jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1393986 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/core/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ oak-core/src/ma...
Date Thu, 04 Oct 2012 11:08:50 GMT
Author: angela
Date: Thu Oct  4 11:08:49 2012
New Revision: 1393986

URL: http://svn.apache.org/viewvc?rev=1393986&view=rev
Log:
 OAK-91 - Implement Authentication Support (WIP)
 OAK-90 - Principal Management (WIP)

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalManagerImpl.java
      - copied, changed from r1393939, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java
      - copied, changed from r1393939, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/GuestLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/RepositoryCallback.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java
Removed:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/GuestLoginModule.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerImpl.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/JaasLoginContext.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginContextProvider.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
Thu Oct  4 11:08:49 2012
@@ -40,6 +40,7 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.OakLoginContext;
 import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.oak.spi.state.NodeStore;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -60,7 +61,7 @@ public class ContentRepositoryImpl imple
 
     private final SecurityProvider securityProvider;
     private final QueryIndexProvider indexProvider;
-    private final KernelNodeStore nodeStore;
+    private final NodeStore nodeStore;
 
     /**
      * Utility constructor that creates a new in-memory repository with default
@@ -96,13 +97,12 @@ public class ContentRepositoryImpl imple
                 null);
     }
 
-    public ContentRepositoryImpl(
-            MicroKernel microKernel, ValidatorProvider validatorProvider) {
+    public ContentRepositoryImpl(MicroKernel microKernel, ValidatorProvider validatorProvider)
{
         this(microKernel, null, validatorProvider);
     }
 
     /**
-     * Creates an Oak repository instance based on the given, already
+     * Creates an content repository instance based on the given, already
      * initialized components.
      *
      * @param microKernel   underlying kernel instance
@@ -115,12 +115,23 @@ public class ContentRepositoryImpl imple
                                  QueryIndexProvider indexProvider,
                                  CommitHook commitHook,
                                  SecurityProvider securityProvider) {
+        this(createNodeStore(microKernel, commitHook), indexProvider, securityProvider);
+    }
 
-        nodeStore = new KernelNodeStore(microKernel);
-        nodeStore.setHook(commitHook);
-
-        this.indexProvider = indexProvider != null ? indexProvider
-                : new CompositeQueryIndexProvider();
+    /**
+     * Creates an content repository instance based on the given, already
+     * initialized components.
+     *
+     * @param nodeStore the node store this repository is based upon.
+     * @param indexProvider index provider
+     * @param securityProvider The configured security provider or {@code null} if
+     * default implementations should be used.
+     */
+    public ContentRepositoryImpl(NodeStore nodeStore,
+                                 QueryIndexProvider indexProvider,
+                                 SecurityProvider securityProvider) {
+        this.nodeStore = nodeStore;
+        this.indexProvider = indexProvider != null ? indexProvider : new CompositeQueryIndexProvider();
 
         // TODO: in order not to having failing tests we use SecurityProviderImpl as default
         //       - review if passing a security provider should be mandatory
@@ -141,7 +152,7 @@ public class ContentRepositoryImpl imple
             throw new NoSuchWorkspaceException(workspaceName);
         }
 
-        LoginContextProvider lcProvider = securityProvider.getLoginContextProvider();
+        LoginContextProvider lcProvider = securityProvider.getLoginContextProvider(nodeStore);
         OakLoginContext loginContext = lcProvider.getLoginContext(credentials, workspaceName);
         loginContext.login();
 
@@ -149,4 +160,11 @@ public class ContentRepositoryImpl imple
         return new ContentSessionImpl(loginContext, acProvider, workspaceName,
                 nodeStore, DEFAULT_CONFLICT_HANDLER_PROVIDER, indexProvider);
     }
+
+    //--------------------------------------------------------------------------
+    private static NodeStore createNodeStore(MicroKernel microKernel, CommitHook commitHook)
{
+        KernelNodeStore nodeStore = new KernelNodeStore(microKernel);
+        nodeStore.setHook(commitHook);
+        return nodeStore;
+    }
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
Thu Oct  4 11:08:49 2012
@@ -17,20 +17,40 @@
 package org.apache.jackrabbit.oak.security;
 
 import javax.annotation.Nonnull;
+import javax.jcr.Session;
+import javax.security.auth.login.Configuration;
 
