jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1376082 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/ oak-core/src/main/java/org/apache/jackrabbit/oak/secur...
Date Wed, 22 Aug 2012 14:48:23 GMT
Author: angela
Date: Wed Aug 22 14:48:22 2012
New Revision: 1376082

URL: http://svn.apache.org/viewvc?rev=1376082&view=rev
Log:
OAK-50 : Implement User Management (WIP)

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/Type.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/MembershipProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1376082&r1=1376081&r2=1376082&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java Wed Aug 22 14:48:22 2012
@@ -27,7 +27,6 @@ import java.util.Date;
 import java.util.GregorianCalendar;
 import java.util.HashMap;
 import java.util.Map;
-import javax.annotation.CheckForNull;
 import javax.jcr.Credentials;
 import javax.jcr.SimpleCredentials;
 
@@ -41,7 +40,9 @@ import org.apache.jackrabbit.oak.api.Roo
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.core.DefaultConflictHandler;
 import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
+import org.apache.jackrabbit.oak.spi.security.user.Type;
 import org.apache.jackrabbit.oak.spi.security.user.UserContext;
+import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.apache.jackrabbit.oak.util.NodeUtil;
 import org.apache.jackrabbit.util.ISO8601;
 import org.apache.jackrabbit.util.Text;
@@ -77,14 +78,15 @@ public class TokenProviderImpl implement
 
     private final ContentSession contentSession;
     private final Root root;
-    private final UserContext userContext;
+    private final UserProvider userProvider;
     private final long tokenExpiration;
 
-    public TokenProviderImpl(ContentSession contentSession, UserContext userContext, long tokenExpiration) {
+    public TokenProviderImpl(ContentSession contentSession, long tokenExpiration, UserContext userContext) {
         this.contentSession = contentSession;
         this.root = contentSession.getCurrentRoot();
-        this.userContext = userContext;
         this.tokenExpiration = tokenExpiration;
+
+        this.userProvider = userContext.getUserProvider(contentSession, root);
     }
 
     //------------------------------------------------------< TokenProvider >---
@@ -107,7 +109,7 @@ public class TokenProviderImpl implement
 
             CoreValueFactory valueFactory = contentSession.getCoreValueFactory();
             try {
-                Tree userTree = getUserTree(userID);
+                Tree userTree = userProvider.getAuthorizable(userID, Type.USER);
                 if (userTree != null) {
                     NodeUtil userNode = new NodeUtil(userTree, valueFactory);
                     NodeUtil tokenParent = userNode.getChild(TOKENS_NODE_NAME);
@@ -172,7 +174,7 @@ public class TokenProviderImpl implement
         if (tokenTree != null) {
             try {
                 if (tokenTree.remove()) {
-                    contentSession.getCurrentRoot().commit(DefaultConflictHandler.OURS);
+                    root.commit(DefaultConflictHandler.OURS);
                     return true;
                 }
             } catch (CommitFailedException e) {
@@ -231,17 +233,12 @@ public class TokenProviderImpl implement
 
     private Tree getTokenTree(TokenInfo tokenInfo) {
         if (tokenInfo instanceof TokenInfoImpl) {
-            return contentSession.getCurrentRoot().getTree(((TokenInfoImpl) tokenInfo).tokenPath);
+            return root.getTree(((TokenInfoImpl) tokenInfo).tokenPath);
         } else {
             return null;
         }
     }
 
-    @CheckForNull
-    private Tree getUserTree(String userID) {
-        return userContext.getUserProvider().getAuthorizable(userID);
-    }
-
     //--------------------------------------------------------------------------
 
     private static class TokenInfoImpl implements TokenInfo {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java?rev=1376082&r1=1376081&r2=1376082&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java Wed Aug 22 14:48:22 2012
@@ -29,7 +29,6 @@ import com.google.common.base.Function;
 import com.google.common.base.Predicates;
 import com.google.common.collect.Iterators;
 import org.apache.jackrabbit.JcrConstants;
-import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.namepath.PathMapper;
 import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
@@ -37,6 +36,7 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.TreeBasedPrincipal;
 import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
+import org.apache.jackrabbit.oak.spi.security.user.Type;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.slf4j.Logger;
@@ -64,7 +64,6 @@ public class PrincipalProviderImpl imple
         this.userProvider = userProvider;
         this.membershipProvider = membershipProvider;
         this.pathMapper = pathMapper;
-
     }
 
     //--------------------------------------------------< PrincipalProvider >---
@@ -97,7 +96,7 @@ public class PrincipalProviderImpl imple
     @Override
     public Set<Principal> getPrincipals(String userID) {
         Set<Principal> principals;
-        Tree userTree = userProvider.getAuthorizable(userID, UserManager.SEARCH_TYPE_USER);
+        Tree userTree = userProvider.getAuthorizable(userID, Type.USER);
         if (userTree != null) {
             principals = new HashSet<Principal>();
             Principal userPrincipal = new TreeBasedPrincipal(userTree, pathMapper);
@@ -169,7 +168,7 @@ public class PrincipalProviderImpl imple
 
         @Override
         public Enumeration<? extends Principal> members() {
-            Iterator<String> declaredMemberPaths = membershipProvider.getMembers(getTree(), UserManager.SEARCH_TYPE_AUTHORIZABLE, false);
+            Iterator<String> declaredMemberPaths = membershipProvider.getMembers(getTree(), Type.AUTHORIZABLE, false);
             Iterator<? extends Principal> members = Iterators.transform(declaredMemberPaths, new Function<String, Principal>() {
                 @Override
                 public Principal apply(@Nullable String oakPath) {

