jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1376102 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/ oak-core/src/main/java/org/apache/jackrabbit/oak/...
Date Wed, 22 Aug 2012 15:49:21 GMT
Author: angela
Date: Wed Aug 22 15:49:20 2012
New Revision: 1376102

URL: http://svn.apache.org/viewvc?rev=1376102&view=rev
Log:
OAK-50 : Implement User Management (WIP)
OAK-91 : Authentication (WIP)

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java
      - copied, changed from r1376019, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/Authentication.java
Removed:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/Authentication.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfo.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java
Wed Aug 22 15:49:20 2012
@@ -16,11 +16,13 @@
  */
 package org.apache.jackrabbit.oak.security.authentication;
 
+import java.security.Principal;
+import java.util.Set;
 import javax.jcr.Credentials;
 import javax.jcr.GuestCredentials;
 import javax.jcr.SimpleCredentials;
-import java.security.Principal;
-import java.util.Set;
+
+import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
 
 /**
  * AuthenticationImpl...

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
Wed Aug 22 15:49:20 2012
@@ -18,7 +18,6 @@ package org.apache.jackrabbit.oak.securi
 
 import java.io.IOException;
 import java.security.Principal;
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
@@ -36,8 +35,8 @@ import javax.security.auth.login.LoginEx
 
 import org.apache.jackrabbit.oak.api.AuthInfo;
 import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
+import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
 import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
-import org.apache.jackrabbit.oak.spi.security.authentication.PrincipalProviderCallback;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -165,33 +164,6 @@ public class LoginModuleImpl extends Abs
     }
 
     //--------------------------------------------------------------------------
-
-    private Set<Principal> getPrincipals(String userID) {
-        PrincipalProvider principalProvider = getPrincipalProvider();
-        if (principalProvider == null) {
-            log.debug("Commit: Cannot retrieve principals. No principal provider configured.");
-            return Collections.emptySet();
-        } else {
-            return principalProvider.getPrincipals(userID);
-        }
-    }
-
-    private PrincipalProvider getPrincipalProvider() {
-        PrincipalProvider principalProvider = null;
-        if (callbackHandler != null) {
-            try {
-                PrincipalProviderCallback principalCallBack = new PrincipalProviderCallback();
-                callbackHandler.handle(new Callback[] {principalCallBack});
-                principalProvider = principalCallBack.getPrincipalProvider();
-            } catch (IOException e) {
-                log.warn(e.getMessage());
-            } catch (UnsupportedCallbackException e) {
-                log.warn(e.getMessage());
-            }
-        }
-        return principalProvider;
-    }
-
     @CheckForNull
     private String getUserID() {
         // TODO add proper implementation

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
Wed Aug 22 15:49:20 2012
@@ -19,10 +19,11 @@ package org.apache.jackrabbit.oak.securi
 import java.security.Principal;
 import java.util.Date;
 import java.util.Set;
+import javax.annotation.Nonnull;
 import javax.jcr.Credentials;
 
 import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
-import org.apache.jackrabbit.oak.security.authentication.Authentication;
+import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -40,6 +41,7 @@ class TokenAuthentication implements Aut
         this.tokenProvider = tokenProvider;
     }
 
+    //-----------------------------------------------------< Authentication >---
     @Override
     public boolean authenticate(Credentials credentials) {
         boolean success = false;
@@ -58,11 +60,16 @@ class TokenAuthentication implements Aut
         return false;
     }
 
+    //-----------------------------------------------------------< internal >---
+    @Nonnull
     TokenInfo getTokenInfo() {
+        if (tokenInfo == null) {
+            throw new IllegalStateException("Token info can only be retrieved upon successful
authentication.");
+        }
         return tokenInfo;
     }
 
-    //--------------------------------------------------------------------------
+    //------------------------------------------------------------< private >---
     private boolean validateCredentials(TokenCredentials tokenCredentials) {
         // credentials without userID -> check if attributes provide
         // sufficient information for successful authentication.