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.security.authentication.ConfigurationImpl;
 import org.apache.jackrabbit.oak.security.authentication.LoginContextProviderImpl;
 import org.apache.jackrabbit.oak.security.authorization.AccessControlProviderImpl;
+import org.apache.jackrabbit.oak.security.principal.PrincipalManagerImpl;
+import org.apache.jackrabbit.oak.security.principal.PrincipalProviderImpl;
 import org.apache.jackrabbit.oak.security.user.UserContextImpl;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.OpenPrincipalProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
+import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserContext;
+import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
+import org.apache.jackrabbit.oak.spi.state.NodeStore;
 
 public class SecurityProviderImpl implements SecurityProvider {
+
     @Nonnull
     @Override
-    public LoginContextProvider getLoginContextProvider() {
-        return new LoginContextProviderImpl();
+    public LoginContextProvider getLoginContextProvider(NodeStore nodeStore) {
+        // TODO: use configurable authentication config
+        Configuration configuration = new ConfigurationImpl();
+        // TODO: use getPrincipalProvider instead
+        PrincipalProvider principalProvider = new OpenPrincipalProvider();
+        return new LoginContextProviderImpl(configuration, nodeStore, principalProvider);
     }
 
     @Nonnull
@@ -44,4 +64,26 @@ public class SecurityProviderImpl implem
     public UserContext getUserContext() {
         return new UserContextImpl();
     }
+
+    @Nonnull
+    @Override
+    public PrincipalConfiguration getPrincipalConfiguration() {
+        return new PrincipalConfiguration() {
+            @Nonnull
+            @Override
+            public PrincipalManager getPrincipalManager(Session session, ContentSession contentSession,
Root root, NamePathMapper namePathMapper) {
+                PrincipalProvider principalProvider = getPrincipalProvider(contentSession,
root, namePathMapper);
+                return new PrincipalManagerImpl(principalProvider);
+            }
+
+            @Nonnull
+            @Override
+            public PrincipalProvider getPrincipalProvider(ContentSession contentSession,
Root root, NamePathMapper namePathMapper) {
+                UserContext userContext = getUserContext();
+                UserProvider userProvider = userContext.getUserProvider(contentSession, root);
+                MembershipProvider msProvider = userContext.getMembershipProvider(contentSession,
root);
+                return new PrincipalProviderImpl(userProvider, msProvider, namePathMapper);
+            }
+        };
+    }
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java
Thu Oct  4 11:08:49 2012
@@ -16,12 +16,7 @@
  */
 package org.apache.jackrabbit.oak.security.authentication;
 
-import org.apache.jackrabbit.oak.spi.security.authentication.CredentialsCallback;
-import org.apache.jackrabbit.oak.spi.security.authentication.PrincipalProviderCallback;
-import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
+import java.io.IOException;
 import javax.jcr.Credentials;
 import javax.jcr.SimpleCredentials;
 import javax.security.auth.callback.Callback;
@@ -29,7 +24,14 @@ import javax.security.auth.callback.Call
 import javax.security.auth.callback.NameCallback;
 import javax.security.auth.callback.PasswordCallback;
 import javax.security.auth.callback.UnsupportedCallbackException;
-import java.io.IOException;
+
+import org.apache.jackrabbit.oak.spi.security.authentication.CredentialsCallback;
+import org.apache.jackrabbit.oak.spi.security.authentication.RepositoryCallback;
+import org.apache.jackrabbit.oak.spi.security.authentication.PrincipalProviderCallback;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
+import org.apache.jackrabbit.oak.spi.state.NodeStore;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * Default implementation of the {@link CallbackHandler} interface. It currently
@@ -50,10 +52,15 @@ public class CallbackHandlerImpl impleme
     private static final Logger log = LoggerFactory.getLogger(CallbackHandlerImpl.class);
 
     private final Credentials credentials;
+    private final String workspaceName;
+    private final NodeStore nodeStore;
     private final PrincipalProvider principalProvider;
 
-    public CallbackHandlerImpl(Credentials credentials, PrincipalProvider principalProvider)
{
+    public CallbackHandlerImpl(Credentials credentials, String workspaceName,
+                               NodeStore nodeStore, PrincipalProvider principalProvider)
{
         this.credentials = credentials;
+        this.workspaceName = workspaceName;
+        this.nodeStore = nodeStore;
         this.principalProvider = principalProvider;
     }
 