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java?rev=1376082&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java Wed Aug 22 14:48:22 2012
@@ -0,0 +1,95 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.user;
+
+import org.apache.jackrabbit.JcrConstants;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.CoreValueFactory;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.SessionQueryEngine;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
+import org.apache.jackrabbit.oak.spi.security.user.Type;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * AuthorizableBaseProvider... TODO
+ */
+abstract class AuthorizableBaseProvider implements UserConstants {
+
+    /**
+     * logger instance
+     */
+    private static final Logger log = LoggerFactory.getLogger(AuthorizableBaseProvider.class);
+
+    final CoreValueFactory valueFactory;
+    final SessionQueryEngine queryEngine;
+    final Root root;
+    final IdentifierManager identifierManager;
+
+    AuthorizableBaseProvider(ContentSession contentSession, Root root, UserConfig config) {
+        this.valueFactory = contentSession.getCoreValueFactory();
+        this.queryEngine = contentSession.getQueryEngine();
+        this.root = root;
+        this.identifierManager = new IdentifierManager(queryEngine, root);
+    }
+
+    Tree getByID(String authorizableId, Type authorizableType) {
+        Tree tree = identifierManager.getTree(getContentID(authorizableId));
+        if (isAuthorizableTree(tree, authorizableType)) {
+            return tree;
+        } else {
+            return null;
+        }
+    }
+
+    Tree getByPath(String authorizableOakPath) {
+        Tree tree = root.getTree(authorizableOakPath);
+        if (isAuthorizableTree(tree, Type.AUTHORIZABLE)) {
+            return tree;
+        } else {
+            return null;
+        }
+    }
+
+    String getContentID(String authorizableId) {
+        return IdentifierManager.generateUUID(authorizableId.toLowerCase());
+    }
+
+    String getContentID(Tree authorizableTree) {
+        return identifierManager.getIdentifier(authorizableTree);
+    }
+
+    boolean isAuthorizableTree(Tree tree, Type authorizableType) {
+        // FIXME: check for node type according to the specified type constraint
+        if (tree != null && tree.hasProperty(JcrConstants.JCR_PRIMARYTYPE)) {
+            String ntName = tree.getProperty(JcrConstants.JCR_PRIMARYTYPE).getValue().getString();
+            switch (authorizableType) {
+                case GROUP:
+                    return NT_REP_GROUP.equals(ntName);
+                case USER:
+                    return NT_REP_USER.equals(ntName);
+                default:
+                    return NT_REP_USER.equals(ntName) || NT_REP_GROUP.equals(ntName);
+            }
+        }
+        return false;
+    }
+}
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java?rev=1376082&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java Wed Aug 22 14:48:22 2012
@@ -0,0 +1,329 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.user;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+import javax.annotation.Nullable;
+import javax.jcr.PropertyType;
+
+import com.google.common.base.Function;
+import com.google.common.base.Predicate;
+import com.google.common.collect.Iterables;
+import com.google.common.collect.Iterators;
+import org.apache.jackrabbit.commons.iterator.RangeIteratorAdapter;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.CoreValue;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
+import org.apache.jackrabbit.oak.spi.security.user.Type;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
+import org.apache.jackrabbit.oak.util.NodeUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * MembershipProviderImpl... TODO
+ */
+public class MembershipProviderImpl extends AuthorizableBaseProvider implements MembershipProvider {
+
+    private static final Logger log = LoggerFactory.getLogger(MembershipProviderImpl.class);
+
+    private final int splitSize;
+
+    MembershipProviderImpl(ContentSession contentSession, Root root, UserConfig config) {
+        super(contentSession, root, config);
+
+        int splitValue = config.getConfigValue(UserConfig.PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE, 0);
+        if (splitValue != 0 && splitValue < 4) {
+            log.warn("Invalid value {} for {}. Expected integer >= 4 or 0", splitValue, UserConfig.PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE);
+            splitValue = 0;
+        }
+        this.splitSize = splitValue;
+    }
+
+    //--------------------------------------------------< MembershipProvider>---
+    @Override
+    public Iterator<String> getMembership(String authorizableId, boolean includeInherited) {
+        return getMembership(getByID(authorizableId, Type.AUTHORIZABLE), includeInherited);
+    }
+
+    @Override
+    public Iterator<String> getMembership(Tree authorizableTree, boolean includeInherited) {
+        Set<String> groupPaths = new HashSet<String>();
+        Set<String> refPaths = identifierManager.getReferences(true, authorizableTree, null, NT_REP_GROUP, NT_REP_MEMBERS);
+        for (String propPath : refPaths) {
+            int index = propPath.indexOf('/'+REP_MEMBERS);
+            if (index > 0) {
+                groupPaths.add(propPath.substring(0, index));
+            } else {
+                log.debug("Not a membership reference property " + propPath);
+            }
+        }
+
+        Iterator<String> it = groupPaths.iterator();
+        if (includeInherited && it.hasNext()) {
+            return getAllMembership(groupPaths.iterator());
+        } else {
+            return new RangeIteratorAdapter(it, groupPaths.size());
+        }
+    }
+
+    @Override
+    public Iterator<String> getMembers(String groupId, Type authorizableType, boolean includeInherited) {
+        Tree groupTree = getByID(groupId, Type.GROUP);
+        if (groupTree == null) {
+            return Iterators.emptyIterator();
+        } else {
+            return getMembers(groupTree, authorizableType, includeInherited);
+        }
+    }
+
+    @Override
+    public Iterator<String> getMembers(Tree groupTree, Type authorizableType, boolean includeInherited) {
+        Iterable memberPaths = Collections.emptySet();
+        if (useMemberNode(groupTree)) {
+            Tree membersTree = groupTree.getChild(REP_MEMBERS);
+            if (membersTree != null) {
+                // FIXME: replace usage of PropertySequence (oak-api not possible there)
+//                PropertySequence propertySequence = getPropertySequence(membersTree);
+//                iterator = new AuthorizableIterator(propertySequence, authorizableType, userManager);
+            }
+        } else {
+            PropertyState property = groupTree.getProperty(REP_MEMBERS);
+            if (property != null) {
+                List<CoreValue> vs = property.getValues();
+                memberPaths = Iterables.transform(vs, new Function<CoreValue,String>() {
+                    @Override
+                    public String apply(@Nullable CoreValue value) {
+                        return identifierManager.getPath(value);
+                    }
+                });
+            }
+        }
+
+        Iterator it = memberPaths.iterator();
+        if (includeInherited && it.hasNext()) {
+            return getAllMembers(it, authorizableType);
+        } else {
+            return new RangeIteratorAdapter(it, Iterables.size(memberPaths));
+        }
+    }
+
+    @Override
+    public boolean isMember(Tree groupTree, Tree authorizableTree, boolean includeInherited) {
+        if (includeInherited) {
+            Iterator<String> groupPaths = getMembership(authorizableTree, true);
+            String path = groupTree.getPath();
+            while (groupPaths.hasNext()) {
+                if (path.equals(groupPaths.next())) {
+                    return true;
+                }
+            }
