jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1394418 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/api/ oak-core/src/main/java/org/apache/jackrabbit/oak/core/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/ oak-core/src/main/java/org/apache/j...
Date Fri, 05 Oct 2012 09:08:15 GMT
Author: angela
Date: Fri Oct  5 09:08:14 2012
New Revision: 1394418

URL: http://svn.apache.org/viewvc?rev=1394418&view=rev
Log:
 OAK-91 - Implement Authentication Support (WIP)
 - add (still commented) implementation for user-validation and principal access
 - expose root instead of contentsession in RepositoryCallback (TODO: need a fast way to create functional root object 
    from the nodestore without having to call login and contentsession#getLatestRoot which is unbearably slow).
 OAK-50 - User Management (WIP)
 - make creation of userprovider indenpendant of contentsession
 - move password handing to userprovider
 - simplify user-mgt implementation

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/api/Root.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/query/AbstractQueryTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/util/JsopUtilTest.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/api/Root.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/api/Root.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/api/Root.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/api/Root.java Fri Oct  5 09:08:14 2012
@@ -135,4 +135,11 @@ public interface Root {
     @Nonnull
     SessionQueryEngine getQueryEngine();
 
+    /**
+     * Get the value factory.
+     *
+     * @return the value factory
+     */
+    CoreValueFactory getValueFactory();
+
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java Fri Oct  5 09:08:14 2012
@@ -28,6 +28,7 @@ import javax.security.auth.Subject;
 
 import org.apache.jackrabbit.oak.api.ChangeExtractor;
 import org.apache.jackrabbit.oak.api.CommitFailedException;
+import org.apache.jackrabbit.oak.api.CoreValueFactory;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.SessionQueryEngine;
 import org.apache.jackrabbit.oak.api.TreeLocation;
@@ -111,6 +112,7 @@ public class RootImpl implements Root {
      * @param workspaceName name of the workspace
      * @param subject       the subject.
      * @param accProvider   the access control context provider.
+     * @param indexProvider the query index provider.
      */
     @SuppressWarnings("UnusedParameters")
     public RootImpl(NodeStore store,
@@ -247,6 +249,16 @@ public class RootImpl implements Root {
         };
     }
 
+    @Override
+    public SessionQueryEngine getQueryEngine() {
+        return new SessionQueryEngineImpl(store, indexProvider);
+    }
+
+    @Override
+    public CoreValueFactory getValueFactory() {
+        return store.getValueFactory();
+    }
+
     //-----------------------------------------------------------< internal >---
 
     /**
@@ -303,9 +315,4 @@ public class RootImpl implements Root {
             purgeListener.purged();
         }
     }
-    @Override
-    public SessionQueryEngine getQueryEngine() {
-        return new SessionQueryEngineImpl(store, indexProvider);
-    }
-
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java Fri Oct  5 09:08:14 2012
@@ -21,7 +21,6 @@ import javax.jcr.Session;
 import javax.security.auth.login.Configuration;
 
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
-import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.security.authentication.ConfigurationImpl;
@@ -68,17 +67,17 @@ public class SecurityProviderImpl implem
         return new PrincipalConfiguration() {
             @Nonnull
             @Override
-            public PrincipalManager getPrincipalManager(Session session, ContentSession contentSession, Root root, NamePathMapper namePathMapper) {
-                PrincipalProvider principalProvider = getPrincipalProvider(contentSession, root, namePathMapper);
+            public PrincipalManager getPrincipalManager(Session session, Root root, NamePathMapper namePathMapper) {
+                PrincipalProvider principalProvider = getPrincipalProvider(root, namePathMapper);
                 return new PrincipalManagerImpl(principalProvider);
             }
 
             @Nonnull
             @Override
-            public PrincipalProvider getPrincipalProvider(ContentSession contentSession, Root root, NamePathMapper namePathMapper) {
+            public PrincipalProvider getPrincipalProvider(Root root, NamePathMapper namePathMapper) {
                 UserContext userContext = getUserContext();
-                UserProvider userProvider = userContext.getUserProvider(contentSession, root);
-                MembershipProvider msProvider = userContext.getMembershipProvider(contentSession, root);
+                UserProvider userProvider = userContext.getUserProvider(root);
+                MembershipProvider msProvider = userContext.getMembershipProvider(root);
                 return new PrincipalProviderImpl(userProvider, msProvider, namePathMapper);
             }
         };

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java Fri Oct  5 09:08:14 2012
@@ -22,7 +22,10 @@ import javax.jcr.Credentials;
 import javax.jcr.GuestCredentials;
 import javax.jcr.SimpleCredentials;
 
+import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
+import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
+import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 
 /**
  * AuthenticationImpl...
@@ -30,22 +33,32 @@ import org.apache.jackrabbit.oak.spi.sec
 public class AuthenticationImpl implements Authentication {
 
     private final String userID;
+    private final UserProvider userProvider;
 