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfo.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfo.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfo.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfo.java
Wed Aug 22 15:49:20 2012
@@ -17,6 +17,7 @@
 package org.apache.jackrabbit.oak.security.authentication.token;
 
 import java.util.Map;
+import javax.annotation.Nonnull;
 
 import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
 
@@ -25,13 +26,19 @@ import org.apache.jackrabbit.api.securit
  */
 public interface TokenInfo {
 
+    @Nonnull
+    String getUserId();
+
+    @Nonnull
     String getToken();
 
     boolean isExpired(long loginTime);
 
     boolean matches(TokenCredentials tokenCredentials);
 
+    @Nonnull
     Map<String, String> getPrivateAttributes();
 
+    @Nonnull
     Map<String, String> getPublicAttributes();
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
Wed Aug 22 15:49:20 2012
@@ -67,8 +67,11 @@ public class TokenLoginModule extends Ab
             if (authentication.authenticate(tc)) {
                 tokenCredentials = tc;
                 tokenInfo = authentication.getTokenInfo();
-                userID = null; // TODO: getUserID(tc);
-                principals = null; // TODO getPrincipals(userID);
+                userID = tokenInfo.getUserId();
+                principals = getPrincipals(userID);
+
+                log.debug("Login: adding login name to shared state.");
+                sharedState.put(SHARED_KEY_LOGIN_NAME, userID);
                 return true;
             }
         }
@@ -78,7 +81,7 @@ public class TokenLoginModule extends Ab
 
     @Override
     public boolean commit() throws LoginException {
-        if (tokenCredentials != null || !principals.isEmpty()) {
+        if (tokenCredentials != null) {
             if (!subject.isReadOnly()) {
                 subject.getPublicCredentials().add(tokenCredentials);
                 subject.getPrincipals().addAll(principals);
@@ -89,21 +92,19 @@ public class TokenLoginModule extends Ab
 
         if (tokenProvider != null && sharedState.containsKey(SHARED_KEY_CREDENTIALS))
{
             Credentials shared = getSharedCredentials();
-            if (shared != null) {
-                if (tokenProvider.doCreateToken(shared)) {
-                    TokenInfo ti = tokenProvider.createToken(shared);
-                    if (ti != null) {
-                        TokenCredentials tc = new TokenCredentials(ti.getToken());
-                        Map<String, String> attributes = ti.getPrivateAttributes();
-                        for (String name : attributes.keySet()) {
-                            tc.setAttribute(name, attributes.get(name));
-                        }
-                        attributes = ti.getPublicAttributes();
-                        for (String name : attributes.keySet()) {
-                            tc.setAttribute(name, attributes.get(name));
-                        }
-                        subject.getPublicCredentials().add(tc);
+            if (shared != null && tokenProvider.doCreateToken(shared)) {
+                TokenInfo ti = tokenProvider.createToken(shared);
+                if (ti != null) {
+                    TokenCredentials tc = new TokenCredentials(ti.getToken());
+                    Map<String, String> attributes = ti.getPrivateAttributes();
+                    for (String name : attributes.keySet()) {
+                        tc.setAttribute(name, attributes.get(name));
+                    }
+                    attributes = ti.getPublicAttributes();
+                    for (String name : attributes.keySet()) {
+                        tc.setAttribute(name, attributes.get(name));
                     }
+                    subject.getPublicCredentials().add(tc);
                 }
             }
         }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
Wed Aug 22 15:49:20 2012
@@ -27,6 +27,7 @@ import java.util.Date;
 import java.util.GregorianCalendar;
 import java.util.HashMap;
 import java.util.Map;
+import javax.annotation.CheckForNull;
 import javax.jcr.Credentials;
 import javax.jcr.SimpleCredentials;
 
@@ -105,11 +106,11 @@ public class TokenProviderImpl implement
     public TokenInfo createToken(Credentials credentials) {
         if (credentials instanceof SimpleCredentials) {
             final SimpleCredentials sc = (SimpleCredentials) credentials;
-            String userID = sc.getUserID();
+            String userId = sc.getUserID();
 