+        } else {
+            if (useMemberNode(groupTree)) {
+                Tree membersTree = groupTree.getChild(REP_MEMBERS);
+                if (membersTree != null) {
+                    // FIXME: fix.. testing for property name isn't correct.
+                    // FIXME: usage of PropertySequence isn't possible when operating on oak-API
+//                    PropertySequence propertySequence = getPropertySequence(membersTree);
+//                    return propertySequence.hasItem(authorizable.getID());
+                    return false;
+                }
+            } else {
+                PropertyState property = groupTree.getProperty(REP_MEMBERS);
+                if (property != null) {
+                    List<CoreValue> members = property.getValues();
+                    String authorizableUUID = getContentID(authorizableTree);
+                    for (CoreValue v : members) {
+                        if (authorizableUUID.equals(v.getString())) {
+                            return true;
+                        }
+                    }
+                }
+            }
+        }
+        // no a member of the specified group
+        return false;
+    }
+
+    @Override
+    public boolean addMember(Tree groupTree, Tree newMemberTree) {
+        if (useMemberNode(groupTree)) {
+            NodeUtil groupNode = new NodeUtil(groupTree, valueFactory);
+            NodeUtil membersNode = groupNode.getOrAddChild(REP_MEMBERS, NT_REP_MEMBERS);
+
+            //FIXME: replace usage of PropertySequence with oak-compatible utility
+//            PropertySequence properties = getPropertySequence(membersTree);
+//            String propName = Text.escapeIllegalJcrChars(authorizable.getID());
+//            if (properties.hasItem(propName)) {
+//                log.debug("Authorizable {} is already member of {}", authorizable, this);
+//                return false;
+//            } else {
+//                CoreValue newMember = createCoreValue(authorizable);
+//                properties.addProperty(propName, newMember);
+//            }
+        } else {
+            List<CoreValue> values;
+            CoreValue toAdd = createCoreValue(newMemberTree);
+            PropertyState property = groupTree.getProperty(REP_MEMBERS);
+            if (property != null) {
+                values = property.getValues();
+                if (values.contains(toAdd)) {
+                    return false;
+                } else {
+                    values.add(toAdd);
+                }
+            } else {
+                values = Collections.singletonList(toAdd);
+            }
+            groupTree.setProperty(REP_MEMBERS, values);
+        }
+        return true;
+    }
+
+    @Override
+    public boolean removeMember(Tree groupTree, Tree memberTree) {
+        if (useMemberNode(groupTree)) {
+            Tree membersTree = groupTree.getChild(REP_MEMBERS);
+            if (membersTree != null) {
+                // FIXME: replace usage of PropertySequence with oak-compatible utility
+//                PropertySequence properties = getPropertySequence(membersTree);
+//                String propName = authorizable.getTree().getName();
+                // FIXME: fix.. testing for property name isn't correct.
+//                if (properties.hasItem(propName)) {
+//                    Property p = properties.getItem(propName);
+//                    userManager.removeInternalProperty(p.getParent(), propName);
+//                }
+//                return true;
+                return false;
+            }
+        } else {
+            PropertyState property = groupTree.getProperty(REP_MEMBERS);
+            if (property != null) {
+                CoreValue toRemove = createCoreValue(memberTree);
+                List<CoreValue> values = property.getValues();
+                if (values.remove(toRemove)) {
+                    if (values.isEmpty()) {
+                        groupTree.removeProperty(REP_MEMBERS);
+                    } else {
+                        groupTree.setProperty(REP_MEMBERS, values);
+                    }
+                    return true;
+                }
+            }
+        }
+
+        // nothing changed
+        log.debug("Authorizable {} was not member of {}", memberTree.getName(), groupTree.getName());
+        return false;
+    }
+
+    //-----------------------------------------< private MembershipProvider >---
+
+    private CoreValue createCoreValue(Tree authorizableTree) {
+        return valueFactory.createValue(getContentID(authorizableTree), PropertyType.WEAKREFERENCE);
+    }
+
+    private boolean useMemberNode(Tree groupTree) {
+        return splitSize >= 4 && !groupTree.hasProperty(REP_MEMBERS);
+    }
+
+    /**
+     * Returns an iterator of authorizables which includes all indirect members
+     * of the given iterator of authorizables.
+     *
+     *
+     * @param declaredMembers
+     * @param authorizableType
+     * @return Iterator of Authorizable objects
+     */
+    private Iterator<String> getAllMembers(final Iterator<String> declaredMembers,
+                                           final Type authorizableType) {
+        Iterator<Iterator<String>> inheritedMembers = new Iterator<Iterator<String>>() {
+            @Override
+            public boolean hasNext() {
+                return declaredMembers.hasNext();
+            }
+
+            @Override
+            public Iterator<String> next() {
+                String memberPath = declaredMembers.next();
+                return Iterators.concat(Iterators.singletonIterator(memberPath), inherited(memberPath));
+            }
+
+            @Override
+            public void remove() {
+                throw new UnsupportedOperationException();
+            }
+
+            private Iterator<String> inherited(String authorizablePath) {
+                Tree group = getByPath(authorizablePath);
+                if (isAuthorizableTree(group, Type.GROUP)) {
+                    return getMembers(group, authorizableType, true);
+                } else {
+                    return Iterators.emptyIterator();
+                }
+            }
+        };
+        return Iterators.filter(Iterators.concat(inheritedMembers), new ProcessedPathPredicate());
+    }
+
+    private Iterator<String> getAllMembership(final Iterator<String> groupPaths) {
+        Iterator<Iterator<String>> inheritedMembership = new Iterator<Iterator<String>>() {
+            @Override
+            public boolean hasNext() {
+                return groupPaths.hasNext();
+            }
+
+            @Override
+            public Iterator<String> next() {
+                String groupPath = groupPaths.next();
+                return Iterators.concat(Iterators.singletonIterator(groupPath), inherited(groupPath));
+            }
+
+            @Override
+            public void remove() {
+                throw new UnsupportedOperationException();
+            }
+
+            private Iterator<String> inherited(String authorizablePath) {
+                Tree group = getByPath(authorizablePath);
+                if (isAuthorizableTree(group, Type.GROUP)) {
+                    return getMembership(group, true);
+                } else {
+                    return Iterators.emptyIterator();
+                }
+            }
+        };
+
+        return Iterators.filter(Iterators.concat(inheritedMembership), new ProcessedPathPredicate());
+    }
+
+    private static final class ProcessedPathPredicate implements Predicate<String> {
+        private final Set<String> processed = new HashSet<String>();
+        @Override
+        public boolean apply(@Nullable String path) {
+            return processed.add(path);
+        }
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java?rev=1376082&r1=1376081&r2=1376082&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java Wed Aug 22 14:48:22 2012
@@ -17,6 +17,7 @@
 package org.apache.jackrabbit.oak.security.user;
 
