jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1376478 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/ oak-core/src/main/java/org/apache/jackrabbit/oak/...
Date Thu, 23 Aug 2012 13:25:33 GMT
Author: angela
Date: Thu Aug 23 13:25:32 2012
New Revision: 1376478

URL: http://svn.apache.org/viewvc?rev=1376478&view=rev
Log:
OAK-50 : Implement User Management (WIP)
OAK-64 : principal mgt (WIP)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthInfoImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/Type.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthInfoImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthInfoImpl.java?rev=1376478&r1=1376477&r2=1376478&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthInfoImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthInfoImpl.java
Thu Aug 23 13:25:32 2012
@@ -16,14 +16,14 @@
  */
 package org.apache.jackrabbit.oak.security.authentication;
 
-import org.apache.jackrabbit.oak.api.AuthInfo;
-
 import java.security.Principal;
 import java.util.Collections;
 import java.util.Map;
 import java.util.Set;
 import javax.annotation.Nonnull;
 
+import org.apache.jackrabbit.oak.api.AuthInfo;
+
 /**
  * AuthInfoImpl... TODO
  */
@@ -33,7 +33,7 @@ public class AuthInfoImpl implements Aut
     private final Map<String,?> attributes;
     private final Set<Principal> principals;
 
-    public AuthInfoImpl(String userID, Map<String, ?> attributes, Set<Principal>
principals) {
+    public AuthInfoImpl(String userID, Map<String, ?> attributes, Set<? extends
Principal> principals) {
         this.userID = userID;
         this.attributes = (attributes == null) ? Collections.<String, Object>emptyMap()
: attributes;
         this.principals = Collections.unmodifiableSet(principals);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java?rev=1376478&r1=1376477&r2=1376478&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
Thu Aug 23 13:25:32 2012
@@ -99,7 +99,7 @@ public class LoginModuleImpl extends Abs
     }
 
     private Credentials credentials;
-    private Set<Principal> principals;
+    private Set<? extends Principal> principals;
     private String userID;
 
     //--------------------------------------------------------< LoginModule >---

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java?rev=1376478&r1=1376477&r2=1376478&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
Thu Aug 23 13:25:32 2012
@@ -49,7 +49,7 @@ public class TokenLoginModule extends Ab
     private TokenCredentials tokenCredentials;
     private TokenInfo tokenInfo;
     private String userID;
-    private Set<Principal> principals;
+    private Set<? extends Principal> principals;
 
     //--------------------------------------------------------< LoginModule >---
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java?rev=1376478&r1=1376477&r2=1376478&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
Thu Aug 23 13:25:32 2012
@@ -43,9 +43,9 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 /**
- * The {@code KernelPrincipalProvider} is a principal provider implementation
- * that operates on principal information read from user information stored
- * in the {@code MicroKernel}.
+ * The {@code PrincipalProviderImpl} is a principal provider implementation
+ * that operates on principal information read from user information exposed by
+ * the configured {@link UserProvider} and {@link MembershipProvider}.
  */
 public class PrincipalProviderImpl implements PrincipalProvider {
 
@@ -94,7 +94,7 @@ public class PrincipalProviderImpl imple
     }
 
     @Override
-    public Set<Principal> getPrincipals(String userID) {
+    public Set<? extends Principal> getPrincipals(String userID) {
         Set<Principal> principals;
         Tree userTree = userProvider.getAuthorizable(userID, Type.USER);
         if (userTree != null) {
@@ -112,9 +112,12 @@ public class PrincipalProviderImpl imple
     }
 
