jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1374193 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/ oak-core/src/main/java/org/apache/jackrabbit/oak/spi/securit...
Date Fri, 17 Aug 2012 10:17:27 GMT
Author: angela
Date: Fri Aug 17 10:17:27 2012
New Revision: 1374193

URL: http://svn.apache.org/viewvc?rev=1374193&view=rev
Log:
OAK-90 : Implement Principal Management (WIP)

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/TmpPrincipalProvider.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/KernelPrincipalProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/TreeBasedPrincipal.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java?rev=1374193&r1=1374192&r2=1374193&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
Fri Aug 17 10:17:27 2012
@@ -17,7 +17,7 @@
 package org.apache.jackrabbit.oak.security.authentication;
 
 import org.apache.jackrabbit.oak.api.ContentRepository;
-import org.apache.jackrabbit.oak.security.principal.KernelPrincipalProvider;
+import org.apache.jackrabbit.oak.security.principal.TmpPrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.slf4j.Logger;
@@ -45,7 +45,7 @@ public class LoginContextProviderImpl im
     public LoginContextProviderImpl(ContentRepository repository) {
         // TODO: use configurable authentication config and principal provider
         authConfig = new ConfigurationImpl();
-        principalProvider = new KernelPrincipalProvider();
+        principalProvider = new TmpPrincipalProvider();
     }
 
     @Override

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java?rev=1374193&r1=1374192&r2=1374193&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
Fri Aug 17 10:17:27 2012
@@ -18,6 +18,7 @@ package org.apache.jackrabbit.oak.securi
 
 import java.io.IOException;
 import java.security.Principal;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
@@ -37,7 +38,6 @@ import org.apache.jackrabbit.oak.api.Aut
 import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
 import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
 import org.apache.jackrabbit.oak.spi.security.authentication.PrincipalProviderCallback;
-import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -167,25 +167,13 @@ public class LoginModuleImpl extends Abs
     //--------------------------------------------------------------------------
 
     private Set<Principal> getPrincipals(String userID) {
-        Set<Principal> principals = new HashSet<Principal>();
         PrincipalProvider principalProvider = getPrincipalProvider();
-        if (principalProvider != null && userID != null) {
-            // TODO fixme
-            Principal p = principalProvider.getPrincipal(userID);
-            if (p != null) {
-                principals.add(p);
-                if ("admin".equals(p.getName())) {
-                    principals.add(AdminPrincipal.INSTANCE);
-                }
-                principals.addAll(principalProvider.getGroupMembership(p));
-            } else {
-                log.debug("Commit: Cannot retrieve principal for userID '{}'.", userID);
-            }
-        } else {
+        if (principalProvider == null) {
             log.debug("Commit: Cannot retrieve principals. No principal provider configured.");
+            return Collections.emptySet();
+        } else {
+            return principalProvider.getPrincipals(userID);
         }
-
-        return principals;
     }
 
     private PrincipalProvider getPrincipalProvider() {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/KernelPrincipalProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/KernelPrincipalProvider.java?rev=1374193&r1=1374192&r2=1374193&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/KernelPrincipalProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/KernelPrincipalProvider.java
Fri Aug 17 10:17:27 2012
@@ -19,11 +19,26 @@ package org.apache.jackrabbit.oak.securi
 import java.security.Principal;
 import java.security.acl.Group;
 import java.util.Collections;
+import java.util.Enumeration;
 import java.util.HashSet;
+import java.util.Iterator;
 import java.util.Set;
+import javax.annotation.Nullable;
 
+import com.google.common.base.Function;
+import com.google.common.base.Predicates;
+import com.google.common.collect.Iterators;
+import org.apache.jackrabbit.JcrConstants;
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.namepath.PathMapper;
+import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.TreeBasedPrincipal;
+import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
+import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -39,32 +54,130 @@ public class KernelPrincipalProvider imp
      */
     private static final Logger log = LoggerFactory.getLogger(KernelPrincipalProvider.class);
 