 import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.CoreValueFactory;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
 import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
@@ -29,19 +30,15 @@ import org.apache.jackrabbit.oak.spi.sec
  */
 public class UserContextImpl implements UserContext {
 
-    private final ContentSession contentSession;
     private final UserConfig config;
-    private final UserProviderImpl userProvider;
 
     // TODO add proper configuration
-    public UserContextImpl(ContentSession contentSession, Root currentRoot) {
-        this(contentSession, currentRoot, new UserConfig("admin"));
+    public UserContextImpl() {
+        this(new UserConfig("admin"));
     }
 
-    public UserContextImpl(ContentSession contentSession, Root currentRoot, UserConfig config) {
-        this.contentSession = contentSession;
+    public UserContextImpl(UserConfig config) {
         this.config = config;
-        this.userProvider = new UserProviderImpl(contentSession, currentRoot, config);
     }
 
     @Override
@@ -50,17 +47,17 @@ public class UserContextImpl implements 
     }
 
     @Override
-    public UserProvider getUserProvider() {
-        return userProvider;
+    public UserProvider getUserProvider(ContentSession contentSession, Root root) {
+        return new UserProviderImpl(contentSession, root, config);
     }
 
     @Override
-    public MembershipProvider getMembershipProvider() {
-        return userProvider;
+    public MembershipProvider getMembershipProvider(ContentSession contentSession, Root root) {
+        return new MembershipProviderImpl(contentSession, root, config);
     }
 
     @Override
-    public ValidatorProvider getUserValidatorProvider() {
-        return new UserValidatorProvider(contentSession.getCoreValueFactory(), config);
+    public ValidatorProvider getUserValidatorProvider(CoreValueFactory valueFactory) {
+        return new UserValidatorProvider(valueFactory, config);
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java?rev=1376082&r1=1376081&r2=1376082&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java Wed Aug 22 14:48:22 2012
@@ -19,37 +19,22 @@ package org.apache.jackrabbit.oak.securi
 import java.security.Principal;
 import java.text.ParseException;
 import java.util.Collections;
-import java.util.HashSet;
 import java.util.Iterator;
-import java.util.List;
 import java.util.Map;
-import java.util.Set;
-
-import javax.annotation.Nullable;
-import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.nodetype.ConstraintViolationException;
 import javax.jcr.query.Query;
 
-import com.google.common.base.Function;
-import com.google.common.base.Predicate;
-import com.google.common.collect.Iterables;
-import com.google.common.collect.Iterators;
 import org.apache.jackrabbit.JcrConstants;
-import org.apache.jackrabbit.api.security.user.UserManager;
-import org.apache.jackrabbit.commons.iterator.RangeIteratorAdapter;
 import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.CoreValue;
-import org.apache.jackrabbit.oak.api.CoreValueFactory;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Result;
 import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.api.SessionQueryEngine;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
 import org.apache.jackrabbit.oak.spi.security.principal.TreeBasedPrincipal;
-import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
+import org.apache.jackrabbit.oak.spi.security.user.Type;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
@@ -152,7 +137,7 @@ import org.slf4j.LoggerFactory;
  *
  * TODO
  */
-class UserProviderImpl implements UserProvider, MembershipProvider, UserConstants {
+class UserProviderImpl extends AuthorizableBaseProvider implements UserProvider {
 
     /**
      * logger instance
@@ -160,34 +145,18 @@ class UserProviderImpl implements UserPr
     private static final Logger log = LoggerFactory.getLogger(UserProviderImpl.class);
 
     private static final String DELIMITER = "/";
-    private static final int DEFAULT_DEPTH = 2;
-
-    private final CoreValueFactory valueFactory;
-    private final SessionQueryEngine queryEngine;
-    private final Root root;
-    private final IdentifierManager identifierManager;
 
     private final int defaultDepth;
-    private final int splitSize;
     private final String adminId;
 
     private final String groupPath;
     private final String userPath;
 
     UserProviderImpl(ContentSession contentSession, Root root, UserConfig config) {
-        this.valueFactory = contentSession.getCoreValueFactory();
-        this.queryEngine = contentSession.getQueryEngine();
-        this.root = root;
-        this.identifierManager = new IdentifierManager(queryEngine, root);
+        super(contentSession, root, config);
 
         defaultDepth = config.getConfigValue(UserConfig.PARAM_DEFAULT_DEPTH, DEFAULT_DEPTH);
-        int splitValue = config.getConfigValue(UserConfig.PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE, 0);
-        if (splitValue != 0 && splitValue < 4) {
-            log.warn("Invalid value {} for {}. Expected integer >= 4 or 0", splitValue, UserConfig.PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE);
-            splitValue = 0;
-        }
-        this.splitSize = splitValue;
-        this.adminId = config.getAdminId();
+        adminId = config.getAdminId();
 
         groupPath = config.getConfigValue(UserConfig.PARAM_GROUP_PATH, DEFAULT_GROUP_PATH);
         userPath = config.getConfigValue(UserConfig.PARAM_USER_PATH, DEFAULT_USER_PATH);
@@ -206,32 +175,17 @@ class UserProviderImpl implements UserPr
 
     @Override
     public Tree getAuthorizable(String authorizableId) {
-        Tree tree = identifierManager.getTree(getContentID(authorizableId));
-        if (isAuthorizableTree(tree, UserManager.SEARCH_TYPE_AUTHORIZABLE)) {
-            return tree;
-        } else {
-            return null;
-        }
+        return getByID(authorizableId, Type.AUTHORIZABLE);
     }
 