     @Override
-    public Iterator<Principal> findPrincipals(String nameHint, int searchType) {
-        // TODO add implementation
-        throw new UnsupportedOperationException("TODO: PrincipalProvide#findPrincipals");
+    public Iterator<? extends Principal> findPrincipals(String nameHint, int searchType)
{
+        String[] propNames = new String[] {UserConstants.REP_PRINCIPAL_NAME};
+        String[] ntNames = new String[] {UserConstants.NT_REP_AUTHORIZABLE};
+        Iterator<Tree> authorizables = userProvider.findAuthorizables(propNames, nameHint,
ntNames, false, Long.MAX_VALUE, Type.AUTHORIZABLE);
+
+        return Iterators.transform(authorizables, new AuthorizableToPrincipal());
     }
 
     //------------------------------------------------------------< private >---
@@ -143,6 +146,24 @@ public class PrincipalProviderImpl imple
     }
 
     /**
+     * Function to covert an authorizable tree to a principal.
+     */
+    private final class AuthorizableToPrincipal implements Function<Tree, TreeBasedPrincipal>
{
+
+        @Override
+        public TreeBasedPrincipal apply(@Nullable Tree tree) {
+            if (tree == null) {
+                throw new IllegalArgumentException("null tree.");
+            }
+            if (userProvider.isAuthorizableType(tree, Type.GROUP)) {
+                return new TreeBasedGroup(tree);
+            } else {
+                return new TreeBasedPrincipal(tree, pathMapper);
+            }
+        }
+    }
+
+    /**
      * Tree-based principal implementation that marks the principal as group.
      */
     private final class TreeBasedGroup extends TreeBasedPrincipal implements Group {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java?rev=1376478&r1=1376477&r2=1376478&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
Thu Aug 23 13:25:32 2012
@@ -133,7 +133,7 @@ import org.slf4j.LoggerFactory;
  * <h3>By Principal Name</h3>
  * TODO
  *
- * <h1>MembershipProvider</h1>
+ * <h3>Search for authorizables</h3>
  *
  * TODO
  */
@@ -233,6 +233,17 @@ class UserProviderImpl extends Authoriza
     }
 
     @Override
+    public Iterator<Tree> findAuthorizables(String[] propertyRelPaths, String value,
String[] ntNames, boolean exact, long maxSize, Type authorizableType) {
+        // TODO
+        throw new UnsupportedOperationException("not yet implemented");
+    }
+
+    @Override
+    public boolean isAuthorizableType(Tree authorizableTree, Type authorizableType) {
+        return isAuthorizableTree(authorizableTree, authorizableType);
+    }
+
+    @Override
     public boolean isAdminUser(Tree userTree) {
         assert userTree != null;
         return adminId.equals(getAuthorizableId(userTree, Type.USER));
@@ -284,10 +295,10 @@ class UserProviderImpl extends Authoriza
      * configured user or group path. Note that Authorizable nodes are never
      * nested.
      *
-     * @param authorizableId
-     * @param nodeName
-     * @param isGroup
-     * @param intermediatePath
+     * @param authorizableId The desired authorizable ID.
+     * @param nodeName The name of the authorizable node.
+     * @param isGroup Flag indicating whether the new authorizable is a group or a user.
+     * @param intermediatePath An optional intermediate path.
      * @return The folder node.
      * @throws RepositoryException If an error occurs
      */
@@ -308,17 +319,12 @@ class UserProviderImpl extends Authoriza
         String[] segmts = Text.explode(folderPath, '/', false);
         for (String segment : segmts) {
             folder = folder.getOrAddChild(segment, NT_REP_AUTHORIZABLE_FOLDER);
-            // TODO: remove check once UserValidator is active
-            if (!folder.hasPrimaryNodeTypeName(NT_REP_AUTHORIZABLE_FOLDER)) {
-                String msg = "Cannot create user/group: Intermediate folders must be of type
rep:AuthorizableFolder.";
-                throw new ConstraintViolationException(msg);
-            }
+            // verification of node type is delegated to UserValidator upon commit
         }
 
