jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1375598 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/core/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/...
Date Tue, 21 Aug 2012 15:10:38 GMT
Author: angela
Date: Tue Aug 21 15:10:37 2012
New Revision: 1375598

URL: http://svn.apache.org/viewvc?rev=1375598&view=rev
Log:
OAK-50 : Implement User Management (WIP)

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
      - copied, changed from r1375392, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/KernelPrincipalProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java
Removed:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/KernelPrincipalProvider.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/NodeTreeUtil.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
Tue Aug 21 15:10:37 2012
@@ -254,7 +254,7 @@ public class RootImpl implements Root {
         providers.add(accessControlContext.getPermissionValidatorProvider(valueFactory));
         providers.add(accessControlContext.getAccessControlValidatorProvider(valueFactory));
         // TODO the following v-providers could be initialized at ContentRepo level
-        // FIXME: use proper configuration
+        // FIXME: retrieve from user context
         providers.add(new UserValidatorProvider(valueFactory, new UserConfig("admin")));
         providers.add(new PrivilegeValidatorProvider(valueFactory));
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
Tue Aug 21 15:10:37 2012
@@ -40,9 +40,8 @@ import org.apache.jackrabbit.oak.api.Pro
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.core.DefaultConflictHandler;
-import org.apache.jackrabbit.oak.security.user.UserProviderImpl;
 import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
+import org.apache.jackrabbit.oak.spi.security.user.UserContext;
 import org.apache.jackrabbit.oak.util.NodeUtil;
 import org.apache.jackrabbit.util.ISO8601;
 import org.apache.jackrabbit.util.Text;
@@ -78,11 +77,13 @@ public class TokenProviderImpl implement
 
     private final ContentSession contentSession;
     private final Root root;
+    private final UserContext userContext;
     private final long tokenExpiration;
 
-    public TokenProviderImpl(ContentSession contentSession, long tokenExpiration) {
+    public TokenProviderImpl(ContentSession contentSession, UserContext userContext, long
tokenExpiration) {
         this.contentSession = contentSession;
         this.root = contentSession.getCurrentRoot();
+        this.userContext = userContext;
         this.tokenExpiration = tokenExpiration;
     }
 
@@ -124,8 +125,8 @@ public class TokenProviderImpl implement
                     String key = generateKey(8);
                     String token = new StringBuilder(tokenNode.getTree().getPath()).append(DELIM).append(key).toString();
 
-                    String pwHash = PasswordUtility.buildPasswordHash(key);
-                    tokenNode.setString(TOKEN_ATTRIBUTE_KEY, pwHash);
+                    String tokenHash = PasswordUtility.buildPasswordHash(key);
+                    tokenNode.setString(TOKEN_ATTRIBUTE_KEY, tokenHash);
                     final long expirationTime = creationTime + tokenExpiration;
                     tokenNode.setDate(TOKEN_ATTRIBUTE_EXPIRY, expirationTime);
 
@@ -238,8 +239,7 @@ public class TokenProviderImpl implement
 
     @CheckForNull
     private Tree getUserTree(String userID) {
-        UserProvider userProvider = new UserProviderImpl(contentSession, root, null);
-        return userProvider.getAuthorizable(userID);
+        return userContext.getUserProvider().getAuthorizable(userID);
     }
 
     //--------------------------------------------------------------------------

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
(from r1375392, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/KernelPrincipalProvider.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/KernelPrincipalProvider.java&r1=1375392&r2=1375598&rev=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/KernelPrincipalProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
Tue Aug 21 15:10:37 2012
@@ -47,19 +47,20 @@ import org.slf4j.LoggerFactory;
  * that operates on principal information read from user information stored
  * in the {@code MicroKernel}.
  */
-public class KernelPrincipalProvider implements PrincipalProvider {
+public class PrincipalProviderImpl implements PrincipalProvider {
 