@@ -69,6 +76,10 @@ public class CallbackHandlerImpl impleme
                 ((PasswordCallback) callback).setPassword(getPassword());
             } else if (callback instanceof PrincipalProviderCallback) {
                 ((PrincipalProviderCallback) callback).setPrincipalProvider(principalProvider);
+            } else if (callback instanceof RepositoryCallback) {
+                RepositoryCallback repositoryCallback = (RepositoryCallback) callback;
+                repositoryCallback.setNodeStore(nodeStore);
+                repositoryCallback.setWorkspaceName(workspaceName);
             } else {
                 throw new UnsupportedCallbackException(callback);
             }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
Thu Oct  4 11:08:49 2012
@@ -27,8 +27,8 @@ import javax.security.auth.login.LoginEx
 import org.apache.jackrabbit.oak.spi.security.authentication.JaasLoginContext;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.OakLoginContext;
-import org.apache.jackrabbit.oak.spi.security.principal.OpenPrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
+import org.apache.jackrabbit.oak.spi.state.NodeStore;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -41,30 +41,33 @@ public class LoginContextProviderImpl im
 
     private static final String APP_NAME = "jackrabbit.oak";
 
-    private final Configuration authConfig;
+    private final Configuration configuration;
+    private final NodeStore nodeStore;
     private final PrincipalProvider principalProvider;
 
-    public LoginContextProviderImpl() {
-        // TODO: use configurable authentication config and principal provider
-        authConfig = new ConfigurationImpl();
-        principalProvider = new OpenPrincipalProvider();
+    public LoginContextProviderImpl(Configuration configuration,
+                                    NodeStore nodeStore,
+                                    PrincipalProvider principalProvider) {
+        this.configuration = configuration;
+        this.nodeStore = nodeStore;
+        this.principalProvider = principalProvider;
     }
 
     @Override
     @Nonnull
-    public OakLoginContext getLoginContext(
-            Credentials credentials, String workspaceName)
+    public OakLoginContext getLoginContext(Credentials credentials, String workspaceName)
             throws LoginException {
         // TODO: add proper implementation
         // TODO  - authentication against configurable spi-authentication
         // TODO  - validation of workspace name (including access rights for the given 'user')
         Subject subject = getSubject();
-        CallbackHandler handler = new CallbackHandlerImpl(credentials, principalProvider);
-        return new JaasLoginContext(APP_NAME, subject, handler, authConfig);
+        CallbackHandler handler = new CallbackHandlerImpl(credentials, workspaceName, nodeStore,
principalProvider);
+        return new JaasLoginContext(APP_NAME, subject, handler, configuration);
     }
 
     //------------------------------------------------------------< private >---
-    private Subject getSubject() {
+
+    private static Subject getSubject() {
         Subject subject = null;
         try {
             subject = Subject.getSubject(AccessController.getContext());

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalManagerImpl.java
(from r1393939, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalManagerImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalManagerImpl.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerImpl.java&r1=1393939&r2=1393986&rev=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalManagerImpl.java
Thu Oct  4 11:08:49 2012
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.jcr.security.principal;
+package org.apache.jackrabbit.oak.security.principal;
 
 import java.security.Principal;
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
Thu Oct  4 11:08:49 2012
@@ -21,6 +21,7 @@ import java.util.List;
 import javax.annotation.Nonnull;
 import javax.jcr.Session;
 
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.Root;
@@ -30,9 +31,13 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.authentication.OpenLoginContextProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.OpenPrincipalProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserContext;
 import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
+import org.apache.jackrabbit.oak.spi.state.NodeStore;
 
 /**
  * OpenSecurityProvider... TODO: review if we really have the need for that once TODO in
InitialContent is resolved
@@ -41,7 +46,7 @@ public class OpenSecurityProvider implem
 
     @Nonnull
     @Override
-    public LoginContextProvider getLoginContextProvider() {
+    public LoginContextProvider getLoginContextProvider(NodeStore nodeStore) {
         return new OpenLoginContextProvider();
     }
 
@@ -81,4 +86,22 @@ public class OpenSecurityProvider implem
             }
         };
     }
+
+    @Nonnull
+    @Override
+    public PrincipalConfiguration getPrincipalConfiguration() {
+        return new PrincipalConfiguration() {
+            @Nonnull
+            @Override
+            public PrincipalManager getPrincipalManager(Session session, ContentSession contentSession,
Root root, NamePathMapper namePathMapper) {
+                throw new UnsupportedOperationException();
+            }
+
+            @Nonnull
+            @Override
+            public PrincipalProvider getPrincipalProvider(ContentSession contentSession,
Root root, NamePathMapper namePathMapper) {
+                return new OpenPrincipalProvider();
+            }
+        };
+    }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
Thu Oct  4 11:08:49 2012
@@ -20,7 +20,9 @@ import javax.annotation.Nonnull;
 