     @Override
-    public Tree getAuthorizable(String authorizableId, int authorizableType) {
-        Tree tree = identifierManager.getTree(getContentID(authorizableId));
-        if (isAuthorizableTree(tree, authorizableType)) {
-            return tree;
-        } else {
-            return null;
-        }
+    public Tree getAuthorizable(String authorizableId, Type authorizableType) {
+        return getByID(authorizableId, authorizableType);
     }
 
     @Override()
     public Tree getAuthorizableByPath(String authorizableOakPath) {
-        Tree tree = root.getTree(authorizableOakPath);
-        if (isAuthorizableTree(tree, UserManager.SEARCH_TYPE_AUTHORIZABLE)) {
-            return tree;
-        } else {
-            return null;
-        }
+        return getByPath(authorizableOakPath);
     }
 
     @Override
@@ -278,234 +232,36 @@ class UserProviderImpl implements UserPr
     @Override
     public boolean isAdminUser(Tree userTree) {
         assert userTree != null;
-        return isAuthorizableTree(userTree, UserManager.SEARCH_TYPE_USER) &&
+        return isAuthorizableTree(userTree, Type.USER) &&
                adminId.equals(getAuthorizableId(userTree));
     }
 
     @Override
-    public void setProtectedProperty(Tree authorizableTree, String propertyName, String value, int type) {
+    public void setProtectedProperty(Tree authorizableTree, String propertyName, String value, int propertyType) {
         assert authorizableTree != null;
 
         if (value == null) {
             authorizableTree.removeProperty(propertyName);
         } else {
-            CoreValue cv = valueFactory.createValue(value, type);
+            CoreValue cv = valueFactory.createValue(value, propertyType);
             authorizableTree.setProperty(propertyName, cv);
         }
     }
 
     @Override
-    public void setProtectedProperty(Tree authorizableTree, String propertyName, String[] values, int type) {
+    public void setProtectedProperty(Tree authorizableTree, String propertyName, String[] values, int propertyType) {
         assert authorizableTree != null;
 
         if (values == null) {
             authorizableTree.removeProperty(propertyName);
         } else {
             NodeUtil node = new NodeUtil(authorizableTree, valueFactory);
-            node.setValues(propertyName, values, type);
-        }
-    }
-
-    //--------------------------------------------------< MembershipProvider>---
-    @Override
-    public Iterator<String> getMembership(String authorizableId, boolean includeInherited) {
-        return getMembership(getAuthorizable(authorizableId), includeInherited);
-    }
-
-    @Override
-    public Iterator<String> getMembership(Tree authorizableTree, boolean includeInherited) {
-        Set<String> groupPaths = new HashSet<String>();
-        Set<String> refPaths = identifierManager.getReferences(true, authorizableTree, null, NT_REP_GROUP, NT_REP_MEMBERS);
-        for (String propPath : refPaths) {
-            int index = propPath.indexOf('/'+REP_MEMBERS);
-            if (index > 0) {
-                groupPaths.add(propPath.substring(0, index));
-            } else {
-                log.debug("Not a membership reference property " + propPath);
-            }
-        }
-
-        Iterator<String> it = groupPaths.iterator();
-        if (includeInherited && it.hasNext()) {
-            return getAllMembership(groupPaths.iterator());
-        } else {
-            return new RangeIteratorAdapter(it, groupPaths.size());
-        }
-    }
-
-    @Override
-    public Iterator<String> getMembers(String groupId, int authorizableType, boolean includeInherited) {
-        return getMembers(getAuthorizable(groupId), UserManager.SEARCH_TYPE_AUTHORIZABLE, includeInherited);
-    }
-
-    @Override
-    public Iterator<String> getMembers(Tree groupTree, int authorizableType, boolean includeInherited) {
-        Iterable memberPaths = Collections.emptySet();
-        if (useMemberNode(groupTree)) {
-            Tree membersTree = groupTree.getChild(REP_MEMBERS);
-            if (membersTree != null) {
-                // FIXME: replace usage of PropertySequence (oak-api not possible there)
-//                PropertySequence propertySequence = getPropertySequence(membersTree);
-//                iterator = new AuthorizableIterator(propertySequence, authorizableType, userManager);
-            }
-        } else {
-            PropertyState property = groupTree.getProperty(REP_MEMBERS);
-            if (property != null) {
-                List<CoreValue> vs = property.getValues();
-                memberPaths = Iterables.transform(vs, new Function<CoreValue,String>() {
-                    @Override
-                    public String apply(@Nullable CoreValue value) {
-                        return identifierManager.getPath(value);
-                    }
-                });
-            }
-        }
-
-        Iterator it = memberPaths.iterator();
-        if (includeInherited && it.hasNext()) {
-            return getAllMembers(it, authorizableType);
-        } else {
-            return new RangeIteratorAdapter(it, Iterables.size(memberPaths));
-        }
-    }
-
-    @Override
-    public boolean isMember(Tree groupTree, Tree authorizableTree, boolean includeInherited) {
-        if (includeInherited) {
-            Iterator<String> groupPaths = getMembership(authorizableTree, true);
-            String path = groupTree.getPath();
-            while (groupPaths.hasNext()) {
-                if (path.equals(groupPaths.next())) {
-                    return true;
-                }
-            }
-        } else {
-            if (useMemberNode(groupTree)) {
-                Tree membersTree = groupTree.getChild(REP_MEMBERS);
-                if (membersTree != null) {
-                    // FIXME: fix.. testing for property name isn't correct.
-                    // FIXME: usage of PropertySequence isn't possible when operating on oak-API
-//                    PropertySequence propertySequence = getPropertySequence(membersTree);
-//                    return propertySequence.hasItem(authorizable.getID());
-                    return false;
-                }
-            } else {
-                PropertyState property = groupTree.getProperty(REP_MEMBERS);
-                if (property != null) {
-                    List<CoreValue> members = property.getValues();
-                    String authorizableUUID = getContentID(authorizableTree);
-                    for (CoreValue v : members) {
-                        if (authorizableUUID.equals(v.getString())) {
-                            return true;
-                        }
-                    }
-                }
-            }
-        }
-        // no a member of the specified group
-        return false;
-    }
-
-    @Override
-    public boolean addMember(Tree groupTree, Tree newMemberTree) {
-        if (useMemberNode(groupTree)) {
-            NodeUtil groupNode = new NodeUtil(groupTree, valueFactory);
-            NodeUtil membersNode = groupNode.getOrAddChild(REP_MEMBERS, NT_REP_MEMBERS);
-
-            //FIXME: replace usage of PropertySequence with oak-compatible utility
-//            PropertySequence properties = getPropertySequence(membersTree);
-//            String propName = Text.escapeIllegalJcrChars(authorizable.getID());
-//            if (properties.hasItem(propName)) {
-//                log.debug("Authorizable {} is already member of {}", authorizable, this);
-//                return false;
-//            } else {
-//                CoreValue newMember = createCoreValue(authorizable);
-//                properties.addProperty(propName, newMember);
-//            }
-        } else {
-            List<CoreValue> values;
-            CoreValue toAdd = createCoreValue(newMemberTree);
-            PropertyState property = groupTree.getProperty(REP_MEMBERS);
-            if (property != null) {
-                values = property.getValues();
-                if (values.contains(toAdd)) {
-                    return false;
-                } else {
-                    values.add(toAdd);
-                }
-            } else {
-                values = Collections.singletonList(toAdd);
-            }
-            groupTree.setProperty(REP_MEMBERS, values);
+            node.setValues(propertyName, values, propertyType);
         }
-        return true;
-    }
-
-    @Override
-    public boolean removeMember(Tree groupTree, Tree memberTree) {
-        if (useMemberNode(groupTree)) {
-            Tree membersTree = groupTree.getChild(REP_MEMBERS);
-            if (membersTree != null) {
-                // FIXME: replace usage of PropertySequence with oak-compatible utility
-//                PropertySequence properties = getPropertySequence(membersTree);
-//                String propName = authorizable.getTree().getName();
-                // FIXME: fix.. testing for property name isn't correct.
-//                if (properties.hasItem(propName)) {
-//                    Property p = properties.getItem(propName);
-//                    userManager.removeInternalProperty(p.getParent(), propName);
-//                }
-//                return true;
-                return false;
-            }
-        } else {
-            PropertyState property = groupTree.getProperty(REP_MEMBERS);
-            if (property != null) {
-                CoreValue toRemove = createCoreValue(memberTree);
-                List<CoreValue> values = property.getValues();
-                if (values.remove(toRemove)) {
-                    if (values.isEmpty()) {
-                        groupTree.removeProperty(REP_MEMBERS);
-                    } else {
-                        groupTree.setProperty(REP_MEMBERS, values);
-                    }
-                    return true;
-                }
-            }
-        }
-
-        // nothing changed
-        log.debug("Authorizable {} was not member of {}", memberTree.getName(), groupTree.getName());
-        return false;
     }
 