-    public AuthenticationImpl(String userID) {
+    public AuthenticationImpl(String userID, UserProvider userProvider) {
         this.userID = userID;
+        this.userProvider = userProvider;
     }
 
     @Override
     public boolean authenticate(Credentials credentials) {
-        if (credentials instanceof SimpleCredentials) {
-            // TODO
-            return true;
-        } else if (credentials instanceof GuestCredentials) {
-            // TODO
-            return true;
-        } else {
-            return false;
-        }
+        // TODO
+        return true;
+
+//        if (userProvider == null || userID == null) {
+//            return false;
+//        }
+//
+//        if (credentials instanceof SimpleCredentials) {
+//            SimpleCredentials creds = (SimpleCredentials) credentials;
+//            return userID.equals(creds.getUserID()) &&
+//                    PasswordUtility.isSame(userProvider.getPassword(userID), creds.getPassword());
+//        } else if (credentials instanceof GuestCredentials) {
+//            return userProvider.getAuthorizable(userID) != null;
+//        } else {
+//            // unsupported credentials object
+//            return false;
+//        }
     }
 
     @Override

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java Fri Oct  5 09:08:14 2012
@@ -106,8 +106,6 @@ public class LoginModuleImpl extends Abs
     @Override
     public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
         super.initialize(subject, callbackHandler, sharedState, options);
-
-        // TODO
     }
 
     @Override
@@ -116,7 +114,7 @@ public class LoginModuleImpl extends Abs
         credentials = getCredentials();
         userID = getUserID();
 
-        Authentication authentication = new AuthenticationImpl(userID);
+        Authentication authentication = new AuthenticationImpl(userID, getUserProvider());
         boolean success = authentication.authenticate(credentials);
         if (!success) {
             success = impersonate(authentication);
@@ -173,7 +171,7 @@ public class LoginModuleImpl extends Abs
             if (credentials instanceof SimpleCredentials) {
                 userID = ((SimpleCredentials) credentials).getUserID();
             } else if (credentials instanceof GuestCredentials) {
-                userID = "anonymous";
+                userID = getAnonymousID();
             } else if (credentials instanceof ImpersonationCredentials) {
                 Credentials bc = ((ImpersonationCredentials) credentials).getBaseCredentials();
                 if (bc instanceof SimpleCredentials) {
@@ -199,6 +197,11 @@ public class LoginModuleImpl extends Abs
         return userID;
     }
 
+    private String getAnonymousID() {
+        // TODO
+        return "anonymous";
+    }
+
     private boolean impersonate(Authentication authentication) {
         if (credentials instanceof ImpersonationCredentials) {
             AuthInfo info = ((ImpersonationCredentials) credentials).getImpersonatorInfo();

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java Fri Oct  5 09:08:14 2012
@@ -36,7 +36,6 @@ import javax.jcr.SimpleCredentials;
 import org.apache.jackrabbit.JcrConstants;
 import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
 import org.apache.jackrabbit.oak.api.CommitFailedException;
-import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.CoreValueFactory;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Root;
@@ -96,17 +95,15 @@ public class TokenProviderImpl implement
 
     private static final char DELIM = '_';
 
-    private final ContentSession contentSession;
     private final Root root;
     private final UserProvider userProvider;
     private final long tokenExpiration;
 
-    public TokenProviderImpl(ContentSession contentSession, long tokenExpiration, UserContext userContext) {
-        this.contentSession = contentSession;
-        this.root = contentSession.getLatestRoot();
+    public TokenProviderImpl(Root root, long tokenExpiration, UserContext userContext) {
+        this.root = root;
         this.tokenExpiration = tokenExpiration;
 
-        this.userProvider = userContext.getUserProvider(contentSession, root);
+        this.userProvider = userContext.getUserProvider(root);
     }
 
     //------------------------------------------------------< TokenProvider >---
@@ -126,7 +123,7 @@ public class TokenProviderImpl implement
         SimpleCredentials sc = extractSimpleCredentials(credentials);
         if (sc != null) {
             String userId = sc.getUserID();
-            CoreValueFactory valueFactory = contentSession.getCoreValueFactory();
+            CoreValueFactory valueFactory = root.getValueFactory();
             try {
                 Tree userTree = userProvider.getAuthorizable(userId, Type.USER);
                 if (userTree != null) {
@@ -188,7 +185,7 @@ public class TokenProviderImpl implement
         if (tokenTree == null || userId == null) {
             return null;
         } else {
-            return new TokenInfoImpl(new NodeUtil(tokenTree, contentSession), token, userId);
+            return new TokenInfoImpl(new NodeUtil(tokenTree, root.getValueFactory()), token, userId);
         }
     }
 