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.UserContext;
+import org.apache.jackrabbit.oak.spi.state.NodeStore;
 
 /**
  * SecurityProvider... TODO
@@ -28,11 +30,14 @@ import org.apache.jackrabbit.oak.spi.sec
 public interface SecurityProvider {
 
     @Nonnull
-    LoginContextProvider getLoginContextProvider();
+    LoginContextProvider getLoginContextProvider(NodeStore nodeStore);
 
     @Nonnull
     AccessControlProvider getAccessControlProvider();
 
     @Nonnull
     UserContext getUserContext(); // TODO review naming consistency
+
+    @Nonnull
+    PrincipalConfiguration getPrincipalConfiguration();
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java
Thu Oct  4 11:08:49 2012
@@ -16,9 +16,10 @@
  */
 package org.apache.jackrabbit.oak.spi.security.authentication;
 
+import java.io.Serializable;
+import javax.annotation.CheckForNull;
 import javax.jcr.Credentials;
 import javax.security.auth.callback.Callback;
-import java.io.Serializable;
 
 /**
  * Callback implementation to retrieve {@code Credentials}.
@@ -33,6 +34,7 @@ public class CredentialsCallback impleme
      *
      * @return The {@link Credentials} to be used for authentication or {@code null}.
      */
+    @CheckForNull
     public Credentials getCredentials() {
         return credentials;
     }

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java
(from r1393939, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/GuestLoginModule.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/GuestLoginModule.java&r1=1393939&r2=1393986&rev=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/GuestLoginModule.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java
Thu Oct  4 11:08:49 2012
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.security.authentication;
+package org.apache.jackrabbit.oak.spi.security.authentication;
 
 import java.io.IOException;
 import java.util.Map;
@@ -27,8 +27,6 @@ import javax.security.auth.callback.Unsu
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 
-import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
-import org.apache.jackrabbit.oak.spi.security.authentication.CredentialsCallback;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -65,7 +63,7 @@ import org.slf4j.LoggerFactory;
  * <pre>
  *
  *    jackrabbit.oak {
- *            org.apache.jackrabbit.oak.security.authentication.GuestLoginModule  optional;
+ *            org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule  optional;
  *            org.apache.jackrabbit.oak.security.authentication.LoginModuleImpl required;
  *    };
  *

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/JaasLoginContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/JaasLoginContext.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/JaasLoginContext.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/JaasLoginContext.java
Thu Oct  4 11:08:49 2012
@@ -32,25 +32,21 @@ public class JaasLoginContext extends Lo
         super(name);
     }
 
-    public JaasLoginContext(String name, Subject subject)
-            throws LoginException {
+    public JaasLoginContext(String name, Subject subject) throws LoginException {
         super(name, subject);
     }
 
-    public JaasLoginContext(String name, CallbackHandler handler)
-            throws LoginException {
+    public JaasLoginContext(String name, CallbackHandler handler) throws LoginException {
         super(name, handler);
     }
 
-    public JaasLoginContext(
-            String name, Subject subject, CallbackHandler handler)
+    public JaasLoginContext(String name, Subject subject, CallbackHandler handler)
             throws LoginException {
         super(name, subject, handler);
     }
 
-    public JaasLoginContext(
-            String name, Subject subject, CallbackHandler handler,
-            Configuration configuration) throws LoginException {
+    public JaasLoginContext(String name, Subject subject, CallbackHandler handler,
+                            Configuration configuration) throws LoginException {
         super(name, subject, handler, configuration);
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginContextProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginContextProvider.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginContextProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginContextProvider.java
Thu Oct  4 11:08:49 2012
@@ -20,26 +20,23 @@ import javax.annotation.Nonnull;
 import javax.jcr.Credentials;
 import javax.security.auth.Subject;
 
-import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
-
 /**
- * This class provides login contexts that accept any credentials.
+ * This class provides login contexts that accept any credentials and doesn't
+ * validate specified workspace name.
  */
 public class OpenLoginContextProvider implements LoginContextProvider {
 