     /**
      * logger instance
      */
-    private static final Logger log = LoggerFactory.getLogger(KernelPrincipalProvider.class);
+    private static final Logger log = LoggerFactory.getLogger(PrincipalProviderImpl.class);
 
     private final UserProvider userProvider;
     private final MembershipProvider membershipProvider;
     private final PathMapper pathMapper;
 
-    public KernelPrincipalProvider(UserProvider userProvider,
-                                   MembershipProvider membershipProvider, PathMapper pathMapper)
{
+    public PrincipalProviderImpl(UserProvider userProvider,
+                                 MembershipProvider membershipProvider,
+                                 PathMapper pathMapper) {
         this.userProvider = userProvider;
         this.membershipProvider = membershipProvider;
         this.pathMapper = pathMapper;
@@ -112,6 +113,7 @@ public class KernelPrincipalProvider imp
     }
 
     //------------------------------------------------------------< private >---
+
     private Set<Group> getGroupMembership(Tree authorizableTree) {
         Iterator<String> groupPaths = membershipProvider.getMembership(authorizableTree,
true);
         Set<Group> groups = new HashSet<Group>();
@@ -165,7 +167,6 @@ public class KernelPrincipalProvider imp
             Iterator<? extends Principal> members = Iterators.transform(declaredMemberPaths,
new Function<String, Principal>() {
                 @Override
                 public Principal apply(@Nullable String oakPath) {
-                    // TODO
                     Tree tree = userProvider.getAuthorizableByPath(oakPath);
                     if (tree != null) {
                         if (isGroup(tree)) {

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java?rev=1375598&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java
Tue Aug 21 15:10:37 2012
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.user;
+
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
+import org.apache.jackrabbit.oak.spi.security.user.UserContext;
+import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
+
+/**
+ * UserContextImpl... TODO
+ */
+public class UserContextImpl implements UserContext {
+
+    private final ContentSession contentSession;
+    private final UserConfig config;
+    private final UserProviderImpl userProvider;
+
+    // TODO add proper configuration
+    public UserContextImpl(ContentSession contentSession, Root currentRoot) {
+        this(contentSession, currentRoot, new UserConfig("admin"));
+    }
+
+    public UserContextImpl(ContentSession contentSession, Root currentRoot, UserConfig config)
{
+        this.contentSession = contentSession;
+        this.config = config;
+        this.userProvider = new UserProviderImpl(contentSession, currentRoot, config);
+    }
+
+    @Override
+    public UserConfig getConfig() {
+        return config;
+    }
+
+    @Override
+    public UserProvider getUserProvider() {
+        return userProvider;
+    }
+
+    @Override
+    public MembershipProvider getMembershipProvider() {
+        return userProvider;
+    }
+
+    @Override
+    public ValidatorProvider getUserValidatorProvider() {
+        return new UserValidatorProvider(contentSession.getCoreValueFactory(), config);
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
Tue Aug 21 15:10:37 2012
@@ -152,7 +152,7 @@ import org.slf4j.LoggerFactory;
  *
  * TODO
  */
-public class UserProviderImpl implements UserProvider, MembershipProvider, UserConstants
{
+class UserProviderImpl implements UserProvider, MembershipProvider, UserConstants {
 
     /**
      * logger instance
@@ -174,13 +174,9 @@ public class UserProviderImpl implements
     private final String groupPath;
     private final String userPath;
 
-    public UserProviderImpl(ContentSession contentSession, Root root, UserConfig config)
{
-        this(contentSession.getCoreValueFactory(), contentSession.getQueryEngine(), root,
config);
-    }
-
-    public UserProviderImpl(CoreValueFactory valueFactory, SessionQueryEngine queryEngine,
Root root, UserConfig config) {
-        this.valueFactory = valueFactory;
-        this.queryEngine = queryEngine;
+    UserProviderImpl(ContentSession contentSession, Root root, UserConfig config) {
+        this.valueFactory = contentSession.getCoreValueFactory();
+        this.queryEngine = contentSession.getQueryEngine();
         this.root = root;
         this.identifierManager = new IdentifierManager(queryEngine, root);
 
