>();
             for (String pName: impersonators) {
-                Principal p = null;
-                if (pMgr.hasPrincipal(pName)) {
-                    try {
-                        p = pMgr.getPrincipal(pName);
-                    } catch (NoSuchPrincipalException e) {
-                        // should never get here.
-                    }
-                }
+                Principal p = pMgr.getPrincipal(pName);
                 if (p == null) {
                     log.debug("Impersonator " + pName + " does not correspond to a known
Principal.");
                     p = new PrincipalImpl(pName);

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/xml/AccessControlImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/xml/AccessControlImporter.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/xml/AccessControlImporter.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/xml/AccessControlImporter.java
Wed Sep  2 21:25:45 2009
@@ -16,35 +16,37 @@
  */
 package org.apache.jackrabbit.core.xml;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.apache.jackrabbit.core.NodeImpl;
-import org.apache.jackrabbit.core.id.NodeId;
-import org.apache.jackrabbit.core.state.NodeState;
-import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
-import org.apache.jackrabbit.spi.Name;
-import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
-import org.apache.jackrabbit.api.JackrabbitSession;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.Stack;
 
+import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.UnsupportedRepositoryOperationException;
-import javax.jcr.PropertyType;
 import javax.jcr.Value;
 import javax.jcr.nodetype.ConstraintViolationException;
 import javax.jcr.security.AccessControlManager;
-import javax.jcr.security.Privilege;
 import javax.jcr.security.AccessControlPolicy;
-import java.util.List;
-import java.util.Map;
-import java.util.HashMap;
-import java.util.Stack;
-import java.util.Set;
-import java.util.HashSet;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.security.Principal;
+import javax.jcr.security.Privilege;
+
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.core.NodeImpl;
+import org.apache.jackrabbit.core.id.NodeId;
+import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.core.security.principal.UnknownPrincipal;
+import org.apache.jackrabbit.core.state.NodeState;
+import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * <code>AccessControlImporter</code> implements a
@@ -282,7 +284,12 @@
                 if (values == null || values.length != 1) {
                     throw new ConstraintViolationException("");
                 }
-                principal = session.getPrincipalManager().getPrincipal(values[0].getString());
+                String pName = values[0].getString();
+                principal = session.getPrincipalManager().getPrincipal(pName);
+                if (principal == null) {
+                    // create "fake" principal
+                    principal = new UnknownPrincipal(pName);
+                }
             } else if (AccessControlConstants.P_PRIVILEGES.equals(name)) {
                 Value[] values = pInfo.getValues(PropertyType.NAME, resolver);
                 privileges = new Privilege[values.length];

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/xml/AccessControlImporterTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/xml/AccessControlImporterTest.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/xml/AccessControlImporterTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/xml/AccessControlImporterTest.java
Wed Sep  2 21:25:45 2009
@@ -119,6 +119,36 @@
                 "</sv:node>" +
             "</sv:node>";
 
+    private static final String XML_POLICY_TREE_4   = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+
+            "<sv:node sv:name=\"rep:policy\" " +
+                    "xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\"
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\"
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+                "<sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
+                    "<sv:value>rep:ACL</sv:value>" +
+                "</sv:property>" +
+                "<sv:node sv:name=\"allow\">" +
+                    "<sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
+                        "<sv:value>rep:GrantACE</sv:value>" +
+                    "</sv:property>" +
+                    "<sv:property sv:name=\"rep:principalName\" sv:type=\"String\">"
+
+                        "<sv:value>unknownprincipal</sv:value>" +
+                    "</sv:property>" +
+                    "<sv:property sv:name=\"rep:privileges\" sv:type=\"Name\">" +
+                        "<sv:value>jcr:write</sv:value>" +
+                    "</sv:property>" +
+                "</sv:node>" +
+                "<sv:node sv:name=\"allow0\">" +
+                    "<sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
+                        "<sv:value>rep:GrantACE</sv:value>" +
+                    "</sv:property>" +
+                    "<sv:property sv:name=\"rep:principalName\" sv:type=\"String\">"
+
+                        "<sv:value>admin</sv:value>" +
+                    "</sv:property>" +
+                    "<sv:property sv:name=\"rep:privileges\" sv:type=\"Name\">" +
+                        "<sv:value>jcr:write</sv:value>" +
+                    "</sv:property>" +
+                "</sv:node>" +
+            "</sv:node>";
+
 
     private static final String XML_POLICY_TREE_2 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node
sv:name=\"rep:policy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\"
xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\"
xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\"
xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:ACL</sv:value></sv:property><sv:node
sv:name=\"allow\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:GrantACE</sv:value></sv:property><sv:property
sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>everyone</sv:value></sv:property><sv:property
sv:name=\"rep:privileges\" sv:type=\"Name\"><sv:value>jcr:write</sv:value></sv:property></sv:node></sv:node>";
 
@@ -269,7 +299,51 @@
             if(entry instanceof JackrabbitAccessControlEntry) {
                 assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
             }
+        } finally {
+            superuser.refresh(false);
+        }
+    }
 
+    /**
+     * Imports a resource-based ACL containing a single entry.
+     *
+     * @throws Exception
+     */
+    public void testImportACLUnknown() throws Exception {
+        try {
+            NodeImpl target = (NodeImpl) testRootNode.addNode(nodeName1);
+            target.addMixin("rep:AccessControllable");
+
+            InputStream in = new ByteArrayInputStream(XML_POLICY_TREE_4.getBytes("UTF-8"));
+            SessionImporter importer = new SessionImporter(target, sImpl,
+                    ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW, piImporter, null);
+            ImportHandler ih = new ImportHandler(importer, sImpl);
+            new ParsingContentHandler(ih).parse(in);
+
+            String path = target.getPath();
+
+            AccessControlManager acMgr = sImpl.getAccessControlManager();
+            AccessControlPolicy[] policies = acMgr.getPolicies(path);
+
+            assertEquals(1, policies.length);
+            assertTrue(policies[0] instanceof JackrabbitAccessControlList);
+
+            AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
+            assertEquals(2, entries.length);
+
+            AccessControlEntry entry = entries[0];
+            assertEquals("unknownprincipal", entry.getPrincipal().getName());
+            assertEquals(1, entry.getPrivileges().length);
+            assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
+
+            entry = entries[1];
+            assertEquals("admin", entry.getPrincipal().getName());
+            assertEquals(1, entry.getPrivileges().length);
+            assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
+
+            if(entry instanceof JackrabbitAccessControlEntry) {
+                assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
+            }
         } finally {
             superuser.refresh(false);
         }



Mime
View raw message