jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r886107 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java
Date Wed, 02 Dec 2009 10:34:37 GMT
Author: angela
Date: Wed Dec  2 10:34:34 2009
New Revision: 886107

URL: http://svn.apache.org/viewvc?rev=886107&view=rev
Log:
JCR-2419 WorkspaceAccessManager defined with SecurityManager that keeps users per workspace
must test if user exists

Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java?rev=886107&r1=886106&r2=886107&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java
Wed Dec  2 10:34:34 2009
@@ -28,8 +28,6 @@
 import org.apache.jackrabbit.core.security.simple.SimpleWorkspaceAccessManager;
 import org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager;
 import org.apache.jackrabbit.core.security.user.UserManagerImpl;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import javax.jcr.Credentials;
 import javax.jcr.Repository;
@@ -37,6 +35,7 @@
 import javax.jcr.Session;
 import javax.security.auth.Subject;
 import java.security.Principal;
+import java.security.acl.Group;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -63,11 +62,6 @@
  */
 public class UserPerWorkspaceSecurityManager extends DefaultSecurityManager {
 
-    /**
-     * the default logger
-     */
-    private static final Logger log = LoggerFactory.getLogger(UserPerWorkspaceSecurityManager.class);
-
     private final Map<String, PrincipalProviderRegistry> ppRegistries = new HashMap<String,
PrincipalProviderRegistry>();
 
     /**
@@ -304,14 +298,47 @@
         }
     }
 
-    private final class WorkspaceAccessManagerImpl extends SimpleWorkspaceAccessManager {
-        @Override
+    private final class WorkspaceAccessManagerImpl implements WorkspaceAccessManager {
+        /**
+         * Does nothing.
+         * @see WorkspaceAccessManager#init(javax.jcr.Session)
+         */
+        public void init(Session systemSession) throws RepositoryException {
+            // nothing to do.
+        }
+
+        /**
+         * Does nothing.
+         * @see org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager#close()
+         */
+        public void close() throws RepositoryException {
+            // nothing to do.
+        }
+
+        /**
+         * Returns <code>true</code> if a workspace with the given
+         * <code>workspaceName</code> exists and if that workspace defines a
+         * user that matches any of the given <code>principals</code>;
+         * <code>false</code> otherwise.
+         *
+         * @see WorkspaceAccessManager#grants(java.util.Set, String)
+         */
         public boolean grants(Set<Principal> principals, String workspaceName) throws
RepositoryException {
             if (!(Arrays.asList(((RepositoryImpl) getRepository()).getWorkspaceNames())).contains(workspaceName))
{
                 return false;
             } else {
-                return super.grants(principals, workspaceName);
+                UserManager umgr = UserPerWorkspaceSecurityManager.this.getSystemUserManager(workspaceName);
+                for (Principal principal : principals) {
+                    if (!(principal instanceof Group)) {
+                        // check if the workspace identified by the given workspace
+                        // name contains a user with this principal
+                        if (umgr.getAuthorizable(principal) != null) {
+                            return true;
+                        }
+                    }
+                }
             }
+            return false;
         }
     }
 }
\ No newline at end of file

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java?rev=886107&r1=886106&r2=886107&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java
Wed Dec  2 10:34:34 2009
@@ -18,36 +18,30 @@
 
 import org.apache.jackrabbit.api.JackrabbitSession;
 import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
+import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
-import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.core.security.JackrabbitSecurityManager;
 import org.apache.jackrabbit.test.AbstractJCRTest;
 import org.apache.jackrabbit.test.NotExecutableException;
 import org.apache.jackrabbit.util.Text;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import javax.jcr.Item;
 import javax.jcr.LoginException;
+import javax.jcr.Node;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.SimpleCredentials;
 import javax.jcr.UnsupportedRepositoryOperationException;
-import javax.jcr.Node;
 import javax.jcr.Value;
 import java.security.Principal;
+import java.util.Arrays;
 
 /**
  * <code>SecurityManagerTest</code>...
  */
 public class UserPerWorkspaceSecurityManagerTest extends AbstractJCRTest {
 
-    /**
-     * logger instance
-     */
-    private static final Logger log = LoggerFactory.getLogger(UserPerWorkspaceSecurityManagerTest.class);
-
     private JackrabbitSecurityManager secMgr;
 
     @Override
@@ -147,6 +141,37 @@
         }
     }
 
+    public void testAccessibleWorkspaceNames() throws Exception {
+        String altWsp = getAlternativeWorkspaceName();
+        if (altWsp == null) {
+            throw new NotExecutableException();
+        }
+
+        Session s = getHelper().getSuperuserSession(altWsp);
+        User u = null;
+        Session us = null;
+        try {
+            // other users created in the default workspace...
+            u = ((JackrabbitSession) superuser).getUserManager().createUser("testUser", "testUser");
+            superuser.save();
+
+            us = getHelper().getRepository().login(new SimpleCredentials("testUser", "testUser".toCharArray()));
+            String[] wspNames = us.getWorkspace().getAccessibleWorkspaceNames();
+            assertFalse(Arrays.asList(wspNames).contains(altWsp));
+            
+        } finally {
+            s.logout();
+            if (us != null) {
+                us.logout();
+            }
+            if (u != null) {
+                u.remove();
+                superuser.save();
+            }
+        }
+
+    }
+
     public void testCloneUser() throws Exception {
         String altWsp = getAlternativeWorkspaceName();
         if (altWsp == null) {



Mime
View raw message