             CoreValueFactory valueFactory = contentSession.getCoreValueFactory();
             try {
-                Tree userTree = userProvider.getAuthorizable(userID, Type.USER);
+                Tree userTree = userProvider.getAuthorizable(userId, Type.USER);
                 if (userTree != null) {
                     NodeUtil userNode = new NodeUtil(userTree, valueFactory);
                     NodeUtil tokenParent = userNode.getChild(TOKENS_NODE_NAME);
@@ -143,9 +144,9 @@ public class TokenProviderImpl implement
 
                     // also set the new token to the simple credentials.
                     sc.setAttribute(TOKEN_ATTRIBUTE, token);
-                    return new TokenInfoImpl(tokenNode, token);
+                    return new TokenInfoImpl(tokenNode, token, userId);
                 } else {
-                    log.debug("Cannot create login token: No corresponding node for User
" + userID + '.');
+                    log.debug("Cannot create login token: No corresponding node for User
" + userId + '.');
                 }
 
             } catch (NoSuchAlgorithmException e) {
@@ -165,7 +166,12 @@ public class TokenProviderImpl implement
         int pos = token.indexOf(DELIM);
         String tokenPath = (pos == -1) ? token : token.substring(0, pos);
         Tree tokenTree = root.getTree(tokenPath);
-        return (tokenTree == null) ? null : new TokenInfoImpl(new NodeUtil(tokenTree, contentSession),
token);
+        String userId = getUserId(tokenTree);
+        if (tokenTree == null || userId == null) {
+            return null;
+        } else {
+            return new TokenInfoImpl(new NodeUtil(tokenTree, contentSession), token, userId);
+        }
     }
 
     @Override
@@ -206,17 +212,6 @@ public class TokenProviderImpl implement
 
 
     //--------------------------------------------------------------------------
-    /**
-     * Returns {@code true} if the specified {@code attributeName}
-     * starts with or equals {@link #TOKEN_ATTRIBUTE}.
-     *
-     * @param attributeName
-     * @return {@code true} if the specified {@code attributeName}
-     * starts with or equals {@link #TOKEN_ATTRIBUTE}.
-     */
-    private static boolean isMandatoryAttribute(String attributeName) {
-        return attributeName != null && attributeName.startsWith(TOKEN_ATTRIBUTE);
-    }
 
     private static String generateKey(int size) {
         SecureRandom random = new SecureRandom();
@@ -231,6 +226,7 @@ public class TokenProviderImpl implement
         return res.toString();
     }
 
+    @CheckForNull
     private Tree getTokenTree(TokenInfo tokenInfo) {
         if (tokenInfo instanceof TokenInfoImpl) {
             return root.getTree(((TokenInfoImpl) tokenInfo).tokenPath);
@@ -239,22 +235,35 @@ public class TokenProviderImpl implement
         }
     }
 
+    @CheckForNull
+    private String getUserId(Tree tokenTree) {
+        if (tokenTree != null) {
+            Tree userTree = tokenTree.getParent().getParent();
+            return userProvider.getAuthorizableId(userTree, Type.USER);
+        }
+
+        return null;
+    }
+
     //--------------------------------------------------------------------------
 
     private static class TokenInfoImpl implements TokenInfo {
 
         private final String token;
         private final String tokenPath;
+        private final String userId;
 
         private final long expirationTime;
         private final String key;
-        private Map<String, String> mandatoryAttributes;
-        private Map<String, String> publicAttributes;
+
+        private final Map<String, String> mandatoryAttributes;
+        private final Map<String, String> publicAttributes;
 