@@ -286,6 +282,30 @@ public class UserProviderImpl implements
                adminId.equals(getAuthorizableId(userTree));
     }
 
+    @Override
+    public void setProtectedProperty(Tree authorizableTree, String propertyName, String value,
int type) {
+        assert authorizableTree != null;
+
+        if (value == null) {
+            authorizableTree.removeProperty(propertyName);
+        } else {
+            CoreValue cv = valueFactory.createValue(value, type);
+            authorizableTree.setProperty(propertyName, cv);
+        }
+    }
+
+    @Override
+    public void setProtectedProperty(Tree authorizableTree, String propertyName, String[]
values, int type) {
+        assert authorizableTree != null;
+
+        if (values == null) {
+            authorizableTree.removeProperty(propertyName);
+        } else {
+            NodeUtil node = new NodeUtil(authorizableTree, valueFactory);
+            node.setValues(propertyName, values, type);
+        }
+    }
+
     //--------------------------------------------------< MembershipProvider>---
     @Override
     public Iterator<String> getMembership(String authorizableId, boolean includeInherited)
{

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java
Tue Aug 21 15:10:37 2012
@@ -91,6 +91,27 @@ public class PasswordUtility {
     }
 
     /**
+     * Same as {@link #buildPasswordHash(String, String, int, int)} but retrieving
+     * the parameters for hash generation from the specified configuration.
+     *
+     * @param password The password to be hashed.
+     * @param config The configuration defining the details of the hash generation.
+     * @return The password hash.
+     * @throws NoSuchAlgorithmException If the specified algorithm is not supported.
+     * @throws UnsupportedEncodingException If utf-8 is not supported.
+     */
+    public static String buildPasswordHash(String password, UserConfig config) throws NoSuchAlgorithmException,
UnsupportedEncodingException {
+        if (config == null) {
+            throw new IllegalArgumentException("UserConfig must not be null");
+        }
+        String algorithm = config.getConfigValue(UserConfig.PARAM_PASSWORD_HASH_ALGORITHM,
DEFAULT_ALGORITHM);
+        int iterations = config.getConfigValue(UserConfig.PARAM_PASSWORD_HASH_ITERATIONS,
DEFAULT_ITERATIONS);
+        int saltSize = config.getConfigValue(UserConfig.PARAM_PASSWORD_SALT_SIZE, DEFAULT_SALT_SIZE);
+
+        return buildPasswordHash(password, algorithm, iterations, saltSize);
+    }
+
+    /**
      * Returns {@code true} if the specified string doesn't start with a
      * valid algorithm name in curly brackets.
      *

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java?rev=1375598&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java
Tue Aug 21 15:10:37 2012
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.user;
+
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+
+/**
+ * UserContext... TODO
+ */
+public interface UserContext {
+
+    @Nonnull
+    UserConfig getConfig();
+
+    @Nonnull
+    UserProvider getUserProvider();
+
+    @Nonnull
+    MembershipProvider getMembershipProvider();
+
+    @Nonnull
+    ValidatorProvider getUserValidatorProvider();
+
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
Tue Aug 21 15:10:37 2012
@@ -17,10 +17,12 @@
 package org.apache.jackrabbit.oak.spi.security.user;
 
 import java.security.Principal;
+import java.util.List;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.jcr.RepositoryException;
 
+import org.apache.jackrabbit.oak.api.CoreValue;
 import org.apache.jackrabbit.oak.api.Tree;
 
 /**
@@ -52,4 +54,8 @@ public interface UserProvider {
 
     boolean isAdminUser(Tree userTree);
 
+    void setProtectedProperty(Tree authorizableTree, String propertyName, String value, int
type);
+
+    void setProtectedProperty(Tree v, String propertyName, String[] values, int type);
+
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java
Tue Aug 21 15:10:37 2012
@@ -238,6 +238,14 @@ public class NodeUtil {
         tree.setProperty(name, cvs);
     }
 