+    private final UserProvider userProvider;
+    private final MembershipProvider membershipProvider;
+    private final PathMapper pathMapper;
+
+    public KernelPrincipalProvider(UserProvider userProvider,
+                                   MembershipProvider membershipProvider, PathMapper pathMapper)
{
+        this.userProvider = userProvider;
+        this.membershipProvider = membershipProvider;
+        this.pathMapper = pathMapper;
+
+    }
+
     //--------------------------------------------------< PrincipalProvider >---
     @Override
     public Principal getPrincipal(final String principalName) {
-        // TODO: use user-defined query to search for a principalName property
-        // TODO  that is defined by a user/group node.
-        return new Principal() {
+        Tree tree = userProvider.getAuthorizableByPrincipal(new Principal() {
             @Override
             public String getName() {
                 return principalName;
             }
-        };
+        });
+
+        if (tree != null) {
+            return (isGroup(tree)) ? new TreeBasedGroup(tree) : new TreeBasedPrincipal(tree,
pathMapper);
+        } else {
+            return null;
+        }
     }
 
     @Override
     public Set<Group> getGroupMembership(Principal principal) {
-        // TODO
-        return Collections.<Group>singleton(EveryonePrincipal.getInstance());
+        Tree authTree = userProvider.getAuthorizableByPrincipal(principal);
+        if (authTree == null) {
+            return Collections.emptySet();
+        } else {
+            return getGroupMembership(authTree);
+        }
     }
 
     @Override
     public Set<Principal> getPrincipals(String userID) {
-        // TODO
-        Set<Principal> principals = new HashSet<Principal>();
-        Principal p = getPrincipal(userID);
-        principals.add(p);
-        principals.addAll(getGroupMembership(p));
+        Set<Principal> principals;
+        Tree userTree = userProvider.getAuthorizable(userID, UserManager.SEARCH_TYPE_USER);
+        if (userTree != null) {
+            principals = new HashSet<Principal>();
+            Principal userPrincipal = new TreeBasedPrincipal(userTree, pathMapper);
+            principals.add(userPrincipal);
+            principals.addAll(getGroupMembership(userPrincipal));
+            if (userProvider.isAdminUser(userTree)) {
+                principals.add(AdminPrincipal.INSTANCE);
+            }
+        } else {
+            principals = Collections.emptySet();
+        }
         return principals;
     }
+
+    //------------------------------------------------------------< private >---
+    private Set<Group> getGroupMembership(Tree authorizableTree) {
+        Iterator<String> groupPaths = membershipProvider.getMembership(authorizableTree,
true);
+        Set<Group> groups = new HashSet<Group>();
+        groups.add(EveryonePrincipal.getInstance());
+
+        while (groupPaths.hasNext()) {
+            String path = groupPaths.next();
+            Tree groupTree = userProvider.getAuthorizableByPath(path);
+            if (groupTree != null) {
+                groups.add(new TreeBasedGroup(groupTree));
+            }
+        }
+        return groups;
+    }
+
+    private boolean isGroup(Tree authorizableTree) {
+        assert authorizableTree != null;
+        assert authorizableTree.hasProperty(JcrConstants.JCR_PRIMARYTYPE);
+
+        String ntName = authorizableTree.getProperty(JcrConstants.JCR_PRIMARYTYPE).getValue().getString();
+        return UserConstants.NT_REP_GROUP.equals(ntName);
+    }
+
+    /**
+     * Tree-based principal implementation that marks the principal as group.
+     */
+    private final class TreeBasedGroup extends TreeBasedPrincipal implements Group {
+
+        public TreeBasedGroup(Tree tree) {
+            super(tree, pathMapper);
+        }
+
+        @Override
+        public boolean addMember(Principal principal) {
+            throw new UnsupportedOperationException();
+        }
+
+        @Override
+        public boolean removeMember(Principal principal) {
+            throw new UnsupportedOperationException();
+        }
+
+        @Override
+        public boolean isMember(Principal principal) {
+            return membershipProvider.isMember(getTree(), userProvider.getAuthorizableByPrincipal(principal),
true);
+        }
+
+        @Override
+        public Enumeration<? extends Principal> members() {
+            Iterator<String> declaredMemberPaths = membershipProvider.getMembers(getTree(),
UserManager.SEARCH_TYPE_AUTHORIZABLE, false);
+            Iterator<? extends Principal> members = Iterators.transform(declaredMemberPaths,
new Function<String, Principal>() {
+                @Override
+                public Principal apply(@Nullable String oakPath) {
+                    // TODO
+                    Tree tree = userProvider.getAuthorizableByPath(oakPath);
+                    if (tree != null) {
+                        if (isGroup(tree)) {
+                            return new TreeBasedGroup(tree);
+                        } else {
+                            return new TreeBasedPrincipal(tree, pathMapper);
+                        }
+                    }
+                    return null;
+                }
+            });
+            return Iterators.asEnumeration(Iterators.filter(members, Predicates.notNull()));
+        }
+    }
 }
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/TmpPrincipalProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/TmpPrincipalProvider.java?rev=1374193&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/TmpPrincipalProvider.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/TmpPrincipalProvider.java
Fri Aug 17 10:17:27 2012
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.principal;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
+
+/**
+ * ToRemovePrincipalProvider... TODO tmp dummy implemetation. to be replace
+ * by configurable principal provider (default KernelPrincipalProviver) once
+ * the auth-setup is done properly.
+ */
+public class TmpPrincipalProvider implements PrincipalProvider {
+
+    //--------------------------------------------------< PrincipalProvider >---
+    @Override
+    public Principal getPrincipal(final String principalName) {
+        return new Principal() {
+            @Override
+            public String getName() {
+                return principalName;
+            }
+        };
+    }
+
+    @Override
+    public Set<Group> getGroupMembership(Principal principal) {
+        return Collections.<Group>singleton(EveryonePrincipal.getInstance());
+    }
+
+    @Override
+    public Set<Principal> getPrincipals(String userID) {
+        Set<Principal> principals = new HashSet<Principal>();
+        Principal p = getPrincipal(userID);
+        principals.add(p);
+        principals.addAll(getGroupMembership(p));
+        if ("admin".equals(userID)) {
+            principals.add(AdminPrincipal.INSTANCE);
+        }
+        return principals;
+    }
+
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/TreeBasedPrincipal.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/TreeBasedPrincipal.java?rev=1374193&r1=1374192&r2=1374193&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/TreeBasedPrincipal.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/TreeBasedPrincipal.java
Fri Aug 17 10:17:27 2012
@@ -57,6 +57,14 @@ public class TreeBasedPrincipal implemen
         this.pathMapper = pathMapper;
     }
 