     //------------------------------------------------------------< private >---
 
-    private String getContentID(String authorizableId) {
-        return IdentifierManager.generateUUID(authorizableId.toLowerCase());
-    }
-
-    private String getContentID(Tree authorizableTree) {
-        return identifierManager.getIdentifier(authorizableTree);
-    }
-
-    private boolean isAuthorizableTree(Tree tree, int type) {
-        // FIXME: check for node type according to the specified type constraint
-        if (tree != null && tree.hasProperty(JcrConstants.JCR_PRIMARYTYPE)) {
-            String ntName = tree.getProperty(JcrConstants.JCR_PRIMARYTYPE).getValue().getString();
-            switch (type) {
-                case UserManager.SEARCH_TYPE_GROUP:
-                    return NT_REP_GROUP.equals(ntName);
-                case UserManager.SEARCH_TYPE_USER:
-                    return NT_REP_USER.equals(ntName);
-                default:
-                    return NT_REP_USER.equals(ntName) || NT_REP_GROUP.equals(ntName);
-            }
-        }
-        return false;
-    }
-
-    //-----------------------------------------------< private UserProvider >---
-
     private Tree createAuthorizableNode(String authorizableId, boolean isGroup, String intermediatePath) throws RepositoryException {
         String nodeName = Text.escapeIllegalJcrChars(authorizableId);
         NodeUtil folder = createFolderNodes(authorizableId, nodeName, isGroup, intermediatePath);
@@ -598,93 +354,4 @@ class UserProviderImpl implements UserPr
         }
         return sb.toString();
     }
-
-    //-----------------------------------------< private MembershipProvider >---
-
-    private CoreValue createCoreValue(Tree authorizableTree) {
-        return valueFactory.createValue(getContentID(authorizableTree), PropertyType.WEAKREFERENCE);
-    }
-
-    private boolean useMemberNode(Tree groupTree) {
-        return splitSize >= 4 && !groupTree.hasProperty(REP_MEMBERS);
-    }
-
-    /**
-     * Returns an iterator of authorizables which includes all indirect members
-     * of the given iterator of authorizables.
-     *
-     *
-     * @param declaredMembers
-     * @param authorizableType
-     * @return Iterator of Authorizable objects
-     */
-    private Iterator<String> getAllMembers(final Iterator<String> declaredMembers,
-                                           final int authorizableType) {
-        Iterator<Iterator<String>> inheritedMembers = new Iterator<Iterator<String>>() {
-            @Override
-            public boolean hasNext() {
-                return declaredMembers.hasNext();
-            }
-
-            @Override
-            public Iterator<String> next() {
-                String memberPath = declaredMembers.next();
-                return Iterators.concat(Iterators.singletonIterator(memberPath), inherited(memberPath));
-            }
-
-            @Override
-            public void remove() {
-                throw new UnsupportedOperationException();
-            }
-
-            private Iterator<String> inherited(String authorizablePath) {
-                Tree group = getAuthorizableByPath(authorizablePath);
-                if (isAuthorizableTree(group, UserManager.SEARCH_TYPE_GROUP)) {
-                    return getMembers(group, authorizableType, true);
-                } else {
-                    return Iterators.emptyIterator();
-                }
-            }
-        };
-        return Iterators.filter(Iterators.concat(inheritedMembers), new ProcessedPathPredicate());
-    }
-
-    private Iterator<String> getAllMembership(final Iterator<String> groupPaths) {
-        Iterator<Iterator<String>> inheritedMembership = new Iterator<Iterator<String>>() {
-            @Override
-            public boolean hasNext() {
-                return groupPaths.hasNext();
-            }
-
-            @Override
-            public Iterator<String> next() {
-                String groupPath = groupPaths.next();
-                return Iterators.concat(Iterators.singletonIterator(groupPath), inherited(groupPath));
-            }
-
-            @Override
-            public void remove() {
-                throw new UnsupportedOperationException();
-            }
-
-            private Iterator<String> inherited(String authorizablePath) {
-                Tree group = getAuthorizableByPath(authorizablePath);
-                if (isAuthorizableTree(group, UserManager.SEARCH_TYPE_GROUP)) {
-                    return getMembership(group, true);
-                } else {
-                    return Iterators.emptyIterator();
-                }
-            }
-        };
-
-        return Iterators.filter(Iterators.concat(inheritedMembership), new ProcessedPathPredicate());
-    }
-
-    private static final class ProcessedPathPredicate implements Predicate<String> {
-        private final Set<String> processed = new HashSet<String>();
-        @Override
-        public boolean apply(@Nullable String path) {
-            return processed.add(path);
-        }
-    }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/MembershipProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/MembershipProvider.java?rev=1376082&r1=1376081&r2=1376082&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/MembershipProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/MembershipProvider.java Wed Aug 22 14:48:22 2012
@@ -34,10 +34,10 @@ public interface MembershipProvider {
     Iterator<String> getMembership(Tree authorizableTree, boolean includeInherited);
 