+    public void setValues(String name, String[] values, int type) {
+        List<CoreValue> cvs = Lists.newArrayList();
+        for (String value : values) {
+            cvs.add(factory.createValue(value, type));
+        }
+        tree.setProperty(name, cvs);
+    }
+
     public Value[] getValues(String name, ValueFactory vf) {
         PropertyState property = tree.getProperty(name);
         if (property != null) {

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
Tue Aug 21 15:10:37 2012
@@ -54,6 +54,7 @@ import org.apache.jackrabbit.oak.namepat
 import org.apache.jackrabbit.oak.namepath.NamePathMapperImpl;
 import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
 import org.apache.jackrabbit.oak.plugins.value.AnnotatingConflictHandler;
+import org.apache.jackrabbit.oak.security.user.UserContextImpl;
 import org.apache.jackrabbit.oak.util.TODO;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -479,7 +480,8 @@ public class SessionDelegate {
     }
 
     UserManager getUserManager() throws UnsupportedRepositoryOperationException {
-        return TODO.unimplemented().returnValue(new UserManagerImpl(this, root, null));
+
+        return TODO.unimplemented().returnValue(new UserManagerImpl(getSession(), getNamePathMapper(),
new UserContextImpl(getContentSession(), root)));
     }
 
     //--------------------------------------------------< SessionNameMapper >---

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java
Tue Aug 21 15:10:37 2012
@@ -20,7 +20,6 @@ import java.security.Principal;
 import java.security.acl.Group;
 import java.util.HashSet;
 import java.util.Set;
-import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.UnsupportedRepositoryOperationException;
@@ -191,15 +190,12 @@ class ImpersonationImpl implements Imper
         return princNames;
     }
 
-    private void updateImpersonatorNames(Set<String> principalNames) throws RepositoryException
{
+    private void updateImpersonatorNames(Set<String> principalNames) {
         String[] pNames = principalNames.toArray(new String[principalNames.size()]);
-        Tree userTree = user.getTree();
         if (pNames.length == 0) {
-            if (userTree.hasProperty(REP_IMPERSONATORS)) {
-                userTree.removeProperty(REP_IMPERSONATORS);
-            } // nothing to do.
+            user.setProtectedProperty(REP_PRINCIPAL_NAME, (String) null);
         } else {
-            user.getUserManager().setInternalProperty(user.getTree(), REP_IMPERSONATORS,
pNames, PropertyType.STRING);
+            user.setProtectedProperty(REP_IMPERSONATORS, pNames);
         }
     }
 

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java
Tue Aug 21 15:10:37 2012
@@ -137,10 +137,10 @@ class UserImpl extends AuthorizableImpl 
         if (reason == null) {
             if (isDisabled()) {
                 // enable the user again.
-                userTree.removeProperty(REP_DISABLED);
+                setProtectedProperty(REP_DISABLED, (String) null);
             }
         } else {
-            getUserManager().setInternalProperty(getTree(), REP_DISABLED, reason, PropertyType.STRING);
+            setProtectedProperty(REP_DISABLED, reason);
         }
     }
 