         // test for colliding folder child node.
         while (folder.hasChild(nodeName)) {
             NodeUtil colliding = folder.getChild(nodeName);
-            // TODO: remove check once UserValidator is active
             if (colliding.hasPrimaryNodeTypeName(NT_REP_AUTHORIZABLE_FOLDER)) {
                 log.debug("Existing folder node collides with user/group to be created. Expanding
path by: " + colliding.getName());
                 folder = colliding;
@@ -330,10 +336,8 @@ class UserProviderImpl extends Authoriza
             }
         }
 
-        // TODO: remove check once UserValidator is active
-        if (!Text.isDescendantOrEqual(authRoot, folder.getTree().getPath())) {
-            throw new ConstraintViolationException("Attempt to create user/group outside
of configured scope " + authRoot);
-        }
+        // note: verification that user/group is created underneath the configured
+        // tree is delegated to UserValidator
         return folder;
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java?rev=1376478&r1=1376477&r2=1376478&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
Thu Aug 23 13:25:32 2012
@@ -148,7 +148,7 @@ public abstract class AbstractLoginModul
     }
 
 
-    protected Set<Principal> getPrincipals(String userID) {
+    protected Set<? extends Principal> getPrincipals(String userID) {
         PrincipalProvider principalProvider = getPrincipalProvider();
         if (principalProvider == null) {
             log.debug("Cannot retrieve principals. No principal provider configured.");

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java?rev=1376478&r1=1376477&r2=1376478&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java
Thu Aug 23 13:25:32 2012
@@ -65,7 +65,7 @@ public interface PrincipalProvider {
      * or an empty set if it cannot be resolved.
      */
     @Nonnull
-    Set<Principal> getPrincipals(String userID);
+    Set<? extends Principal> getPrincipals(String userID);
 
     /**
      * Find the principals that match the specified nameHint and search type.
@@ -79,5 +79,5 @@ public interface PrincipalProvider {
      * @return An iterator of principals.
      */
     @Nonnull
-    Iterator<Principal> findPrincipals(String nameHint, int searchType);
+    Iterator<? extends Principal> findPrincipals(String nameHint, int searchType);
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/Type.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/Type.java?rev=1376478&r1=1376477&r2=1376478&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/Type.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/Type.java
Thu Aug 23 13:25:32 2012
@@ -1,13 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
 package org.apache.jackrabbit.oak.spi.security.user;
 
 import org.apache.jackrabbit.api.security.user.UserManager;
 
 /**
- * Created by IntelliJ IDEA.
- * User: angela
- * Date: 8/22/12
- * Time: 3:48 PM
- * To change this template use File | Settings | File Templates.
+ * The different authorizable types.
  */
 public enum Type {
 
@@ -17,7 +31,7 @@ public enum Type {
 
     private final int userType;
 
-    Type(int userType) {
+    private Type(int userType) {
         this.userType = userType;
     }
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java?rev=1376478&r1=1376477&r2=1376478&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
Thu Aug 23 13:25:32 2012
@@ -17,6 +17,7 @@
 package org.apache.jackrabbit.oak.spi.security.user;
 
 import java.security.Principal;
+import java.util.Iterator;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.jcr.RepositoryException;
@@ -50,6 +51,36 @@ public interface UserProvider {
     @CheckForNull
     String getAuthorizableId(Tree authorizableTree, Type authorizableType);
 
