jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r945528 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/security/ main/java/org/apache/jackrabbit/core/security/authorization/ main/java/org/apache/jackrabbit/core/security/user/ test/java/org/apache/jackrab...
Date Tue, 18 May 2010 07:53:47 GMT
Author: angela
Date: Tue May 18 07:53:46 2010
New Revision: 945528

URL: http://svn.apache.org/viewvc?rev=945528&view=rev
Log:
JCR-2630 : UserAccessControlProvider handles users who dont have Jackrabbit managed Principals
or User node incosistently.

Added:
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
  (with props)
Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/CompiledPermissions.java
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TestAll.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java?rev=945528&r1=945527&r2=945528&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/DefaultAccessManager.java
Tue May 18 07:53:46 2010
@@ -76,21 +76,6 @@ import java.util.Set;
 public class DefaultAccessManager extends AbstractAccessControlManager implements AccessManager
{
 
     private static final Logger log = LoggerFactory.getLogger(DefaultAccessManager.class);
-    private static final CompiledPermissions NO_PERMISSION = new CompiledPermissions() {
-        public void close() {
-            //nop
-        }
-        public boolean grants(Path absPath, int permissions) {
-            // deny everything
-            return false;
-        }
-        public int getPrivileges(Path absPath) {
-            return PrivilegeRegistry.NO_PRIVILEGE;
-        }
-        public boolean canReadAll() {
-            return false;
-        }
-    };
 
     private boolean initialized;
 
@@ -161,7 +146,7 @@ public class DefaultAccessManager extend
         } else {
             log.warn("No AccessControlProvider defined -> no access is granted.");
             editor = null;
-            compiledPermissions = NO_PERMISSION;
+            compiledPermissions = CompiledPermissions.NO_PERMISSION;
         }
 
         initialized = true;

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/CompiledPermissions.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/CompiledPermissions.java?rev=945528&r1=945527&r2=945528&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/CompiledPermissions.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/CompiledPermissions.java
Tue May 18 07:53:46 2010
@@ -72,4 +72,24 @@ public interface CompiledPermissions {
      * @throws RepositoryException if an error occurs
      */
     boolean canReadAll() throws RepositoryException;
+
+    /**
+     * Static implementation of a <code>CompiledPermissions</code> that doesn't
+     * grant any permissions at all.
+     */
+    public static final CompiledPermissions NO_PERMISSION = new CompiledPermissions() {
+        public void close() {
+            //nop
+        }
+        public boolean grants(Path absPath, int permissions) {
+            // deny everything
+            return false;
+        }
+        public int getPrivileges(Path absPath) {
+            return PrivilegeRegistry.NO_PRIVILEGE;
+        }
+        public boolean canReadAll() {
+            return false;
+        }
+    };
 }

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java?rev=945528&r1=945527&r2=945528&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
Tue May 18 07:53:46 2010
@@ -193,8 +193,9 @@ public class UserAccessControlProvider e
             ItemBasedPrincipal userPrincipal = getUserPrincipal(principals);
             NodeImpl userNode = getUserNode(userPrincipal);
             if (userNode == null) {
-                // no 'user' within set of principals -> READ-only
-                return getReadOnlyPermissions();
+                // no 'user' within set of principals -> no permissions in the
+                // security workspace.
+                return CompiledPermissions.NO_PERMISSION;
             } else {
                 return new CompiledPermissionsImpl(principals, userNode.getPath());
             }
@@ -337,7 +338,7 @@ public class UserAccessControlProvider e
                 // no Node corresponding to user for which the permissions are
                 // calculated -> no permissions/privileges.
                 log.debug("No node at " + userNodePath);
-                return new Result(Permission.NONE, Permission.NONE, PrivilegeRegistry.NO_PRIVILEGE,
PrivilegeRegistry.NO_PRIVILEGE);
+                return Result.EMPTY;
             }
 
             // no explicit denied permissions:
@@ -445,8 +446,7 @@ public class UserAccessControlProvider e
         @Override
         public boolean grants(Path absPath, int permissions) throws RepositoryException {
             if (permissions == Permission.READ) {
-                // read is always granted
-                return true;
+                return canReadAll();
             }
             // otherwise: retrieve from cache (or build)
             return super.grants(absPath, permissions);
@@ -457,7 +457,9 @@ public class UserAccessControlProvider e
          */
         @Override
         public boolean canReadAll() throws RepositoryException {
-            return true;
+            // for consistency with 'grants(Path, int) this method only returns
+            // true if there exists a node for 'userNodePath'
+            return session.nodeExists(userNodePath);
         }
 