@@ -163,4 +163,14 @@ class UserImpl extends AuthorizableImpl 
         } else
             return null;
     }
+
+    //--------------------------------------------------------------------------
+
+    void setProtectedProperty(String oakName, String value) {
+        getUserManager().getUserProvider().setProtectedProperty(getTree(), oakName, value,
PropertyType.STRING);
+    }
+
+    void setProtectedProperty(String oakName, String[] values) {
+        getUserManager().getUserProvider().setProtectedProperty(getTree(), oakName, values,
PropertyType.STRING);
+    }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java
Tue Aug 21 15:10:37 2012
@@ -20,7 +20,6 @@ import java.io.UnsupportedEncodingExcept
 import java.security.NoSuchAlgorithmException;
 import java.security.Principal;
 import java.util.Iterator;
-import java.util.List;
 import javax.annotation.CheckForNull;
 import javax.jcr.Node;
 import javax.jcr.PropertyType;
@@ -34,20 +33,15 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.user.Query;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
-import org.apache.jackrabbit.oak.api.CoreValue;
-import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
-import org.apache.jackrabbit.oak.jcr.SessionDelegate;
 import org.apache.jackrabbit.oak.jcr.security.user.query.XPathQueryBuilder;
 import org.apache.jackrabbit.oak.jcr.security.user.query.XPathQueryEvaluator;
-import org.apache.jackrabbit.oak.jcr.value.ValueConverter;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.security.user.UserProviderImpl;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
 import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
-import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
+import org.apache.jackrabbit.oak.spi.security.user.UserContext;
 import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
 import org.slf4j.Logger;
@@ -60,18 +54,15 @@ public class UserManagerImpl implements 
 
     private static final Logger log = LoggerFactory.getLogger(UserManagerImpl.class);
 
-    private final SessionDelegate sessionDelegate;
-    private final UserConfig config;
-    private final UserProviderImpl userProvider;
-    private final NodeTreeUtil util;
-
-    public UserManagerImpl(SessionDelegate sessionDelegate, Root root, UserConfig config)
{
-        this.sessionDelegate = sessionDelegate;
-        this.config = (config == null) ? new UserConfig("admin") : config;
-        userProvider = new UserProviderImpl(sessionDelegate.getContentSession(), root, this.config);
+    private final Session session;
+    private final NamePathMapper namePathMapper;
 
-        // FIXME: remove again. only tmp workaround
-        this.util = new NodeTreeUtil(sessionDelegate.getSession(), root, sessionDelegate.getNamePathMapper());
+    private final UserContext userContext;
+
+    public UserManagerImpl(Session session, NamePathMapper namePathMapper, UserContext userContext)
{
+        this.session = session;
+        this.namePathMapper = namePathMapper;
+        this.userContext = userContext;
     }
 
     //--------------------------------------------------------< UserManager >---
@@ -81,7 +72,7 @@ public class UserManagerImpl implements 
     @Override
     public Authorizable getAuthorizable(String id) throws RepositoryException {
         Authorizable authorizable = null;
-        Tree tree = userProvider.getAuthorizable(id);
+        Tree tree = getUserProvider().getAuthorizable(id);
         if (tree != null) {
             authorizable = getAuthorizable(tree);
         }
@@ -93,7 +84,7 @@ public class UserManagerImpl implements 
      */
     @Override
     public Authorizable getAuthorizable(Principal principal) throws RepositoryException {
-        return getAuthorizable(userProvider.getAuthorizableByPrincipal(principal));
+        return getAuthorizable(getUserProvider().getAuthorizableByPrincipal(principal));
     }
 
     /**
@@ -101,8 +92,11 @@ public class UserManagerImpl implements 
      */
     @Override
     public Authorizable getAuthorizableByPath(String path) throws RepositoryException {
-        String oakPath = sessionDelegate.getOakPathOrThrow(path);
-        return getAuthorizable(userProvider.getAuthorizableByPath(oakPath));
+        String oakPath = namePathMapper.getOakPath(path);
+        if (oakPath == null) {
+            throw new RepositoryException("Invalid path " + path);
+        }
+        return getAuthorizable(getUserProvider().getAuthorizableByPath(oakPath));
     }
 
     @Override
@@ -120,7 +114,7 @@ public class UserManagerImpl implements 
     public Iterator<Authorizable> findAuthorizables(Query query) throws RepositoryException
{
         XPathQueryBuilder builder = new XPathQueryBuilder();
         query.build(builder);
-        return new XPathQueryEvaluator(builder, this, sessionDelegate.getQueryManager(),
sessionDelegate.getNamePathMapper()).eval();
+        return new XPathQueryEvaluator(builder, this, session.getWorkspace().getQueryManager(),
namePathMapper).eval();
     }
 