@@ -212,7 +209,7 @@ public class TokenProviderImpl implement
     public boolean resetTokenExpiration(TokenInfo tokenInfo, long loginTime) {
         Tree tokenTree = getTokenTree(tokenInfo);
         if (tokenTree != null) {
-            NodeUtil tokenNode = new NodeUtil(tokenTree, contentSession);
+            NodeUtil tokenNode = new NodeUtil(tokenTree, root.getValueFactory());
             long expTime = tokenNode.getLong(TOKEN_ATTRIBUTE_EXPIRY, 0);
             if (expTime - loginTime <= tokenExpiration/2) {
                 long expirationTime = loginTime + tokenExpiration;

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java Fri Oct  5 09:08:14 2012
@@ -109,7 +109,6 @@ public class PrivilegeRegistry implement
 
     private void internalRegisterDefinitions(PrivilegeDefinition toRegister) throws RepositoryException {
         Root root = contentSession.getLatestRoot();
-
         try {
             // make sure the privileges path is defined
             Tree privilegesTree = root.getTree(PRIVILEGES_PATH);
@@ -117,7 +116,7 @@ public class PrivilegeRegistry implement
                 throw new RepositoryException("Repository doesn't contain node " + PRIVILEGES_PATH);
             }
 
-            NodeUtil privilegesNode = new NodeUtil(privilegesTree, contentSession);
+            NodeUtil privilegesNode = new NodeUtil(privilegesTree, root.getValueFactory());
             writeDefinition(privilegesNode, toRegister);
 
             // delegate validation to the commit validation (see above)

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java Fri Oct  5 09:08:14 2012
@@ -17,7 +17,6 @@
 package org.apache.jackrabbit.oak.security.user;
 
 import org.apache.jackrabbit.JcrConstants;
-import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.CoreValueFactory;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
@@ -40,13 +39,15 @@ abstract class AuthorizableBaseProvider 
      */
     private static final Logger log = LoggerFactory.getLogger(AuthorizableBaseProvider.class);
 
-    final CoreValueFactory valueFactory;
+    final UserConfig config;
     final Root root;
+    final CoreValueFactory valueFactory;
     final IdentifierManager identifierManager;
 
-    AuthorizableBaseProvider(ContentSession contentSession, Root root, UserConfig config) {
-        this.valueFactory = contentSession.getCoreValueFactory();
+    AuthorizableBaseProvider(Root root, UserConfig config) {
         this.root = root;
+        this.config = config;
+        this.valueFactory = root.getValueFactory();
         this.identifierManager = new IdentifierManager(root);
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java Fri Oct  5 09:08:14 2012
@@ -39,6 +39,7 @@ import org.apache.jackrabbit.oak.api.Tre
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
+import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.apache.jackrabbit.util.Text;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -321,6 +322,14 @@ abstract class AuthorizableImpl implemen
     }
 
     /**
+     * @return The user provider associated with this authorizable
+     */
+    @Nonnull
+    UserProvider getUserProvider() {
+        return userManager.getUserProvider();
+    }
+
+    /**
      * @return The principal name of this authorizable.
      * @throws RepositoryException If no principal name can be retrieved.
      */

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java Fri Oct  5 09:08:14 2012
@@ -52,7 +52,7 @@ class GroupImpl extends AuthorizableImpl
 
     @Override
     void checkValidTree(Tree tree) throws RepositoryException {
-        if (tree == null || !getUserManager().getUserProvider().isAuthorizableType(tree, Type.GROUP)) {
+        if (tree == null || !getUserProvider().isAuthorizableType(tree, Type.GROUP)) {
             throw new IllegalArgumentException("Invalid group node: node type rep:Group expected.");
         }
     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java Fri Oct  5 09:08:14 2012
@@ -31,7 +31,6 @@ import com.google.common.collect.Iterato
 import com.google.common.collect.Lists;
 
 import org.apache.jackrabbit.commons.iterator.RangeIteratorAdapter;
-import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.CoreValue;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Root;
@@ -87,8 +86,8 @@ public class MembershipProviderImpl exte
 
     private final int splitSize;
 
-    MembershipProviderImpl(ContentSession contentSession, Root root, UserConfig config) {
-        super(contentSession, root, config);
+    MembershipProviderImpl(Root root, UserConfig config) {
+        super(root, config);
 
         int splitValue = config.getConfigValue(UserConfig.PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE, 0);
         if (splitValue != 0 && splitValue < 4) {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java Fri Oct  5 09:08:14 2012
@@ -21,7 +21,6 @@ import java.util.List;
 import javax.jcr.Session;
 
 import org.apache.jackrabbit.api.security.user.UserManager;
-import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
@@ -47,13 +46,13 @@ public class UserContextImpl implements 
     }
 
