jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ju...@apache.org
Subject svn commit: r886170 - in /jackrabbit/sandbox/JCR-1456: ./ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/ jackrabbit-core/src/test/java/org/apache/jackrabbit/core/ jackrab...
Date Wed, 02 Dec 2009 15:10:49 GMT
Author: jukka
Date: Wed Dec  2 15:10:49 2009
New Revision: 886170

URL: http://svn.apache.org/viewvc?rev=886170&view=rev
Log:
JCR-1456: Database connection pooling

Merge latest changes from trunk.

Added:
    jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ReadTest.java
      - copied unchanged from r886168, jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ReadTest.java
Modified:
    jackrabbit/sandbox/JCR-1456/   (props changed)
    jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java
    jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java
    jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/MultiIndex.java
    jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java
    jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
    jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java

Propchange: jackrabbit/sandbox/JCR-1456/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Dec  2 15:10:49 2009
@@ -2,4 +2,4 @@
 /jackrabbit/branches/1.5:794012,794100,794102
 /jackrabbit/sandbox/JCR-2170:812417-816332
 /jackrabbit/sandbox/tripod-JCR-2209:795441-795863
-/jackrabbit/trunk:387422-885400
+/jackrabbit/trunk:387422-886168

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java?rev=886170&r1=886169&r2=886170&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java
(original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java
Wed Dec  2 15:10:49 2009
@@ -181,8 +181,11 @@
         }
         NodeState parentState = null;
         try {
-            NodeImpl parent = (NodeImpl) getItem(parentId);
-            parentState = parent.getNodeState();
+            // access the parent state circumventing permission check, since
+            // read permission on the parent isn't required in order to retrieve
+            // a node's definition. see also JCR-2418
+            ItemData parentData = getItemData(parentId, null, false);
+            parentState = (NodeState) parentData.getState();
             if (state.getParentId() == null) {
                 // indicates state has been removed, must use
                 // overlayed state of parent, otherwise child node entry
@@ -237,7 +240,11 @@
     PropertyDefinitionImpl getDefinition(PropertyState state)
             throws RepositoryException {
         try {
-            NodeImpl parent = (NodeImpl) getItem(state.getParentId());
+            // retrieve parent in 2 steps in order to avoid the check for
+            // read permissions on the parent which isn't required in order
+            // to read the property's definition. see also JCR-2418.
+            ItemData parentData = getItemData(state.getParentId(), null, false);
+            NodeImpl parent = (NodeImpl) createItemInstance(parentData);
             return parent.getApplicablePropertyDefinition(
                     state.getName(), state.getType(), state.isMultiValued(), true);
         } catch (ItemNotFoundException e) {

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java?rev=886170&r1=886169&r2=886170&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java
(original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java
Wed Dec  2 15:10:49 2009
@@ -28,8 +28,6 @@
 import org.apache.jackrabbit.core.security.simple.SimpleWorkspaceAccessManager;
 import org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager;
 import org.apache.jackrabbit.core.security.user.UserManagerImpl;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import javax.jcr.Credentials;
 import javax.jcr.Repository;
@@ -37,6 +35,7 @@
 import javax.jcr.Session;
 import javax.security.auth.Subject;
 import java.security.Principal;
+import java.security.acl.Group;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
@@ -63,11 +62,6 @@
  */
 public class UserPerWorkspaceSecurityManager extends DefaultSecurityManager {
 
-    /**
-     * the default logger
-     */
-    private static final Logger log = LoggerFactory.getLogger(UserPerWorkspaceSecurityManager.class);
-
     private final Map<String, PrincipalProviderRegistry> ppRegistries = new HashMap<String,
PrincipalProviderRegistry>();
 
     /**
@@ -304,14 +298,47 @@
         }
     }
 
-    private final class WorkspaceAccessManagerImpl extends SimpleWorkspaceAccessManager {
-        @Override
+    private final class WorkspaceAccessManagerImpl implements WorkspaceAccessManager {
+        /**
+         * Does nothing.
+         * @see WorkspaceAccessManager#init(javax.jcr.Session)
+         */
+        public void init(Session systemSession) throws RepositoryException {
+            // nothing to do.
+        }
+
+        /**
+         * Does nothing.
+         * @see org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager#close()
+         */
+        public void close() throws RepositoryException {
+            // nothing to do.
+        }
+
+        /**
+         * Returns <code>true</code> if a workspace with the given
+         * <code>workspaceName</code> exists and if that workspace defines a
+         * user that matches any of the given <code>principals</code>;
+         * <code>false</code> otherwise.
+         *
+         * @see WorkspaceAccessManager#grants(java.util.Set, String)
+         */
         public boolean grants(Set<Principal> principals, String workspaceName) throws
RepositoryException {
             if (!(Arrays.asList(((RepositoryImpl) getRepository()).getWorkspaceNames())).contains(workspaceName))
{
                 return false;
             } else {
-                return super.grants(principals, workspaceName);
+                UserManager umgr = UserPerWorkspaceSecurityManager.this.getSystemUserManager(workspaceName);
+                for (Principal principal : principals) {
+                    if (!(principal instanceof Group)) {
+                        // check if the workspace identified by the given workspace
+                        // name contains a user with this principal
+                        if (umgr.getAuthorizable(principal) != null) {
+                            return true;
+                        }
+                    }
+                }
             }
+            return false;
         }
     }
 }
\ No newline at end of file