+    /**
+     * Find the authorizable trees matching the following search parameters within
+     * the sub-tree defined by an authorizable tree:
+     *
+     * @param propertyRelPaths An array of property names or relative paths
+     * pointing to properties within the tree defined by a given authorizable node.
+     * @param value The property value to look for.
+     * @param ntNames An array of node type names to restrict the search within
+     * the authorizable tree to a subset of nodes that match any of the node
+     * type names; {@code null} indicates that no filtering by node type is
+     * desired. Specifying a node type name that defines an authorizable node
+     * )e.g. {@link UserConstants#NT_REP_USER rep:User} will limit the search to
+     * properties defined with the authorizable node itself instead of searching
+     * the complete sub-tree.
+     * @param exact A boolean flag indicating if the value must match exactly or not.s
+     * @param maxSize The maximal number of search results to look for.
+     * @param authorizableType Filter the search results to only return authorizable
+     * trees of a given type. Passing {@link Type#AUTHORIZABLE} indicates that
+     * no filtering for a specific authorizable type is desired. However, properties
+     * might still be search in the complete sub-tree of authorizables depending
+     * on the other query parameters.
+     * @return An iterator of authorizable trees that match the specified
+     * search parameters and filters or an empty iterator if no result can be
+     * found.
+     */
+    @Nonnull
+    Iterator<Tree> findAuthorizables(String[] propertyRelPaths, String value, String[]
ntNames, boolean exact, long maxSize, Type authorizableType);
+
+    boolean isAuthorizableType(Tree authorizableTree, Type authorizableType);
+
     boolean isAdminUser(Tree userTree);
 
     void setProtectedProperty(Tree authorizableTree, String propertyName, String value, int
propertyType);

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java?rev=1376478&r1=1376477&r2=1376478&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java
Thu Aug 23 13:25:32 2012
@@ -20,6 +20,7 @@ import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
+import javax.annotation.Nonnull;
 import javax.jcr.Node;
 import javax.jcr.Property;
 import javax.jcr.PropertyIterator;
@@ -55,21 +56,20 @@ abstract class AuthorizableImpl implemen
      */
     private static final Logger log = LoggerFactory.getLogger(AuthorizableImpl.class);
 
-    private final Node node;
     private final Tree tree;
     private final UserManagerImpl userManager;
 
+    private Node node;
     private int hashCode;
 
-    AuthorizableImpl(Node node, Tree tree, UserManagerImpl userManager) throws RepositoryException
{
-        this.node = node;
+    AuthorizableImpl(Tree tree, UserManagerImpl userManager) throws RepositoryException {
         this.tree = tree;
         this.userManager = userManager;
 
-        checkValidNode(node);
+        checkValidTree(tree);
     }
 
-    abstract void checkValidNode(Node node) throws RepositoryException;
+    abstract void checkValidTree(Tree tree) throws RepositoryException;
 
     static boolean isValidAuthorizableImpl(Authorizable authorizable) {
         return authorizable instanceof AuthorizableImpl;
@@ -127,6 +127,7 @@ abstract class AuthorizableImpl implemen
      */
     @Override
     public Iterator<String> getPropertyNames(String relPath) throws RepositoryException
{
+        Node node = getNode();
         Node n = node.getNode(relPath);
         if (Text.isDescendantOrEqual(node.getPath(), n.getPath())) {
             List<String> l = new ArrayList<String>();
@@ -147,6 +148,7 @@ abstract class AuthorizableImpl implemen
      */
     @Override
     public boolean hasProperty(String relPath) throws RepositoryException {
+        Node node = getNode();
         return node.hasProperty(relPath) && isAuthorizableProperty(node.getProperty(relPath),
true);
     }
 
@@ -155,6 +157,7 @@ abstract class AuthorizableImpl implemen
      */
     @Override
     public Value[] getProperty(String relPath) throws RepositoryException {
+        Node node = getNode();
         Value[] values = null;
         if (node.hasProperty(relPath)) {
             Property prop = node.getProperty(relPath);
@@ -216,6 +219,7 @@ abstract class AuthorizableImpl implemen
      */
     @Override
     public boolean removeProperty(String relPath) throws RepositoryException {
+        Node node = getNode();
         if (node.hasProperty(relPath)) {
             Property p = node.getProperty(relPath);
             if (isAuthorizableProperty(p, true)) {
@@ -232,7 +236,7 @@ abstract class AuthorizableImpl implemen
      */
     @Override
     public String getPath() throws RepositoryException {
-        return node.getPath();
+        return getNode().getPath();
     }
 