     @Override
-    public UserProvider getUserProvider(ContentSession contentSession, Root root) {
-        return new UserProviderImpl(contentSession, root, config);
+    public UserProvider getUserProvider(Root root) {
+        return new UserProviderImpl(root, config);
     }
 
     @Override
-    public MembershipProvider getMembershipProvider(ContentSession contentSession, Root root) {
-        return new MembershipProviderImpl(contentSession, root, config);
+    public MembershipProvider getMembershipProvider(Root root) {
+        return new MembershipProviderImpl(root, config);
     }
 
     @Override
@@ -63,10 +62,9 @@ public class UserContextImpl implements 
     }
 
     @Override
-    public UserManager getUserManager(Session session, ContentSession contentSession,
-                                      Root root, NamePathMapper namePathMapper) {
-        UserProvider up = getUserProvider(contentSession, root);
-        MembershipProvider mp = getMembershipProvider(contentSession, root);
+    public UserManager getUserManager(Session session, Root root, NamePathMapper namePathMapper) {
+        UserProvider up = getUserProvider(root);
+        MembershipProvider mp = getMembershipProvider(root);
         return new UserManagerImpl(session, namePathMapper, up, mp, config);
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java Fri Oct  5 09:08:14 2012
@@ -49,7 +49,7 @@ class UserImpl extends AuthorizableImpl 
     }
 
     void checkValidTree(Tree tree) throws RepositoryException {
-        if (tree == null || !getUserManager().getUserProvider().isAuthorizableType(tree, Type.USER)) {
+        if (tree == null || !getUserProvider().isAuthorizableType(tree, Type.USER)) {
             throw new IllegalArgumentException("Invalid user node: node type rep:User expected.");
         }
     }
@@ -79,7 +79,7 @@ class UserImpl extends AuthorizableImpl 
      */
     @Override
     public boolean isAdmin() {
-        return getUserManager().getUserProvider().isAdminUser(getTree());
+        return getUserProvider().isAdminUser(getTree());
     }
 
     /**
@@ -107,7 +107,7 @@ class UserImpl extends AuthorizableImpl 
     public void changePassword(String password) throws RepositoryException {
         UserManagerImpl userManager = getUserManager();
         userManager.onPasswordChange(this, password);
-        userManager.setPassword(getTree(), password, true);
+        getUserProvider().setPassword(getTree(), password, true);
     }
 
     /**
@@ -169,10 +169,10 @@ class UserImpl extends AuthorizableImpl 
     //--------------------------------------------------------------------------
 
     void setProtectedProperty(String oakName, String value) throws RepositoryException {
-        getUserManager().getUserProvider().setProtectedProperty(getTree(), oakName, value, PropertyType.STRING);
+        getUserProvider().setProtectedProperty(getTree(), oakName, value, PropertyType.STRING);
     }
 
     void setProtectedProperty(String oakName, String[] values) throws RepositoryException {
-        getUserManager().getUserProvider().setProtectedProperty(getTree(), oakName, values, PropertyType.STRING);
+        getUserProvider().setProtectedProperty(getTree(), oakName, values, PropertyType.STRING);
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java Fri Oct  5 09:08:14 2012
@@ -16,8 +16,6 @@
  */
 package org.apache.jackrabbit.oak.security.user;
 
-import java.io.UnsupportedEncodingException;
-import java.security.NoSuchAlgorithmException;
 import java.security.Principal;
 import java.util.Iterator;
 import javax.annotation.CheckForNull;
@@ -38,7 +36,6 @@ import org.apache.jackrabbit.oak.securit
 import org.apache.jackrabbit.oak.security.user.query.XPathQueryEvaluator;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
-import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
 import org.apache.jackrabbit.oak.spi.security.user.Type;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
@@ -147,7 +144,7 @@ public class UserManagerImpl implements 
         }
         Tree userTree = userProvider.createUser(userID, intermediatePath);
         setPrincipal(userTree, principal);
-        setPassword(userTree, password, true);
+        userProvider.setPassword(userTree, password, true);
 
         User user = new UserImpl(userID, userTree, this);
         onCreate(user, password);
@@ -283,41 +280,6 @@ public class UserManagerImpl implements 
     }
 