 
-        private TokenInfoImpl(NodeUtil tokenNode, String token) {
+        private TokenInfoImpl(NodeUtil tokenNode, String token, String userId) {
             this.token = token;
             this.tokenPath = tokenNode.getTree().getPath();
+            this.userId = userId;
 
             expirationTime = tokenNode.getLong(TOKEN_ATTRIBUTE_EXPIRY, Long.MIN_VALUE);
             key = tokenNode.getString(TOKEN_ATTRIBUTE_KEY, null);
@@ -273,6 +282,13 @@ public class TokenProviderImpl implement
             }
         }
 
+        //------------------------------------------------------< TokenInfo >---
+
+        @Override
+        public String getUserId() {
+            return userId;
+        }
+
         @Override
         public String getToken() {
             return token;
@@ -319,6 +335,18 @@ public class TokenProviderImpl implement
         }
 
         /**
+         * Returns {@code true} if the specified {@code attributeName}
+         * starts with or equals {@link #TOKEN_ATTRIBUTE}.
+         *
+         * @param attributeName
+         * @return {@code true} if the specified {@code attributeName}
+         * starts with or equals {@link #TOKEN_ATTRIBUTE}.
+         */
+        private static boolean isMandatoryAttribute(String attributeName) {
+            return attributeName != null && attributeName.startsWith(TOKEN_ATTRIBUTE);
+        }
+
+        /**
          * Returns {@code false} if the specified attribute name doesn't have
          * a 'jcr' or 'rep' namespace prefix; {@code true} otherwise. This is
          * a lazy evaluation in order to avoid testing the defining node type of

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
Wed Aug 22 15:49:20 2012
@@ -219,21 +219,23 @@ class UserProviderImpl extends Authoriza
     }
 
     @Override
-    public String getAuthorizableId(Tree authorizableTree) {
+    public String getAuthorizableId(Tree authorizableTree, Type authorizableType) {
         assert authorizableTree != null;
-        PropertyState idProp = authorizableTree.getProperty(UserConstants.REP_AUTHORIZABLE_ID);
-        if (idProp != null) {
-            return idProp.getValue().getString();
-        } else {
-            return Text.unescapeIllegalJcrChars(authorizableTree.getName());
+        if (isAuthorizableTree(authorizableTree, authorizableType)) {
+            PropertyState idProp = authorizableTree.getProperty(UserConstants.REP_AUTHORIZABLE_ID);
+            if (idProp != null) {
+                return idProp.getValue().getString();
+            } else {
+                return Text.unescapeIllegalJcrChars(authorizableTree.getName());
+            }
         }
+        return null;
     }
 
     @Override
     public boolean isAdminUser(Tree userTree) {
         assert userTree != null;
-        return isAuthorizableTree(userTree, Type.USER) &&
-               adminId.equals(getAuthorizableId(userTree));
+        return adminId.equals(getAuthorizableId(userTree, Type.USER));
     }
 
     @Override

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
Wed Aug 22 15:49:20 2012
@@ -17,6 +17,8 @@
 package org.apache.jackrabbit.oak.spi.security.authentication;
 
 import java.io.IOException;
+import java.security.Principal;
+import java.util.Collections;
 import java.util.Map;
 import java.util.Set;
 import javax.annotation.CheckForNull;
@@ -28,6 +30,7 @@ import javax.security.auth.callback.Unsu
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -143,4 +146,31 @@ public abstract class AbstractLoginModul
             return null;
         }
     }
+
+
+    protected Set<Principal> getPrincipals(String userID) {
+        PrincipalProvider principalProvider = getPrincipalProvider();
+        if (principalProvider == null) {
+            log.debug("Cannot retrieve principals. No principal provider configured.");
+            return Collections.emptySet();
+        } else {
+            return principalProvider.getPrincipals(userID);
+        }
+    }
+
+    private PrincipalProvider getPrincipalProvider() {
+        PrincipalProvider principalProvider = null;
+        if (callbackHandler != null) {
+            try {
+                PrincipalProviderCallback principalCallBack = new PrincipalProviderCallback();
+                callbackHandler.handle(new Callback[] {principalCallBack});
+                principalProvider = principalCallBack.getPrincipalProvider();
+            } catch (IOException e) {
+                log.warn(e.getMessage());
+            } catch (UnsupportedCallbackException e) {
+                log.warn(e.getMessage());
+            }
+        }
+        return principalProvider;
+    }
 }