     //-------------------------------------------------------------< Object >---
@@ -243,6 +247,7 @@ abstract class AuthorizableImpl implemen
     public int hashCode() {
         if (hashCode == 0) {
             try {
+                Node node = getNode();
                 StringBuilder sb = new StringBuilder();
                 sb.append(isGroup() ? "group:" : "user:");
                 sb.append(node.getSession().getWorkspace().getName());
@@ -250,6 +255,7 @@ abstract class AuthorizableImpl implemen
                 sb.append(node.getIdentifier());
                 hashCode = sb.toString().hashCode();
             } catch (RepositoryException e) {
+                log.warn("Error while calculating hash code.",e.getMessage());
             }
         }
         return hashCode;
@@ -263,6 +269,7 @@ abstract class AuthorizableImpl implemen
         if (obj instanceof AuthorizableImpl) {
             AuthorizableImpl otherAuth = (AuthorizableImpl) obj;
             try {
+                Node node = getNode();
                 return isGroup() == otherAuth.isGroup() && node.isSame(otherAuth.node);
             } catch (RepositoryException e) {
                 // should not occur -> return false in this case.
@@ -284,21 +291,28 @@ abstract class AuthorizableImpl implemen
     /**
      * @return The node associated with this authorizable instance.
      */
-    Node getNode() {
+    @Nonnull
+    Node getNode() throws RepositoryException {
+        if (node == null) {
+            String jcrPath = userManager.getNamePathMapper().getJcrPath(tree.getPath());
+            node = userManager.getSession().getNode(jcrPath);
+        }
         return node;
     }
 
+    @Nonnull
     Tree getTree() {
         return tree;
     }
 
     String getJcrName(String oakName) {
-        return userManager.getJcrName(oakName);
+        return userManager.getNamePathMapper().getJcrName(oakName);
     }
 
     /**
      * @return The user manager associated with this authorizable.
      */
+    @Nonnull
     UserManagerImpl getUserManager() {
         return userManager;
     }
@@ -307,6 +321,7 @@ abstract class AuthorizableImpl implemen
      * @return The principal name of this authorizable.
      * @throws RepositoryException If no principal name can be retrieved.
      */
+    @Nonnull
     String getPrincipalName() throws RepositoryException {
         if (tree.hasProperty(REP_PRINCIPAL_NAME)) {
             return tree.getProperty(REP_PRINCIPAL_NAME).getValue().getString();
@@ -343,6 +358,7 @@ abstract class AuthorizableImpl implemen
      * @throws RepositoryException If the property definition cannot be retrieved.
      */
     private boolean isAuthorizableProperty(Property prop, boolean verifyAncestor) throws
RepositoryException {
+        Node node = getNode();
         if (verifyAncestor && !Text.isDescendant(node.getPath(), prop.getPath()))
{
             log.debug("Attempt to access property outside of authorizable scope.");
             return false;
@@ -371,8 +387,10 @@ abstract class AuthorizableImpl implemen
      * @throws RepositoryException If an error occurs or if {@code relPath} refers
      * to a node that is outside of the scope of this authorizable.
      */
+    @Nonnull
     private Node getOrCreateTargetNode(String relPath) throws RepositoryException {
         Node n;
+        Node node = getNode();
         if (relPath != null) {
             String userPath = node.getPath();
             if (node.hasNode(relPath)) {
@@ -410,6 +428,7 @@ abstract class AuthorizableImpl implemen
      * @return Iterator of groups this authorizable is (declared) member of.
      * @throws RepositoryException If an error occurs.
      */
+    @Nonnull
     private Iterator<Group> getMembership(boolean includeInherited) throws RepositoryException
{
         if (isEveryone()) {
             return Collections.<Group>emptySet().iterator();
@@ -418,7 +437,7 @@ abstract class AuthorizableImpl implemen
         MembershipProvider mMgr = userManager.getMembershipProvider();
         Iterator<String> oakPaths = mMgr.getMembership(tree, includeInherited);
         if (oakPaths.hasNext()) {
-            AuthorizableIterator groups = new AuthorizableIterator(oakPaths, userManager,
UserManager.SEARCH_TYPE_AUTHORIZABLE);
+            AuthorizableIterator groups = AuthorizableIterator.create(oakPaths, userManager,
UserManager.SEARCH_TYPE_GROUP);
             return new RangeIteratorAdapter(groups, groups.getSize());
         } else {
             return RangeIteratorAdapter.EMPTY;