     //--------------------------------------------------------------------------
-    /**
-     *
-     *
-     * @param userTree The tree representing the user.
-     * @param password The plaintext password to set.
-     * @param forceHash If true the specified password will always be hashed.
-     * @throws javax.jcr.RepositoryException If an error occurs
-     */
-    void setPassword(Tree userTree, String password, boolean forceHash) throws RepositoryException {
-        if (password == null) {
-            log.debug("Password is null.");
-            return;
-        }
-        String pwHash;
-        if (forceHash || PasswordUtility.isPlainTextPassword(password)) {
-            try {
-                pwHash = PasswordUtility.buildPasswordHash(password, config);
-            } catch (NoSuchAlgorithmException e) {
-                throw new RepositoryException(e);
-            } catch (UnsupportedEncodingException e) {
-                throw new RepositoryException(e);
-            }
-        } else {
-            pwHash = password;
-        }
-        getUserProvider().setProtectedProperty(userTree, UserConstants.REP_PASSWORD, pwHash, PropertyType.STRING);
-    }
-
-    void setPrincipal(Tree userTree, Principal principal) throws RepositoryException {
-        // TODO: remove check once user-validator properly enforces that constraint
-        if (userTree.getStatus() != Tree.Status.NEW || userTree.hasProperty(UserConstants.REP_PRINCIPAL_NAME)) {
-            throw new RepositoryException("rep:principalName can only be set once on a new node.");
-        }
-        getUserProvider().setProtectedProperty(userTree, UserConstants.REP_PRINCIPAL_NAME, principal.getName(), PropertyType.STRING);
-    }
 
     Session getSession() {
         return session;
@@ -374,6 +336,10 @@ public class UserManagerImpl implements 
         }
     }
 
+    private void setPrincipal(Tree userTree, Principal principal) {
+        getUserProvider().setProtectedProperty(userTree, UserConstants.REP_PRINCIPAL_NAME, principal.getName(), PropertyType.STRING);
+    }
+
     private static Type getAuthorizableType(int searchType) {
         switch (searchType) {
             case UserManager.SEARCH_TYPE_USER:

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java Fri Oct  5 09:08:14 2012
@@ -16,17 +16,18 @@
  */
 package org.apache.jackrabbit.oak.security.user;
 
+import java.io.UnsupportedEncodingException;
+import java.security.NoSuchAlgorithmException;
 import java.security.Principal;
 import java.text.ParseException;
 import java.util.Collections;
 import java.util.Iterator;
-
+import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.nodetype.ConstraintViolationException;
 import javax.jcr.query.Query;
 
 import org.apache.jackrabbit.JcrConstants;
-import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.CoreValue;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Result;
@@ -36,6 +37,7 @@ import org.apache.jackrabbit.oak.api.Tre
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.plugins.memory.SinglePropertyState;
 import org.apache.jackrabbit.oak.spi.security.principal.TreeBasedPrincipal;
+import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
 import org.apache.jackrabbit.oak.spi.security.user.Type;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
@@ -152,16 +154,14 @@ class UserProviderImpl extends Authoriza
     private static final String DELIMITER = "/";
 
     private final int defaultDepth;
-    private final String adminId;
 
     private final String groupPath;
     private final String userPath;
 
-    UserProviderImpl(ContentSession contentSession, Root root, UserConfig config) {
-        super(contentSession, root, config);
+    UserProviderImpl(Root root, UserConfig config) {
+        super(root, config);
 
         defaultDepth = config.getConfigValue(UserConfig.PARAM_DEFAULT_DEPTH, DEFAULT_DEPTH);
-        adminId = config.getAdminId();
 
         groupPath = config.getConfigValue(UserConfig.PARAM_GROUP_PATH, DEFAULT_GROUP_PATH);
         userPath = config.getConfigValue(UserConfig.PARAM_USER_PATH, DEFAULT_USER_PATH);
@@ -253,7 +253,39 @@ class UserProviderImpl extends Authoriza
     @Override
     public boolean isAdminUser(Tree userTree) {
         checkNotNull(userTree);
-        return adminId.equals(getAuthorizableId(userTree));
+        return config.getAdminId().equals(getAuthorizableId(userTree));
+    }
+
+    @Override
+    public String getPassword(String userID) {
+        Tree userTree = getAuthorizable(userID, Type.USER);
+        if (userTree != null) {
+            NodeUtil n = new NodeUtil(userTree, valueFactory);
+            return n.getString(UserConstants.REP_PASSWORD, null);
+        } else {
+            return null;
+        }
+    }
+
+    @Override
+    public void setPassword(Tree userTree, String password, boolean forceHash) throws RepositoryException {
+        if (password == null) {
+            log.debug("Password is null.");
+            return;
+        }
+        String pwHash;
+        if (forceHash || PasswordUtility.isPlainTextPassword(password)) {
+            try {
+                pwHash = PasswordUtility.buildPasswordHash(password, config);
+            } catch (NoSuchAlgorithmException e) {
+                throw new RepositoryException(e);
+            } catch (UnsupportedEncodingException e) {
+                throw new RepositoryException(e);
+            }
+        } else {
+            pwHash = password;
+        }
+        setProtectedProperty(userTree, UserConstants.REP_PASSWORD, pwHash, PropertyType.STRING);
     }
 