-    @Override @Nonnull
-    public OakLoginContext getLoginContext(
-            Credentials credentials, String workspaceName) {
-        final Subject subject = new Subject();
-        if (credentials != null) {
-            subject.getPrivateCredentials().add(credentials);
-        }
-        subject.getPrincipals().add(EveryonePrincipal.getInstance());
-        subject.setReadOnly();
-
+    @Override
+    @Nonnull
+    public OakLoginContext getLoginContext(final Credentials credentials, String workspaceName)
{
         return new OakLoginContext() {
             @Override
             public Subject getSubject() {
+                Subject subject = new Subject();
+                if (credentials != null) {
+                    subject.getPrivateCredentials().add(credentials);
+                }
+                subject.setReadOnly();
                 return subject;
             }
             @Override

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/RepositoryCallback.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/RepositoryCallback.java?rev=1393986&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/RepositoryCallback.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/RepositoryCallback.java
Thu Oct  4 11:08:49 2012
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authentication;
+
+import javax.annotation.CheckForNull;
+import javax.jcr.NoSuchWorkspaceException;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.login.LoginException;
+
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.core.ContentRepositoryImpl;
+import org.apache.jackrabbit.oak.spi.state.NodeStore;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * RepositoryCallback... TODO
+ */
+public class RepositoryCallback implements Callback {
+
+    private static final Logger log = LoggerFactory.getLogger(RepositoryCallback.class);
+
+    private NodeStore nodeStore;
+    private String workspaceName;
+
+    @CheckForNull
+    public NodeStore getNodeStore() {
+        return nodeStore;
+    }
+
+    public String getWorkspaceName() {
+        return workspaceName;
+    }
+
+    @CheckForNull
+    public ContentSession getContentSession() {
+        if (nodeStore != null) {
+            try {
+                // TODO rather use Oak or similar setup mechanism
+                return new ContentRepositoryImpl(nodeStore, null, null).login(null, workspaceName);
+            } catch (LoginException e) {
+                log.warn("Internal error ", e.getMessage());
+            } catch (NoSuchWorkspaceException e) {
+                log.warn("Internal error ", e.getMessage());
+            }
+        }
+        return null;
+    }
+
+    public void setNodeStore(NodeStore nodeStore) {
+        this.nodeStore = nodeStore;
+    }
+
+    public void setWorkspaceName(String workspaceName) {
+        this.workspaceName = workspaceName;
+    }
+}
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java?rev=1393986&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java
Thu Oct  4 11:08:49 2012
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.principal;
+
+import javax.annotation.Nonnull;
+import javax.jcr.Session;
+
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+
+/**
+ * PrincipalConfig... TODO
+ */
+public interface PrincipalConfiguration {
+
+    @Nonnull
+    public PrincipalManager getPrincipalManager(Session session, ContentSession contentSession,
Root root, NamePathMapper namePathMapper);
+
+    @Nonnull
+    public PrincipalProvider getPrincipalProvider(ContentSession contentSession, Root root,
NamePathMapper namePathMapper);
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
Thu Oct  4 11:08:49 2012
@@ -45,13 +45,10 @@ import org.apache.jackrabbit.oak.api.Tre
 import org.apache.jackrabbit.oak.api.TreeLocation;
 import org.apache.jackrabbit.oak.commons.PathUtils;
 import org.apache.jackrabbit.oak.jcr.observation.ObservationManagerImpl;
-import org.apache.jackrabbit.oak.jcr.security.principal.PrincipalManagerImpl;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.namepath.NamePathMapperImpl;
 import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
-import org.apache.jackrabbit.oak.spi.security.principal.OpenPrincipalProvider;
-import org.apache.jackrabbit.oak.util.TODO;
 import org.apache.jackrabbit.oak.value.ValueFactoryImpl;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -479,8 +476,11 @@ public class SessionDelegate {
 
     @Nonnull
     PrincipalManager getPrincipalManager() throws RepositoryException {
-        // TODO
-        return TODO.unimplemented().returnValue(new PrincipalManagerImpl(new OpenPrincipalProvider()));
+        if (securityProvider != null) {
+            return securityProvider.getPrincipalConfiguration().getPrincipalManager(session,
contentSession, root, getNamePathMapper());
+        } else {
+            throw new UnsupportedRepositoryOperationException("Principal management not supported.");
+        }
     }
 
     @Nonnull



Mime
View raw message