Return-Path: X-Original-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Delivered-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id E10B79878 for ; Fri, 13 Apr 2012 22:15:55 +0000 (UTC) Received: (qmail 48344 invoked by uid 500); 13 Apr 2012 22:15:55 -0000 Delivered-To: apmail-jackrabbit-oak-commits-archive@jackrabbit.apache.org Received: (qmail 48325 invoked by uid 500); 13 Apr 2012 22:15:55 -0000 Mailing-List: contact oak-commits-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: oak-commits@jackrabbit.apache.org Delivered-To: mailing list oak-commits@jackrabbit.apache.org Received: (qmail 48317 invoked by uid 99); 13 Apr 2012 22:15:55 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Apr 2012 22:15:55 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Apr 2012 22:15:52 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id B802E2388A32; Fri, 13 Apr 2012 22:15:30 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1325984 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/mk/MicroKernelFactory.java main/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapper.java test/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapperTest.java Date: Fri, 13 Apr 2012 22:15:30 -0000 To: oak-commits@jackrabbit.apache.org From: jukka@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20120413221530.B802E2388A32@eris.apache.org> Author: jukka Date: Fri Apr 13 22:15:30 2012 New Revision: 1325984 URL: http://svn.apache.org/viewvc?rev=1325984&view=rev Log: OAK-12: Implement a test suite for the MicroKernel Decouple URL handling from SecurityWrapper and make the related test case target just the SecurityWrapper class, not the underlying MicroKernel implementations Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/MicroKernelFactory.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapper.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapperTest.java Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/MicroKernelFactory.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/MicroKernelFactory.java?rev=1325984&r1=1325983&r2=1325984&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/MicroKernelFactory.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/MicroKernelFactory.java Fri Apr 13 22:15:30 2012 @@ -111,7 +111,32 @@ public class MicroKernelFactory { } else if (head.equals("log")) { return new LogWrapper(getInstance(tail)); } else if (head.equals("sec")) { - return SecurityWrapper.get(url); + String userPassUrl = tail; + int index = userPassUrl.indexOf(':'); + if (index < 0) { + throw ExceptionFactory.get("Expected url format: sec:user@pass:"); + } + String u = userPassUrl.substring(index + 1); + String userPass = userPassUrl.substring(0, index); + index = userPass.indexOf('@'); + if (index < 0) { + throw ExceptionFactory.get("Expected url format: sec:user@pass:"); + } + String user = userPass.substring(0, index); + String pass = userPass.substring(index + 1); + final MicroKernel mk = getInstance(u); + try { + return new SecurityWrapper(mk, user, pass) { + @Override + public void dispose() { + super.dispose(); + mk.dispose(); + } + }; + } catch (MicroKernelException e) { + mk.dispose(); + throw e; + } } else if (head.equals("virtual")) { MicroKernel mk = getInstance(tail); try { Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapper.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapper.java?rev=1325984&r1=1325983&r2=1325984&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapper.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapper.java Fri Apr 13 22:15:30 2012 @@ -17,9 +17,7 @@ package org.apache.jackrabbit.mk.wrapper; import java.io.InputStream; -import org.apache.jackrabbit.mk.MicroKernelFactory; import org.apache.jackrabbit.mk.api.MicroKernel; -import org.apache.jackrabbit.mk.api.MicroKernelException; import org.apache.jackrabbit.mk.json.JsopReader; import org.apache.jackrabbit.mk.json.JsopStream; import org.apache.jackrabbit.mk.json.JsopTokenizer; @@ -50,11 +48,29 @@ public class SecurityWrapper extends Mic private final SimpleLRUCache cache = SimpleLRUCache.newInstance(100); private String rightsRevision; - private SecurityWrapper(MicroKernel mk, String[] rights) { - // TODO security for the index mechanism + /** + * Decorates the given {@link MicroKernel} with authentication and + * authorization. The responsibility of properly disposing the given + * MikroKernel instance remains with the caller. + */ + public SecurityWrapper(MicroKernel mk, String user, String pass) { this.mk = MicroKernelWrapperBase.wrap(mk); + // TODO security for the index mechanism + + String role = mk.getNodes("/:user/" + user, mk.getHeadRevision()); + NodeMap map = new NodeMap(); + JsopReader t = new JsopTokenizer(role); + t.read('{'); + NodeImpl n = NodeImpl.parse(map, t, 0); + String password = JsopTokenizer.decodeQuoted(n.getProperty("password")); + if (!pass.equals(password)) { + throw ExceptionFactory.get("Wrong password"); + } + String[] rights = + JsopTokenizer.decodeQuoted(n.getProperty("rights")).split(","); this.userRights = rights; - boolean isAdmin = false, canWrite = false; + boolean isAdmin = false; + boolean canWrite = false; for (String r : rights) { if (r.equals("admin")) { isAdmin = true; @@ -62,41 +78,8 @@ public class SecurityWrapper extends Mic canWrite = true; } } - admin = isAdmin; - write = canWrite; - } - - public static synchronized SecurityWrapper get(String url) { - String userPassUrl = url.substring("sec:".length()); - int index = userPassUrl.indexOf(':'); - if (index < 0) { - throw ExceptionFactory.get("Expected url format: sec:user@pass:"); - } - String u = userPassUrl.substring(index + 1); - String userPass = userPassUrl.substring(0, index); - index = userPass.indexOf('@'); - if (index < 0) { - throw ExceptionFactory.get("Expected url format: sec:user@pass:"); - } - String user = userPass.substring(0, index); - String pass = userPass.substring(index + 1); - MicroKernel mk = MicroKernelFactory.getInstance(u); - try { - String role = mk.getNodes("/:user/" + user, mk.getHeadRevision()); - NodeMap map = new NodeMap(); - JsopReader t = new JsopTokenizer(role); - t.read('{'); - NodeImpl n = NodeImpl.parse(map, t, 0); - String password = JsopTokenizer.decodeQuoted(n.getProperty("password")); - if (!pass.equals(password)) { - throw ExceptionFactory.get("Wrong password"); - } - String rights = JsopTokenizer.decodeQuoted(n.getProperty("rights")); - return new SecurityWrapper(mk, rights.split(",")); - } catch (MicroKernelException e) { - mk.dispose(); - throw e; - } + this.admin = isAdmin; + this.write = canWrite; } public String commitStream(String rootPath, JsopReader jsonDiff, String revisionId, String message) { @@ -108,7 +91,6 @@ public class SecurityWrapper extends Mic } public void dispose() { - mk.dispose(); } public String getHeadRevision() { Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapperTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapperTest.java?rev=1325984&r1=1325983&r2=1325984&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapperTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapperTest.java Fri Apr 13 22:15:30 2012 @@ -21,64 +21,40 @@ import static org.junit.Assert.assertFal import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import junit.framework.Assert; -import org.apache.jackrabbit.mk.MicroKernelFactory; -import org.apache.jackrabbit.mk.MultiMkTestBase; import org.apache.jackrabbit.mk.api.MicroKernel; import org.apache.jackrabbit.mk.api.MicroKernelException; import org.apache.jackrabbit.mk.json.JsopTokenizer; -import org.junit.After; +import org.apache.jackrabbit.mk.simple.SimpleKernelImpl; import org.junit.Before; import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; /** * Test the security wrapper. */ -@RunWith(Parameterized.class) -public class SecurityWrapperTest extends MultiMkTestBase { +public class SecurityWrapperTest { + + // TODO: Remove SimpleKernelImpl-specific assumptions from the test + private final MicroKernel mk = + new SimpleKernelImpl("mem:SecurityWrapperTest"); private String head; private MicroKernel mkAdmin; private MicroKernel mkGuest; - public SecurityWrapperTest(String url) { - super(url); - } - @Before public void setUp() throws Exception { - super.setUp(); - if (!isSimpleKernel(mk)) { - return; - } head = mk.getHeadRevision(); head = mk.commit("/", "+ \":user\": { \":rights\":\"admin\" }", head, ""); head = mk.commit("/", "+ \":user/guest\": {\"password\": \"guest\", \"rights\":\"read\" }", head, ""); head = mk.commit("/", "+ \":user/sa\": {\"password\": \"abc\", \"rights\":\"admin\" }", head, ""); - mkAdmin = MicroKernelFactory.getInstance("sec:sa@abc:" + url); - mkGuest = MicroKernelFactory.getInstance("sec:guest@guest:" + url); - } - - @After - public void tearDown() throws InterruptedException { - try { - if (mkAdmin != null) { - mkAdmin.dispose(); - } - if (mkGuest != null) { - mkGuest.dispose(); - } - super.tearDown(); - } catch (Throwable e) { - e.printStackTrace(); - } + mkAdmin = new SecurityWrapper(mk, "sa", "abc"); + mkGuest = new SecurityWrapper(mk, "guest", "guest"); } @Test public void wrongPassword() { try { - MicroKernelFactory.getInstance("sec:sa@xyz:" + url); + new SecurityWrapper(mk, "sa", "xyz"); fail(); } catch (Throwable e) { // expected (wrong password) @@ -87,9 +63,6 @@ public class SecurityWrapperTest extends @Test public void commit() { - if (!isSimpleKernel(mk)) { - return; - } head = mkAdmin.commit("/", "+ \"test\": { \"data\": \"Hello\" }", head, null); head = mkAdmin.commit("/", "- \"test\"", head, null); try { @@ -102,9 +75,6 @@ public class SecurityWrapperTest extends @Test public void getJournal() { - if (!isSimpleKernel(mk)) { - return; - } String fromRevision = mkAdmin.getHeadRevision(); String toRevision = mkAdmin.commit("/", "+ \"test\": { \"data\": \"Hello\" }", head, ""); toRevision = mkAdmin.commit("/", "^ \"test/data\": \"Hallo\"", toRevision, ""); @@ -129,9 +99,6 @@ public class SecurityWrapperTest extends @Test public void getNodes() { - if (!isSimpleKernel(mk)) { - return; - } head = mk.getHeadRevision(); assertTrue(mkAdmin.nodeExists("/:user", head)); assertFalse(mkGuest.nodeExists("/:user", head));