     @Override

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java Fri Oct  5 09:08:14 2012
@@ -23,7 +23,6 @@ import javax.jcr.Session;
 
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.UserManager;
-import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
@@ -63,13 +62,13 @@ public class OpenSecurityProvider implem
         return new UserContext() {
             @Nonnull
             @Override
-            public UserProvider getUserProvider(ContentSession contentSession, Root root) {
+            public UserProvider getUserProvider(Root root) {
                 throw new UnsupportedOperationException();
             }
 
             @Nonnull
             @Override
-            public MembershipProvider getMembershipProvider(ContentSession contentSession, Root root) {
+            public MembershipProvider getMembershipProvider(Root root) {
                 throw new UnsupportedOperationException();
             }
 
@@ -81,7 +80,7 @@ public class OpenSecurityProvider implem
 
             @Nonnull
             @Override
-            public UserManager getUserManager(Session session, ContentSession contentSession, Root root, NamePathMapper namePathMapper) {
+            public UserManager getUserManager(Session session, Root root, NamePathMapper namePathMapper) {
                 throw new UnsupportedOperationException();
             }
         };
@@ -93,13 +92,13 @@ public class OpenSecurityProvider implem
         return new PrincipalConfiguration() {
             @Nonnull
             @Override
-            public PrincipalManager getPrincipalManager(Session session, ContentSession contentSession, Root root, NamePathMapper namePathMapper) {
+            public PrincipalManager getPrincipalManager(Session session, Root root, NamePathMapper namePathMapper) {
                 throw new UnsupportedOperationException();
             }
 
             @Nonnull
             @Override
-            public PrincipalProvider getPrincipalProvider(ContentSession contentSession, Root root, NamePathMapper namePathMapper) {
+            public PrincipalProvider getPrincipalProvider(Root root, NamePathMapper namePathMapper) {
                 return new OpenPrincipalProvider();
             }
         };

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java Fri Oct  5 09:08:14 2012
@@ -22,6 +22,7 @@ import java.util.Collections;
 import java.util.Map;
 import java.util.Set;
 import javax.annotation.CheckForNull;
+import javax.annotation.Nonnull;
 import javax.jcr.Credentials;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
@@ -30,7 +31,7 @@ import javax.security.auth.callback.Unsu
 import javax.security.auth.login.LoginException;
 import javax.security.auth.spi.LoginModule;
 
-import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.callback.CredentialsCallback;
@@ -39,6 +40,7 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.authentication.callback.SecurityProviderCallback;
 import org.apache.jackrabbit.oak.spi.security.principal.OpenPrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
+import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -69,6 +71,9 @@ public abstract class AbstractLoginModul
     protected CallbackHandler callbackHandler;
     protected Map sharedState;
 
+    private SecurityProvider securityProvider;
+    private Root root;
+
     //--------------------------------------------------------< LoginModule >---
     @Override
     public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
@@ -92,6 +97,7 @@ public abstract class AbstractLoginModul
     }
 
     //--------------------------------------------------------------------------
+    @Nonnull
     protected abstract Set<Class> getSupportedCredentials();
 
     @CheckForNull
@@ -156,6 +162,7 @@ public abstract class AbstractLoginModul
     }
 
 
+    @Nonnull
     protected Set<? extends Principal> getPrincipals(String userID) {
         PrincipalProvider principalProvider = getPrincipalProvider();
         if (principalProvider == null) {
@@ -166,43 +173,73 @@ public abstract class AbstractLoginModul
         }
     }
 