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java?rev=1376478&r1=1376477&r2=1376478&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java
Thu Aug 23 13:25:32 2012
@@ -27,6 +27,7 @@ import com.google.common.base.Predicates
 import com.google.common.collect.Iterators;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.api.Tree;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -42,19 +43,22 @@ class AuthorizableIterator implements It
 
     private Authorizable next;
 
-    AuthorizableIterator(Iterator<String> authorizableOakPath, UserManagerImpl userManager)
{
-        this(authorizableOakPath, userManager, UserManager.SEARCH_TYPE_AUTHORIZABLE);
+    static AuthorizableIterator create(Iterator<String> authorizableOakPaths, UserManagerImpl
userManager, int authorizableType) {
+        Iterator it = Iterators.transform(authorizableOakPaths, new PathToAuthorizable(userManager,
authorizableType));
+        long size = getSize(authorizableOakPaths);
+        return new AuthorizableIterator(Iterators.filter(it, Predicates.notNull()), size);
     }
 
-    AuthorizableIterator(Iterator<String> authorizableOakPaths, UserManagerImpl userManager,
int authorizableType) {
-        Iterator<Authorizable> it = Iterators.transform(authorizableOakPaths, new ToAuthorizable(userManager,
authorizableType));
-        this.authorizables = Iterators.filter(it, Predicates.notNull());
+    static AuthorizableIterator create(Iterator<Tree> authorizableTrees, UserManagerImpl
userManager) {
+        Iterator it = Iterators.transform(authorizableTrees, new TreeToAuthorizable(userManager));
+        long size = getSize(authorizableTrees);
 
-        if (authorizableOakPaths instanceof RangeIterator) {
-            size = ((RangeIterator) authorizableOakPaths).getSize();
-        } else {
-            size = -1;
-        }
+        return new AuthorizableIterator(Iterators.filter(it, Predicates.<Object>notNull()),
size);
+    }
+
+    AuthorizableIterator(Iterator<Authorizable> authorizables, long size) {
+        this.authorizables = authorizables;
+        this.size = size;
     }
 
     //-----------------------------------------------------------< Iterator >---
@@ -80,12 +84,20 @@ class AuthorizableIterator implements It
 
     //--------------------------------------------------------------------------
 
-    private static class ToAuthorizable implements Function<String, Authorizable> {
+    private static long getSize(Iterator it) {
+        if (it instanceof RangeIterator) {
+            return ((RangeIterator) it).getSize();
+        } else {
+            return -1;
+        }
+    }
+
+    private static class PathToAuthorizable implements Function<String, Authorizable>
{
 
         private final UserManagerImpl userManager;
         private final Predicate predicate;
 
-        public ToAuthorizable(UserManagerImpl userManager, int type) {
+        public PathToAuthorizable(UserManagerImpl userManager, int type) {
             this.userManager = userManager;
             this.predicate = new AuthorizableTypePredicate(type);
         }
@@ -105,6 +117,25 @@ class AuthorizableIterator implements It
         }
     }
 