+    protected Tree getTree() {
+        return tree;
+    }
+
+    public String getOakPath() {
+        return tree.getPath();
+    }
+
     //-------------------------------------------------< ItemBasedPrincipal >---
     @Override
     public String getPath() {

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java?rev=1374193&r1=1374192&r2=1374193&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java
Fri Aug 17 10:17:27 2012
@@ -21,7 +21,6 @@ import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
-
 import javax.annotation.Nonnull;
 import javax.jcr.AccessDeniedException;
 import javax.jcr.Credentials;
@@ -51,7 +50,7 @@ import org.apache.jackrabbit.commons.ite
 import org.apache.jackrabbit.oak.commons.PathUtils;
 import org.apache.jackrabbit.oak.jcr.security.principal.PrincipalManagerImpl;
 import org.apache.jackrabbit.oak.jcr.xml.XmlImportHandler;
-import org.apache.jackrabbit.oak.security.principal.KernelPrincipalProvider;
+import org.apache.jackrabbit.oak.security.principal.TmpPrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
 import org.apache.jackrabbit.oak.util.TODO;
 import org.apache.jackrabbit.util.XMLChar;
@@ -140,8 +139,8 @@ public class SessionImpl extends Abstrac
 
     @Override
     @Nonnull
-    public Node getNodeByUUID(String id) throws RepositoryException {
-        return getNodeByIdentifier(id);
+    public Node getNodeByUUID(String uuid) throws RepositoryException {
+        return getNodeByIdentifier(uuid);
     }
 
     @Override
@@ -526,7 +525,7 @@ public class SessionImpl extends Abstrac
     @Nonnull
     public PrincipalManager getPrincipalManager() throws RepositoryException {
         return TODO.unimplemented().returnValue(new PrincipalManagerImpl(
-                new KernelPrincipalProvider()));
+                new TmpPrincipalProvider()));
     }
 
     @Override



Mime
View raw message