     @Nonnull
-    Iterator<String> getMembers(String groupId, int authorizableType, boolean includeInherited);
+    Iterator<String> getMembers(String groupId, Type authorizableType, boolean includeInherited);
 
     @Nonnull
-    Iterator<String> getMembers(Tree groupTree, int authorizableType, boolean includeInherited);
+    Iterator<String> getMembers(Tree groupTree, Type authorizableType, boolean includeInherited);
 
     boolean isMember(Tree groupTree, Tree authorizableTree, boolean includeInherited);
 

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/Type.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/Type.java?rev=1376082&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/Type.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/Type.java Wed Aug 22 14:48:22 2012
@@ -0,0 +1,23 @@
+package org.apache.jackrabbit.oak.spi.security.user;
+
+import org.apache.jackrabbit.api.security.user.UserManager;
+
+/**
+ * Created by IntelliJ IDEA.
+ * User: angela
+ * Date: 8/22/12
+ * Time: 3:48 PM
+ * To change this template use File | Settings | File Templates.
+ */
+public enum Type {
+
+    USER(UserManager.SEARCH_TYPE_USER),
+    GROUP(UserManager.SEARCH_TYPE_GROUP),
+    AUTHORIZABLE(UserManager.SEARCH_TYPE_AUTHORIZABLE);
+
+    private final int userType;
+
+    Type(int userType) {
+        this.userType = userType;
+    }
+}

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java?rev=1376082&r1=1376081&r2=1376082&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java Wed Aug 22 14:48:22 2012
@@ -37,4 +37,18 @@ public interface UserConstants {
     String DEFAULT_GROUP_PATH = "/rep:security/rep:authorizables/rep:groups";
     int DEFAULT_DEPTH = 2;
 
+    int SEARCH_TYPE_USER = 1;
+
+    /**
+     * Filter flag indicating that only <code>Group</code>s should be searched
+     * and returned.
+     */
+    int SEARCH_TYPE_GROUP = 2;
+
+    /**
+     * Filter flag indicating that all <code>Authorizable</code>s should be
+     * searched.
+     */
+    int SEARCH_TYPE_AUTHORIZABLE = 3;
+
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java?rev=1376082&r1=1376081&r2=1376082&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java Wed Aug 22 14:48:22 2012
@@ -18,6 +18,9 @@ package org.apache.jackrabbit.oak.spi.se
 
 import javax.annotation.Nonnull;
 
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.CoreValueFactory;
+import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
 
 /**
@@ -29,12 +32,12 @@ public interface UserContext {
     UserConfig getConfig();
 
     @Nonnull
-    UserProvider getUserProvider();
+    UserProvider getUserProvider(ContentSession contentSession, Root root);
 
     @Nonnull
-    MembershipProvider getMembershipProvider();
+    MembershipProvider getMembershipProvider(ContentSession contentSession, Root root);
 
     @Nonnull
-    ValidatorProvider getUserValidatorProvider();
+    ValidatorProvider getUserValidatorProvider(CoreValueFactory valueFactory);
 
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java?rev=1376082&r1=1376081&r2=1376082&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java Wed Aug 22 14:48:22 2012
@@ -41,7 +41,7 @@ public interface UserProvider {
     Tree getAuthorizable(String authorizableId);
 
     @CheckForNull
-    Tree getAuthorizable(String authorizableId, int authorizableType);
+    Tree getAuthorizable(String authorizableId, Type authorizableType);
 
     @CheckForNull
     Tree getAuthorizableByPath(String authorizableOakPath);
@@ -54,8 +54,8 @@ public interface UserProvider {
 
     boolean isAdminUser(Tree userTree);
 
-    void setProtectedProperty(Tree authorizableTree, String propertyName, String value, int type);
+    void setProtectedProperty(Tree authorizableTree, String propertyName, String value, int propertyType);
 
-    void setProtectedProperty(Tree v, String propertyName, String[] values, int type);
+    void setProtectedProperty(Tree v, String propertyName, String[] values, int propertyType);
 
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java?rev=1376082&r1=1376081&r2=1376082&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java Wed Aug 22 14:48:22 2012
@@ -23,7 +23,6 @@ import java.util.List;
 import java.util.Map;
 import javax.jcr.RepositoryException;
 
-import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.AbstractOakTest;
 import org.apache.jackrabbit.oak.api.CommitFailedException;
 import org.apache.jackrabbit.oak.api.ContentRepository;
@@ -31,6 +30,7 @@ import org.apache.jackrabbit.oak.api.Con
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.core.DefaultConflictHandler;
+import org.apache.jackrabbit.oak.spi.security.user.Type;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
@@ -288,23 +288,23 @@ public class UserProviderImplTest extend
         Tree user = up.createUser(userID, null);
         root.commit(DefaultConflictHandler.OURS);
 