-    private PrincipalProvider getPrincipalProvider() {
-        // TODO: replace fake pp to enable proper principal resolution. code below works but...
+    @CheckForNull
+    protected PrincipalProvider getPrincipalProvider() {
+        // TODO: replace fake pp to enable proper principal resolution.
         return new OpenPrincipalProvider();
 //        PrincipalProvider principalProvider = null;
-//        if (callbackHandler != null) {
-//            RepositoryCallback rcb = new RepositoryCallback();
-//            SecurityProviderCallback scb = new SecurityProviderCallback();
+//
+//        SecurityProvider sp = getSecurityProvider();
+//        Root r = getRoot();
+//        if (root != null && securityProvider != null) {
+//            principalProvider = securityProvider.getPrincipalConfiguration().getPrincipalProvider(root, NamePathMapper.DEFAULT);
+//        }
+//
+//        if (principalProvider == null && callbackHandler != null) {
 //            try {
-//                callbackHandler.handle(new Callback[] {rcb,  scb});
-//                ContentSession contentSession = rcb.getContentSession();
-//                SecurityProvider securityProvider = scb.getSecurityProvider();
-//                if (contentSession != null && securityProvider != null) {
-//                    // FIXME: getLatestRoot is unbearable slow.
-//                    // FIXME: - either use a different Root that passed from the repo to the callback-handler or
-//                    // FIXME: - fix mk such that retrieving the root is for free
-//                    principalProvider = securityProvider.getPrincipalConfiguration().
-//                            getPrincipalProvider(contentSession, contentSession.getLatestRoot(), NamePathMapper.DEFAULT);
-//                }
-//            } catch (UnsupportedCallbackException e) {
-//                log.debug(e.getMessage());
+//                PrincipalProviderCallback principalCallBack = new PrincipalProviderCallback();
+//                callbackHandler.handle(new Callback[] {principalCallBack});
+//                principalProvider = principalCallBack.getPrincipalProvider();
 //            } catch (IOException e) {
 //                log.debug(e.getMessage());
+//            } catch (UnsupportedCallbackException e) {
+//                log.debug(e.getMessage());
 //            }
-//
-//            if (principalProvider == null) {
-//                try {
-//                    PrincipalProviderCallback principalCallBack = new PrincipalProviderCallback();
-//                    callbackHandler.handle(new Callback[] {principalCallBack});
-//                    principalProvider = principalCallBack.getPrincipalProvider();
-//                } catch (IOException e) {
-//                    log.debug(e.getMessage());
-//                } catch (UnsupportedCallbackException e) {
-//                    log.debug(e.getMessage());
-//                }
-//            }
-//
 //        }
 //        return principalProvider;
     }
+
+    @CheckForNull
+    protected UserProvider getUserProvider() {
+        return null; // TODO
+//        SecurityProvider sp = getSecurityProvider();
+//        Root r = getRoot();
+//        if (root != null && securityProvider != null) {
+//            return securityProvider.getUserContext().getUserProvider(root);
+//        } else {
+//            return null;
+//        }
+    }
+
+    @CheckForNull
+    private SecurityProvider getSecurityProvider() {
+        if (securityProvider == null && callbackHandler != null) {
+            SecurityProviderCallback scb = new SecurityProviderCallback();
+            try {
+                callbackHandler.handle(new Callback[] {scb});
+                securityProvider = scb.getSecurityProvider();
+            } catch (UnsupportedCallbackException e) {
+                log.debug(e.getMessage());
+            } catch (IOException e) {
+                log.debug(e.getMessage());
+            }
+        }
+        return securityProvider;
+    }
+
+    @CheckForNull
+    private Root getRoot() {
+        if (root == null) {
+            RepositoryCallback rcb = new RepositoryCallback();
+            try {
+                callbackHandler.handle(new Callback[] {rcb});
+                root = rcb.getRoot();
+            } catch (UnsupportedCallbackException e) {
+                log.debug(e.getMessage());
+            } catch (IOException e) {
+                log.debug(e.getMessage());
+            }
+        }
+        return root;
+    }
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java Fri Oct  5 09:08:14 2012
@@ -47,7 +47,7 @@ import org.slf4j.LoggerFactory;
  *     <li>Try to retrieve JCR credentials from the {@link CallbackHandler} using
  *     the {@link CredentialsCallback}</li>
  *     <li>In case no credentials could be obtained it pushes a new instance of
- *     {@link GuestCredentials} to the shared stated. Subsequent login module
+ *     {@link GuestCredentials} to the shared stated. Subsequent login modules
  *     in the authentication process may retrieve the {@link GuestCredentials}
  *     instead of failing to obtain any credentials.</li>
  * </ol>
@@ -116,7 +116,7 @@ public class GuestLoginModule implements
 
     @Override
     public boolean commit() throws LoginException {
-        if (guestCredentials != null) {
+        if (guestCredentials != null && !subject.isReadOnly()) {
             subject.getPublicCredentials().add(guestCredentials);
             subject.getPrincipals().add(EveryonePrincipal.getInstance());
         }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java Fri Oct  5 09:08:14 2012
@@ -21,7 +21,7 @@ import javax.jcr.NoSuchWorkspaceExceptio
 import javax.security.auth.callback.Callback;
 import javax.security.auth.login.LoginException;
 
-import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.core.ContentRepositoryImpl;
 import org.apache.jackrabbit.oak.spi.security.OpenSecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
@@ -49,12 +49,14 @@ public class RepositoryCallback implemen
     }
 
     @CheckForNull
-    public ContentSession getContentSession() {
+    public Root getRoot() {
         if (nodeStore != null) {
             try {
-                // TODO rather use Oak or similar setup mechanism
+                // FIXME: need a direct and fast way to create Root from the node store
+                // FIXME: - without login
+                // FIXME: - without ContentSession#getLatestRoot which is unbearably slow
                 SecurityProvider sp = new OpenSecurityProvider();
-                return new ContentRepositoryImpl(nodeStore, null, sp).login(null, workspaceName);
+                return new ContentRepositoryImpl(nodeStore, null, sp).login(null, workspaceName).getLatestRoot();
             } catch (LoginException e) {
                 log.warn("Internal error ", e.getMessage());
             } catch (NoSuchWorkspaceException e) {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java Fri Oct  5 09:08:14 2012
@@ -30,8 +30,8 @@ import org.apache.jackrabbit.oak.namepat
 public interface PrincipalConfiguration {
 