     @Override
@@ -139,11 +133,11 @@ public class UserManagerImpl implements 
         checkValidID(userID);
         checkValidPrincipal(principal, false);
 
-        Tree userTree = userProvider.createUser(userID, intermediatePath);
+        Tree userTree = getUserProvider().createUser(userID, intermediatePath);
         setPrincipal(userTree, principal);
         setPassword(userTree, password, true);
 
-        User user = new UserImpl(util.getNode(userTree), userTree, this);
+        User user = new UserImpl(getNode(userTree), userTree, this);
         onCreate(user, password);
 
         log.debug("User created: " + userID);
@@ -176,10 +170,10 @@ public class UserManagerImpl implements 
         checkValidID(groupID);
         checkValidPrincipal(principal, true);
 
-        Tree groupTree = userProvider.createGroup(groupID, intermediatePath);
+        Tree groupTree = getUserProvider().createGroup(groupID, intermediatePath);
         setPrincipal(groupTree, principal);
 
-        Group group = new GroupImpl(util.getNode(groupTree), groupTree, this);
+        Group group = new GroupImpl(getNode(groupTree), groupTree, this);
         onCreate(group);
 
         log.debug("Group created: " + groupID);
@@ -221,7 +215,7 @@ public class UserManagerImpl implements 
      * @throws RepositoryException If an exception occurs.
      */
     void onCreate(User user, String password) throws RepositoryException {
-        for (AuthorizableAction action : config.getAuthorizableActions()) {
+        for (AuthorizableAction action : getAuthorizableActions()) {
             action.onCreate(user, password, getSession());
         }
     }
@@ -235,7 +229,7 @@ public class UserManagerImpl implements 
      * @throws RepositoryException If an exception occurs.
      */
     void onCreate(Group group) throws RepositoryException {
-        for (AuthorizableAction action : config.getAuthorizableActions()) {
+        for (AuthorizableAction action : getAuthorizableActions()) {
             action.onCreate(group, getSession());
         }
     }
@@ -249,7 +243,7 @@ public class UserManagerImpl implements 
      * @throws RepositoryException If an exception occurs.
      */
     void onRemove(Authorizable authorizable) throws RepositoryException {
-        for (AuthorizableAction action : config.getAuthorizableActions()) {
+        for (AuthorizableAction action : getAuthorizableActions()) {
             action.onRemove(authorizable, getSession());
         }
     }
@@ -264,21 +258,25 @@ public class UserManagerImpl implements 
      * @throws RepositoryException If an exception occurs.
      */
     void onPasswordChange(User user, String password) throws RepositoryException {
-        for (AuthorizableAction action : config.getAuthorizableActions()) {
+        for (AuthorizableAction action : getAuthorizableActions()) {
             action.onPasswordChange(user, password, getSession());
         }
     }
 
+    private AuthorizableAction[] getAuthorizableActions() {
+        return userContext.getConfig().getAuthorizableActions();
+    }
+
     //--------------------------------------------------------------------------
     /**
      *
      *
-     * @param userNode The node representing the user.
+     * @param userTree The tree representing the user.
      * @param password The plaintext password to set.
      * @param forceHash If true the specified password will always be hashed.
      * @throws javax.jcr.RepositoryException If an error occurs
      */
-    void setPassword(Tree userNode, String password, boolean forceHash) throws RepositoryException
{
+    void setPassword(Tree userTree, String password, boolean forceHash) throws RepositoryException
{
         if (password == null) {
             log.debug("Password is null.");
             return;
@@ -286,10 +284,7 @@ public class UserManagerImpl implements 
         String pwHash;
         if (forceHash || PasswordUtility.isPlainTextPassword(password)) {
             try {
-                String algorithm = config.getConfigValue(UserConfig.PARAM_PASSWORD_HASH_ALGORITHM,
PasswordUtility.DEFAULT_ALGORITHM);
-                int iterations = config.getConfigValue(UserConfig.PARAM_PASSWORD_HASH_ITERATIONS,
PasswordUtility.DEFAULT_ITERATIONS);
-                int saltSize = config.getConfigValue(UserConfig.PARAM_PASSWORD_SALT_SIZE,
PasswordUtility.DEFAULT_SALT_SIZE);
-                pwHash = PasswordUtility.buildPasswordHash(password, algorithm, saltSize,
iterations);
+                pwHash = PasswordUtility.buildPasswordHash(password, userContext.getConfig());
             } catch (NoSuchAlgorithmException e) {
                 throw new RepositoryException(e);
             } catch (UnsupportedEncodingException e) {
@@ -298,40 +293,31 @@ public class UserManagerImpl implements 
         } else {
             pwHash = password;
         }
-        setInternalProperty(userNode, UserConstants.REP_PASSWORD, pwHash, PropertyType.STRING);
+        getUserProvider().setProtectedProperty(userTree, UserConstants.REP_PASSWORD, pwHash,
PropertyType.STRING);
     }
 