-        Tree a = up.getAuthorizable(userID, UserManager.SEARCH_TYPE_USER);
+        Tree a = up.getAuthorizable(userID, Type.USER);
         assertNotNull(a);
         assertEquals(user.getPath(), a.getPath());
 
-        assertNotNull(up.getAuthorizable(userID, UserManager.SEARCH_TYPE_AUTHORIZABLE));
-        assertNull(up.getAuthorizable(userID, UserManager.SEARCH_TYPE_GROUP));
+        assertNotNull(up.getAuthorizable(userID, Type.AUTHORIZABLE));
+        assertNull(up.getAuthorizable(userID, Type.GROUP));
 
         String groupID = "hr";
         Tree group = up.createGroup(groupID, null);
         root.commit(DefaultConflictHandler.OURS);
 
-        Tree g = up.getAuthorizable(groupID, UserManager.SEARCH_TYPE_GROUP);
+        Tree g = up.getAuthorizable(groupID, Type.GROUP);
         assertNotNull(a);
         assertEquals(user.getPath(), a.getPath());
 
-        assertNotNull(up.getAuthorizable(groupID, UserManager.SEARCH_TYPE_AUTHORIZABLE));
-        assertNull(up.getAuthorizable(groupID, UserManager.SEARCH_TYPE_USER));
+        assertNotNull(up.getAuthorizable(groupID, Type.AUTHORIZABLE));
+        assertNull(up.getAuthorizable(groupID, Type.USER));
     }
 
     @Test

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java?rev=1376082&r1=1376081&r2=1376082&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java Wed Aug 22 14:48:22 2012
@@ -18,7 +18,6 @@ package org.apache.jackrabbit.oak.jcr;
 
 import java.io.IOException;
 import java.util.concurrent.ScheduledExecutorService;
-
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.jcr.ItemExistsException;
@@ -55,6 +54,7 @@ import org.apache.jackrabbit.oak.namepat
 import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
 import org.apache.jackrabbit.oak.plugins.value.AnnotatingConflictHandler;
 import org.apache.jackrabbit.oak.security.user.UserContextImpl;
+import org.apache.jackrabbit.oak.spi.security.user.UserContext;
 import org.apache.jackrabbit.oak.util.TODO;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -480,8 +480,9 @@ public class SessionDelegate {
     }
 
     UserManager getUserManager() throws UnsupportedRepositoryOperationException {
-
-        return TODO.unimplemented().returnValue(new UserManagerImpl(getSession(), getNamePathMapper(), new UserContextImpl(getContentSession(), root)));
+        // FIXME
+        UserContext ctx = new UserContextImpl();
+        return TODO.unimplemented().returnValue(new UserManagerImpl(getSession(), getNamePathMapper(), ctx.getUserProvider(contentSession, root), ctx.getMembershipProvider(contentSession, root), ctx.getConfig()));
     }
 
     //--------------------------------------------------< SessionNameMapper >---

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java?rev=1376082&r1=1376081&r2=1376082&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java Wed Aug 22 14:48:22 2012
@@ -33,6 +33,7 @@ import org.apache.jackrabbit.oak.api.Tre
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.spi.security.principal.TreeBasedPrincipal;
 import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
+import org.apache.jackrabbit.oak.spi.security.user.Type;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -177,7 +178,7 @@ class GroupImpl extends AuthorizableImpl
             return uMgr.findAuthorizables(propName, null, UserManager.SEARCH_TYPE_AUTHORIZABLE);
         } else {
             MembershipProvider mMgr = uMgr.getMembershipProvider();
-            Iterator oakPaths = mMgr.getMembers(getTree(), UserManager.SEARCH_TYPE_AUTHORIZABLE, includeInherited);
+            Iterator oakPaths = mMgr.getMembers(getTree(), Type.AUTHORIZABLE, includeInherited);
             if (!oakPaths.hasNext()) {
                 AuthorizableIterator iterator = new AuthorizableIterator(oakPaths, uMgr);
                 return new RangeIteratorAdapter(iterator, iterator.getSize());

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java?rev=1376082&r1=1376081&r2=1376082&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java Wed Aug 22 14:48:22 2012
@@ -40,8 +40,8 @@ import org.apache.jackrabbit.oak.namepat
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
 import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
-import org.apache.jackrabbit.oak.spi.security.user.UserContext;
 import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
 import org.slf4j.Logger;
@@ -57,12 +57,18 @@ public class UserManagerImpl implements 
     private final Session session;
     private final NamePathMapper namePathMapper;
 
-    private final UserContext userContext;
-
-    public UserManagerImpl(Session session, NamePathMapper namePathMapper, UserContext userContext) {
+    private final UserProvider userProvider;
+    private final MembershipProvider membershipProvider;
+    private final UserConfig config;
+
+    public UserManagerImpl(Session session, NamePathMapper namePathMapper,
+                           UserProvider userProvider, MembershipProvider membershipProvider,
+                           UserConfig config) {
         this.session = session;
         this.namePathMapper = namePathMapper;
-        this.userContext = userContext;
+        this.userProvider = userProvider;
+        this.membershipProvider = membershipProvider;
+        this.config = config;
     }
 
     //--------------------------------------------------------< UserManager >---
@@ -264,7 +270,7 @@ public class UserManagerImpl implements 
     }
 
     private AuthorizableAction[] getAuthorizableActions() {
-        return userContext.getConfig().getAuthorizableActions();
+        return config.getAuthorizableActions();
     }
 
     //--------------------------------------------------------------------------
@@ -284,7 +290,7 @@ public class UserManagerImpl implements 
         String pwHash;
         if (forceHash || PasswordUtility.isPlainTextPassword(password)) {
             try {
-                pwHash = PasswordUtility.buildPasswordHash(password, userContext.getConfig());
+                pwHash = PasswordUtility.buildPasswordHash(password, config);
             } catch (NoSuchAlgorithmException e) {
                 throw new RepositoryException(e);
             } catch (UnsupportedEncodingException e) {
@@ -313,11 +319,11 @@ public class UserManagerImpl implements 
     }
 
     UserProvider getUserProvider() {
-        return userContext.getUserProvider();
+        return userProvider;
     }
 
     MembershipProvider getMembershipProvider() {
-        return userContext.getMembershipProvider();
+        return membershipProvider;
     }
 
     @CheckForNull



Mime
View raw message