         //--------------------------------------------------< EventListener >---

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TestAll.java?rev=945528&r1=945527&r2=945528&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TestAll.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/TestAll.java
Tue May 18 07:53:46 2010
@@ -49,6 +49,8 @@ public class TestAll extends TestCase {
 
         suite.addTestSuite(UserImporterTest.class);
 
+        suite.addTestSuite(UserAccessControlProviderTest.class);        
+
         return suite;
     }
 }

Added: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java?rev=945528&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
(added)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
Tue May 18 07:53:46 2010
@@ -0,0 +1,132 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.user;
+
+import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
+import org.apache.jackrabbit.api.security.user.AbstractUserTest;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.core.RepositoryImpl;
+import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.core.security.authorization.CompiledPermissions;
+import org.apache.jackrabbit.core.security.authorization.Permission;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
+import org.apache.jackrabbit.core.security.user.UserAccessControlProvider;
+import org.apache.jackrabbit.spi.Path;
+import org.apache.jackrabbit.test.NotExecutableException;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * <code>UserAccessControlProviderTest</code>...
+ */
+public class UserAccessControlProviderTest extends AbstractUserTest {
+
+    private Session s;
+    private AccessControlProvider provider;
+
+    @Override
+    protected void setUp() throws Exception {
+        super.setUp();
+
+        RepositoryImpl repo = (RepositoryImpl) superuser.getRepository();
+        String wspName = repo.getConfig().getSecurityConfig().getSecurityManagerConfig().getWorkspaceName();
+
+        s = getHelper().getSuperuserSession(wspName);
+        provider = new UserAccessControlProvider();
+        provider.init(s, Collections.emptyMap());
+    }
+
+    @Override
+    protected void cleanUp() throws Exception {
+        if (provider != null) {
+            provider.close();
+        }
+        if (s != null) {
+            s.logout();
+        }
+        super.cleanUp();
+    }
+
+    /**
+     * @see <a href="https://issues.apache.org/jira/browse/JCR-2630">JCR-2630</a>
+     */
+    public void testNoNodeForPrincipal() throws RepositoryException {
+        final Principal testPrincipal = getTestPrincipal();
+        String path = "/home/users/t/" + testPrincipal.getName();
+        while (s.nodeExists(path)) {
+            path += "_";
+        }
+        final String principalPath = path;
+
+        List<Set<Principal>> principalSets = new ArrayList<Set<Principal>>();
+        principalSets.add(Collections.<Principal>singleton(testPrincipal));
+        principalSets.add(Collections.<Principal>singleton(new ItemBasedPrincipal()
{
+            public String getPath() {
+                return principalPath;
+            }
+            public String getName() {
+                return testPrincipal.getName();
+            }
+        }));
+
+        Path rootPath = ((SessionImpl) s).getQPath("/");
+        for (Set<Principal> principals : principalSets) {
+            CompiledPermissions cp = provider.compilePermissions(principals);
+
+            assertFalse(cp.canReadAll());
+            assertFalse(cp.grants(rootPath, Permission.READ));
+            assertEquals(PrivilegeRegistry.NO_PRIVILEGE, cp.getPrivileges(rootPath));
+            assertSame(CompiledPermissions.NO_PERMISSION, cp);
+        }
+    }
+
+    public void testNodeRemovedForPrincipal() throws RepositoryException, NotExecutableException
{
+        Principal testPrincipal = getTestPrincipal();
+        final User u = getUserManager(superuser).createUser(testPrincipal.getName(), "pw");
+        save(superuser);
+
+        Path rootPath = ((SessionImpl) s).getQPath("/");
+        CompiledPermissions cp = null;
+        try {
+            Set<Principal> principals = Collections.singleton(u.getPrincipal());
+            cp = provider.compilePermissions(principals);
+
+            assertTrue(cp.canReadAll());
+            assertTrue(cp.grants(rootPath, Permission.READ));
+            assertNotSame(CompiledPermissions.NO_PERMISSION, cp);
+        } finally {
+
+            // remove the user to assert that the path doesn't point to an
+            // existing node any more -> userNode cannot be resolved any more -> permissions
denied.
+            u.remove();
+            save(superuser);
+
+            if (cp != null) {
+                assertFalse(cp.canReadAll());
+                assertFalse(cp.grants(rootPath, Permission.READ));
+                assertEquals(PrivilegeRegistry.NO_PRIVILEGE, cp.getPrivileges(rootPath));
+            }
+        }
+    }
+}
\ No newline at end of file

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev URL



Mime
View raw message