-    void setPrincipal(Tree userNode, Principal principal) throws RepositoryException {
-        if (userNode.getStatus() != Tree.Status.NEW || userNode.hasProperty(UserConstants.REP_PRINCIPAL_NAME))
{
+    void setPrincipal(Tree userTree, Principal principal) throws RepositoryException {
+        // TODO: remove check once user-validator properly enforces that constraint
+        if (userTree.getStatus() != Tree.Status.NEW || userTree.hasProperty(UserConstants.REP_PRINCIPAL_NAME))
{
             throw new RepositoryException("rep:principalName can only be set once on a new
node.");
         }
-        setInternalProperty(userNode, UserConstants.REP_PRINCIPAL_NAME, principal.getName(),
PropertyType.STRING);
-    }
-
-    void setInternalProperty(Tree userNode, String oakName, String value, int type) throws
RepositoryException {
-        CoreValue cv = ValueConverter.toCoreValue(value, type, sessionDelegate);
-        userNode.setProperty(oakName, cv);
-    }
-
-    void setInternalProperty(Tree userNode, String oakName, String[] values, int type) throws
RepositoryException {
-        List<CoreValue> cvs = ValueConverter.toCoreValues(values, type, sessionDelegate);
-        userNode.setProperty(oakName, cvs);
+        getUserProvider().setProtectedProperty(userTree, UserConstants.REP_PRINCIPAL_NAME,
principal.getName(), PropertyType.STRING);
     }
 
     Session getSession() {
-        return sessionDelegate.getSession();
+        return session;
     }
 
     NamePathMapper getNamePathMapper() {
-        return sessionDelegate.getNamePathMapper();
+        return namePathMapper;
     }
 
     UserProvider getUserProvider() {
-        return userProvider;
+        return userContext.getUserProvider();
     }
 
     MembershipProvider getMembershipProvider() {
-        return userProvider;
+        return userContext.getMembershipProvider();
     }
 
     @CheckForNull
@@ -339,7 +325,7 @@ public class UserManagerImpl implements 
         if (tree == null) {
             return null;
         }
-        Node node = util.getNode(tree);
+        Node node = getNode(tree);
         if (node.isNodeType(getJcrName(UserConstants.NT_REP_USER))) {
             return new UserImpl(node, tree, this);
         } else if (node.isNodeType(getJcrName(UserConstants.NT_REP_GROUP))) {
@@ -350,7 +336,11 @@ public class UserManagerImpl implements 
     }
 
     String getJcrName(String oakName) {
-        return sessionDelegate.getNamePathMapper().getJcrName(oakName);
+        return namePathMapper.getJcrName(oakName);
+    }
+
+    private Node getNode(Tree tree) throws RepositoryException {
+        return session.getNode(namePathMapper.getJcrPath(tree.getPath()));
     }
 
     private void checkValidID(String ID) throws RepositoryException {



Mime
View raw message