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java
(from r1376019, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/Authentication.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/Authentication.java&r1=1376019&r2=1376102&rev=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/Authentication.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java
Wed Aug 22 15:49:20 2012
@@ -14,11 +14,11 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.security.authentication;
+package org.apache.jackrabbit.oak.spi.security.authentication;
 
-import javax.jcr.Credentials;
 import java.security.Principal;
 import java.util.Set;
+import javax.jcr.Credentials;
 
 /**
  * The {@code Authentication} interface defines methods to validate
@@ -38,8 +38,6 @@ import java.util.Set;
  */
 public interface Authentication {
 
-    // TODO: evaluate if that should part of SPI package.
-
     /**
      * Validates the specified {@code Credentials} and returns {@code true} if
      * the validation was successful.

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
Wed Aug 22 15:49:20 2012
@@ -17,12 +17,10 @@
 package org.apache.jackrabbit.oak.spi.security.user;
 
 import java.security.Principal;
-import java.util.List;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.jcr.RepositoryException;
 
-import org.apache.jackrabbit.oak.api.CoreValue;
 import org.apache.jackrabbit.oak.api.Tree;
 
 /**
@@ -49,8 +47,8 @@ public interface UserProvider {
     @CheckForNull
     Tree getAuthorizableByPrincipal(Principal principal);
 
-    @Nonnull
-    String getAuthorizableId(Tree authorizableTree);
+    @CheckForNull
+    String getAuthorizableId(Tree authorizableTree, Type authorizableType);
 
     boolean isAdminUser(Tree userTree);
 

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java
Wed Aug 22 15:49:20 2012
@@ -253,7 +253,7 @@ public class UserProviderImplTest extend
             root.commit(DefaultConflictHandler.OURS);
 
             assertEquals(defaultUserPath + m.get(uid), user.getPath());
-            assertEquals(uid, userProvider.getAuthorizableId(user));
+            assertEquals(uid, userProvider.getAuthorizableId(user, Type.USER));
 
             Tree ath = userProvider.getAuthorizable(uid);
             assertNotNull("Tree with id " + uid + " must exist.", ath);
@@ -344,11 +344,16 @@ public class UserProviderImplTest extend
 
         String userID = "Amanda";
         Tree user = up.createUser(userID, null);
-        assertEquals(userID, up.getAuthorizableId(user));
+        assertEquals(userID, up.getAuthorizableId(user, Type.USER));
+        assertEquals(userID, up.getAuthorizableId(user, Type.AUTHORIZABLE));
+        assertNull(up.getAuthorizableId(user, Type.GROUP));
+
 
         String groupID = "visitors";
         Tree group = up.createGroup(groupID, null);
-        assertEquals(groupID, up.getAuthorizableId(group));
+        assertEquals(groupID, up.getAuthorizableId(group, Type.GROUP));
+        assertEquals(groupID, up.getAuthorizableId(group, Type.AUTHORIZABLE));
+        assertNull(up.getAuthorizableId(group, Type.USER));
     }
 
     @Test

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java?rev=1376102&r1=1376101&r2=1376102&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java
Wed Aug 22 15:49:20 2012
@@ -36,6 +36,7 @@ import org.apache.jackrabbit.commons.ite
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
+import org.apache.jackrabbit.oak.spi.security.user.Type;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.util.Text;
 import org.slf4j.Logger;
@@ -80,7 +81,7 @@ abstract class AuthorizableImpl implemen
      */
     @Override
     public String getID() {
-        return userManager.getUserProvider().getAuthorizableId(tree);
+        return userManager.getUserProvider().getAuthorizableId(tree, (isGroup()) ? Type.GROUP
: Type.USER);
     }
 
     /**



Mime
View raw message