jackrabbit-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1021801 - in /jackrabbit/trunk/jackrabbit-core/src: main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
Date Tue, 12 Oct 2010 15:37:08 GMT
Author: angela
Date: Tue Oct 12 15:37:08 2010
New Revision: 1021801

URL: http://svn.apache.org/viewvc?rev=1021801&view=rev
Log:
JCR-2748 - commit patch provided by Justin Edelson with minor modifications.

Modified:
    jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
    jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java

Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java?rev=1021801&r1=1021800&r2=1021801&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
Tue Oct 12 15:37:08 2010
@@ -25,6 +25,7 @@ import org.apache.jackrabbit.core.Sessio
 import org.apache.jackrabbit.core.id.ItemId;
 import org.apache.jackrabbit.core.nodetype.NodeTypeImpl;
 import org.apache.jackrabbit.core.observation.SynchronousEventListener;
+import org.apache.jackrabbit.core.security.AnonymousPrincipal;
 import org.apache.jackrabbit.core.security.SecurityConstants;
 import org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider;
 import org.apache.jackrabbit.core.security.authorization.AbstractCompiledPermissions;
@@ -88,6 +89,17 @@ public class UserAccessControlProvider e
         implements UserConstants {
 
     private static Logger log = LoggerFactory.getLogger(UserAccessControlProvider.class);
+        
+    /**
+     * Constant for the name of the configuration option "anonymousId".
+     * The option is a flag indicating the name of the anonymous user id.
+     */
+    public static final String PARAM_ANONYMOUS_ID = "anonymousId";
+    
+    /**
+     * Constant for the name of the configuration option "anonymousAccess".
+     */
+    public static final String PARAM_ANONYMOUS_ACCESS = "anonymousAccess";
 
     private final AccessControlPolicy policy;
 
@@ -101,6 +113,9 @@ public class UserAccessControlProvider e
     private String groupAdminGroupPath;
     private String administratorsGroupPath;
     private boolean membersInProperty;
+    
+    private String anonymousId;   
+    private boolean anonymousAccess;
 
     /**
      *
@@ -164,6 +179,18 @@ public class UserAccessControlProvider e
 
             membersInProperty = (!(uMgr instanceof UserManagerImpl)) || ((UserManagerImpl)
uMgr).getGroupMembershipSplitSize() <= 0;
 
+            if (configuration.containsKey(PARAM_ANONYMOUS_ID)) {
+                anonymousId = (String) configuration.get(PARAM_ANONYMOUS_ID);
+            } else {
+                anonymousId = SecurityConstants.ANONYMOUS_ID;
+            }
+            
+            if (configuration.containsKey(PARAM_ANONYMOUS_ACCESS)) {
+                anonymousAccess = Boolean.parseBoolean((String) configuration.get(PARAM_ANONYMOUS_ACCESS));
+            } else {
+                anonymousAccess = true;
+            }
+            
         } else {
             throw new RepositoryException("SessionImpl (system session) expected.");
         }
@@ -205,6 +232,10 @@ public class UserAccessControlProvider e
         if (isAdminOrSystem(principals)) {
             return getAdminPermissions();
         } else {
+            if (!anonymousAccess && isAnonymous(principals))  {
+                return CompiledPermissions.NO_PERMISSION;
+            }
+            
             // determined the 'user' present in the given set of principals.
             ItemBasedPrincipal userPrincipal = getUserPrincipal(principals);
             NodeImpl userNode = getUserNode(userPrincipal);
@@ -223,6 +254,9 @@ public class UserAccessControlProvider e
      */
     public boolean canAccessRoot(Set<Principal> principals) throws RepositoryException
{
         checkInitialized();
+        if (!anonymousAccess && isAnonymous(principals))  {
+            return false;
+        }
         return true;
     }
 
@@ -314,6 +348,17 @@ public class UserAccessControlProvider e
         return null;
     }
 
+    private boolean isAnonymous(Set<Principal> principals) {
+        for (Principal p : principals) {
+            if (p instanceof AnonymousPrincipal) {
+                return true;
+            } else if (p.getName().equals(anonymousId)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     //--------------------------------------------------------< inner class >---
     /**
      *

Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java?rev=1021801&r1=1021800&r2=1021801&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
(original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
Tue Oct 12 15:37:08 2010
@@ -19,8 +19,10 @@ package org.apache.jackrabbit.core.secur
 import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
 import org.apache.jackrabbit.api.security.user.AbstractUserTest;
 import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.core.NodeImpl;
 import org.apache.jackrabbit.core.RepositoryImpl;
 import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.SecurityConstants;
 import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
 import org.apache.jackrabbit.core.security.authorization.CompiledPermissions;
 import org.apache.jackrabbit.core.security.authorization.Permission;
@@ -30,10 +32,14 @@ import org.apache.jackrabbit.test.NotExe
 
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 
 /**
@@ -67,6 +73,15 @@ public class UserAccessControlProviderTe
         super.cleanUp();
     }
 
+    private Set<Principal> getAnonymousPrincipals() throws RepositoryException {
+        SessionImpl s = ((SessionImpl) getHelper().getRepository().login(new SimpleCredentials(SecurityConstants.ANONYMOUS_ID,
"".toCharArray())));
+        try {
+            return new HashSet<Principal>(s.getSubject().getPrincipals());
+        } finally {
+            s.logout();
+        }
+    }
+
     /**
      * @see <a href="https://issues.apache.org/jira/browse/JCR-2630">JCR-2630</a>
      */
@@ -128,4 +143,70 @@ public class UserAccessControlProviderTe
             }
         }
     }
+
+    public void testAnonymousDefaultAccess() throws Exception {
+        Set<Principal> anonymousPrincipals = getAnonymousPrincipals();
+
+        assertTrue(provider.canAccessRoot(anonymousPrincipals));
+
+        CompiledPermissions cp = provider.compilePermissions(anonymousPrincipals);
+        assertTrue(cp.canReadAll());
+        assertFalse(CompiledPermissions.NO_PERMISSION.equals(cp));
+    }
+
+    public void testAnonymousAccessDenied() throws Exception {
+        Map<String, String> config = new HashMap<String, String>();
+        config.put(UserAccessControlProvider.PARAM_ANONYMOUS_ACCESS, "false");
+
+        AccessControlProvider p2 = new UserAccessControlProvider();
+        try {
+            p2.init(s, config);
+
+            Set<Principal> anonymousPrincipals = getAnonymousPrincipals();
+
+            assertFalse(p2.canAccessRoot(anonymousPrincipals));
+
+            CompiledPermissions cp = p2.compilePermissions(anonymousPrincipals);
+            try {
+                assertEquals(CompiledPermissions.NO_PERMISSION, cp);
+                assertFalse(cp.canReadAll());
+                assertFalse(cp.grants(((NodeImpl) s.getRootNode()).getPrimaryPath(), Permission.READ));
+            } finally {
+                cp.close();
+            }
+        } finally {
+            p2.close();
+        }
+    }
+
+    public void testAnonymousAccessDenied2() throws Exception {
+        Map<String, String> config = new HashMap<String, String>();
+        config.put(UserAccessControlProvider.PARAM_ANONYMOUS_ACCESS, "false");
+        config.put(UserAccessControlProvider.PARAM_ANONYMOUS_ID, "abc");
+
+        AccessControlProvider p2 = new UserAccessControlProvider();
+        try {
+            p2.init(s, config);
+
+            Principal princ = new Principal() {
+                public String getName() {
+                    return "abc";
+                }
+            };
+            Set<Principal> anonymousPrincipals = Collections.singleton(princ);
+
+            assertFalse(p2.canAccessRoot(anonymousPrincipals));
+
+            CompiledPermissions cp = p2.compilePermissions(anonymousPrincipals);
+            try {
+                assertEquals(CompiledPermissions.NO_PERMISSION, cp);
+                assertFalse(cp.canReadAll());
+                assertFalse(cp.grants(((NodeImpl) s.getRootNode()).getPrimaryPath(), Permission.READ));
+            } finally {
+                cp.close();
+            }
+        } finally {
+            p2.close();
+        }
+    }
 }
\ No newline at end of file



Mime
View raw message