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/MultiIndex.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/MultiIndex.java?rev=886170&r1=886169&r2=886170&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/MultiIndex.java
(original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/MultiIndex.java
Wed Dec  2 15:10:49 2009
@@ -329,7 +329,7 @@
         flushTask = new Timer.Task() {
             public void run() {
                 // check if there are any indexing jobs finished
-                checkIndexingQueue();
+                checkIndexingQueue(false);
                 // check if volatile index should be flushed
                 checkFlush();
             }
@@ -1266,17 +1266,6 @@
 
     /**
      * Checks the indexing queue for finished text extrator jobs and updates the
-     * index accordingly if there are any new ones. This method is synchronized
-     * and should only be called by the timer task that periodically checks if
-     * there are documents ready in the indexing queue. A new transaction is
-     * used when documents are transfered from the indexing queue to the index.
-     */
-    private synchronized void checkIndexingQueue() {
-        checkIndexingQueue(false);
-    }
-
-    /**
-     * Checks the indexing queue for finished text extrator jobs and updates the
      * index accordingly if there are any new ones.
      *
      * @param transactionPresent whether a transaction is in progress and the
@@ -1304,11 +1293,13 @@
 
             try {
                 if (transactionPresent) {
-                    for (NodeId id : finished.keySet()) {
-                        executeAndLog(new DeleteNode(getTransactionId(), id));
-                    }
-                    for (Document document : finished.values()) {
-                        executeAndLog(new AddNode(getTransactionId(), document));
+                    synchronized (this) {
+                        for (NodeId id : finished.keySet()) {
+                            executeAndLog(new DeleteNode(getTransactionId(), id));
+                        }
+                        for (Document document : finished.values()) {
+                            executeAndLog(new AddNode(getTransactionId(), document));
+                        }
                     }
                 } else {
                     update(finished.keySet(), finished.values());

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java?rev=886170&r1=886169&r2=886170&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java
(original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java
Wed Dec  2 15:10:49 2009
@@ -18,36 +18,30 @@
 
 import org.apache.jackrabbit.api.JackrabbitSession;
 import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
+import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
-import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.core.security.JackrabbitSecurityManager;
 import org.apache.jackrabbit.test.AbstractJCRTest;
 import org.apache.jackrabbit.test.NotExecutableException;
 import org.apache.jackrabbit.util.Text;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import javax.jcr.Item;
 import javax.jcr.LoginException;
+import javax.jcr.Node;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.SimpleCredentials;
 import javax.jcr.UnsupportedRepositoryOperationException;
-import javax.jcr.Node;
 import javax.jcr.Value;
 import java.security.Principal;
+import java.util.Arrays;
 
 /**
  * <code>SecurityManagerTest</code>...
  */
 public class UserPerWorkspaceSecurityManagerTest extends AbstractJCRTest {
 
-    /**
-     * logger instance
-     */
-    private static final Logger log = LoggerFactory.getLogger(UserPerWorkspaceSecurityManagerTest.class);
-
     private JackrabbitSecurityManager secMgr;
 
     @Override
@@ -147,6 +141,37 @@
         }
     }
 
+    public void testAccessibleWorkspaceNames() throws Exception {
+        String altWsp = getAlternativeWorkspaceName();
+        if (altWsp == null) {
+            throw new NotExecutableException();
+        }
+
+        Session s = getHelper().getSuperuserSession(altWsp);
+        User u = null;
+        Session us = null;
+        try {
+            // other users created in the default workspace...
+            u = ((JackrabbitSession) superuser).getUserManager().createUser("testUser", "testUser");
+            superuser.save();
+
+            us = getHelper().getRepository().login(new SimpleCredentials("testUser", "testUser".toCharArray()));
+            String[] wspNames = us.getWorkspace().getAccessibleWorkspaceNames();
+            assertFalse(Arrays.asList(wspNames).contains(altWsp));
+            
+        } finally {
+            s.logout();
+            if (us != null) {
+                us.logout();
+            }
+            if (u != null) {
+                u.remove();
+                superuser.save();
+            }
+        }
+
+    }
+
     public void testCloneUser() throws Exception {
         String altWsp = getAlternativeWorkspaceName();
         if (altWsp == null) {

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java?rev=886170&r1=886169&r2=886170&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
(original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
Wed Dec  2 15:10:49 2009
@@ -40,6 +40,7 @@
         suite.addTestSuite(ACLTemplateTest.class);
         suite.addTestSuite(EntryTest.class);
 
+        suite.addTestSuite(ReadTest.class);
         suite.addTestSuite(WriteTest.class);
         suite.addTestSuite(LockTest.class);
         suite.addTestSuite(VersionTest.class);

Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java?rev=886170&r1=886169&r2=886170&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
(original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
Wed Dec  2 15:10:49 2009
@@ -338,4 +338,27 @@
             group2.remove();
         }
     }
+
+    public void testWriteIfReadingParentIsDenied() throws Exception {
+        Privilege[] privileges = privilegesFromNames(new String[] {Privilege.JCR_READ, Privilege.JCR_WRITE});
+
+        /* deny READ/WRITE privilege for testUser at 'path' */
+        withdrawPrivileges(path, testUser.getPrincipal(), privileges, getRestrictions(superuser,
path));
+        /*
+        allow READ/WRITE privilege for testUser at 'childNPath'
+        */
+        givePrivileges(childNPath, testUser.getPrincipal(), privileges, getRestrictions(superuser,
childNPath));
+
+
+        Session testSession = getTestSession();
+
+        assertFalse(testSession.nodeExists(path));
+
+        // reading the node and it's definition must succeed.
+        assertTrue(testSession.nodeExists(childNPath));
+        Node n = testSession.getNode(childNPath);
+
+        n.addNode("someChild");
+        n.save();
+    }
 }
\ No newline at end of file



Mime
View raw message