+    private static class TreeToAuthorizable implements Function<Tree, Authorizable>
{
+
+        private final UserManagerImpl userManager;
+
+        public TreeToAuthorizable(UserManagerImpl userManager) {
+            this.userManager = userManager;
+        }
+
+        @Override
+        public Authorizable apply(@Nullable Tree authorizableTree) {
+            try {
+                return userManager.getAuthorizable(authorizableTree);
+            } catch (RepositoryException e) {
+                log.debug("Failed to access authorizable " + authorizableTree.getPath());
+                return null;
+            }
+        }
+    }
+
     private static class AuthorizableTypePredicate implements Predicate<Authorizable>
{
 
         private final int authorizableType;

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java?rev=1376478&r1=1376477&r2=1376478&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java
Thu Aug 23 13:25:32 2012
@@ -20,7 +20,6 @@ import java.security.Principal;
 import java.util.Enumeration;
 import java.util.Iterator;
 import javax.annotation.Nullable;
-import javax.jcr.Node;
 import javax.jcr.RepositoryException;
 
 import com.google.common.base.Function;
@@ -47,13 +46,13 @@ class GroupImpl extends AuthorizableImpl
      */
     private static final Logger log = LoggerFactory.getLogger(GroupImpl.class);
 
-    GroupImpl(Node node, Tree tree, UserManagerImpl userManager) throws RepositoryException
{
-        super(node, tree, userManager);
+    GroupImpl(Tree tree, UserManagerImpl userManager) throws RepositoryException {
+        super(tree, userManager);
     }
 
     @Override
-    void checkValidNode(Node node) throws RepositoryException {
-        if (node == null || !node.isNodeType(getJcrName(NT_REP_GROUP))) {
+    void checkValidTree(Tree tree) throws RepositoryException {
+        if (tree == null || !getUserManager().getUserProvider().isAuthorizableType(tree,
Type.GROUP)) {
             throw new IllegalArgumentException("Invalid group node: node type rep:Group expected.");
         }
     }
@@ -180,7 +179,7 @@ class GroupImpl extends AuthorizableImpl
             MembershipProvider mMgr = uMgr.getMembershipProvider();
             Iterator oakPaths = mMgr.getMembers(getTree(), Type.AUTHORIZABLE, includeInherited);
             if (!oakPaths.hasNext()) {
-                AuthorizableIterator iterator = new AuthorizableIterator(oakPaths, uMgr);
+                AuthorizableIterator iterator = AuthorizableIterator.create(oakPaths, uMgr,
UserManager.SEARCH_TYPE_AUTHORIZABLE);
                 return new RangeIteratorAdapter(iterator, iterator.getSize());
             } else {
                 return RangeIteratorAdapter.EMPTY;

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java?rev=1376478&r1=1376477&r2=1376478&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java
Thu Aug 23 13:25:32 2012
@@ -18,7 +18,6 @@ package org.apache.jackrabbit.oak.jcr.se
 
 import java.security.Principal;
 import javax.jcr.Credentials;
-import javax.jcr.Node;
 import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.UnsupportedRepositoryOperationException;
@@ -29,6 +28,7 @@ import org.apache.jackrabbit.oak.api.Pro
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.spi.security.principal.TreeBasedPrincipal;
 import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
+import org.apache.jackrabbit.oak.spi.security.user.Type;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -42,12 +42,12 @@ class UserImpl extends AuthorizableImpl 
      */
     private static final Logger log = LoggerFactory.getLogger(UserImpl.class);
 
-    UserImpl(Node node, Tree tree, UserManagerImpl userManager) throws RepositoryException
{
-        super(node, tree, userManager);
+    UserImpl(Tree tree, UserManagerImpl userManager) throws RepositoryException {
+        super(tree, userManager);
     }
 
-    void checkValidNode(Node node) throws RepositoryException {
-        if (node == null || !node.isNodeType(getJcrName(NT_REP_USER))) {
+    void checkValidTree(Tree tree) throws RepositoryException {
+        if (tree == null || !getUserManager().getUserProvider().isAuthorizableType(tree,
Type.USER)) {
             throw new IllegalArgumentException("Invalid user node: node type rep:User expected.");
         }
     }



Mime
View raw message