     @Nonnull
-    public PrincipalManager getPrincipalManager(Session session, ContentSession contentSession, Root root, NamePathMapper namePathMapper);
+    public PrincipalManager getPrincipalManager(Session session, Root root, NamePathMapper namePathMapper);
 
     @Nonnull
-    public PrincipalProvider getPrincipalProvider(ContentSession contentSession, Root root, NamePathMapper namePathMapper);
+    public PrincipalProvider getPrincipalProvider(Root root, NamePathMapper namePathMapper);
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java Fri Oct  5 09:08:14 2012
@@ -129,8 +129,21 @@ public class PasswordUtility {
      *
      * @param hashedPassword Password hash.
      * @param password The password to compare.
-     * @return If the hash of the specified {@code password} equals the given
-     * {@code hashedPassword} string.
+     * @return If the hash created from the specified {@code password} equals
+     * the given {@code hashedPassword} string.
+     */
+    public static boolean isSame(String hashedPassword, char[] password) {
+        return isSame(hashedPassword, String.valueOf(password));
+    }
+
+    /**
+     * Returns {@code true} if hash of the specified {@code password} equals the
+     * given hashed password.
+     *
+     * @param hashedPassword Password hash.
+     * @param password The password to compare.
+     * @return If the hash created from the specified {@code password} equals
+     * the given {@code hashedPassword} string.
      */
     public static boolean isSame(String hashedPassword, String password) {
         try {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java Fri Oct  5 09:08:14 2012
@@ -37,6 +37,14 @@ public class UserConfig {
     private static final Logger log = LoggerFactory.getLogger(UserConfig.class);
 
     /**
+     * Configuration option defining the ID of the anonymous user. The ID
+     * might be {@code null} of no anonymous user exists. In this case
+     * Session#getUserID() may return {@code null} if it has been obtained
+     * using {@link javax.jcr.GuestCredentials}.
+     */
+    public static final String PARAM_ANONYMOUS_ID = "anonymousId";
+
+    /**
      * Configuration option to define the path underneath which user nodes
      * are being created.
      */
@@ -104,6 +112,10 @@ public class UserConfig {
         return adminId;
     }
 
+    public String getAnonymousId() {
+        return getConfigValue(PARAM_ANONYMOUS_ID, null);
+    }
+
     public <T> T getConfigValue(String key, T defaultValue) {
         if (options != null && options.containsKey(key)) {
             return convert(options.get(key), defaultValue);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java Fri Oct  5 09:08:14 2012
@@ -21,7 +21,6 @@ import javax.annotation.Nonnull;
 import javax.jcr.Session;
 
 import org.apache.jackrabbit.api.security.user.UserManager;
-import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
@@ -32,14 +31,14 @@ import org.apache.jackrabbit.oak.spi.com
 public interface UserContext {
 
     @Nonnull
-    UserProvider getUserProvider(ContentSession contentSession, Root root);
+    UserProvider getUserProvider(Root root);
 
     @Nonnull
-    MembershipProvider getMembershipProvider(ContentSession contentSession, Root root);
+    MembershipProvider getMembershipProvider(Root root);
 
     @Nonnull
     List<ValidatorProvider> getValidatorProviders();
 
     @Nonnull
-    UserManager getUserManager(Session session, ContentSession contentSession, Root root, NamePathMapper namePathMapper);
+    UserManager getUserManager(Session session, Root root, NamePathMapper namePathMapper);
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java Fri Oct  5 09:08:14 2012
@@ -83,6 +83,27 @@ public interface UserProvider {
 
     boolean isAdminUser(Tree userTree);
 
+    /**
+     * Returns the password hash for the user with the specified ID or {@code null}
+     * if the user does not exist or if the hash is not accessible for the editing
+     * session.
+     *
+     * @param userID The id of a user.
+     * @return the password hash or {@code null}.
+     */
+    String getPassword(String userID);
+
+    /**
+     * Set the password for the user identified by the specified {@code userTree}.
+     *
+     * @param userTree The tree representing the user.
+     * @param password The plaintext password to set.
+     * @param forceHash If true the specified password needs to be hashed irrespective
+     * of it's format.
+     * @throws javax.jcr.RepositoryException If an error occurs
+     */
+    void setPassword(Tree userTree, String password, boolean forceHash) throws RepositoryException;
+
     void setProtectedProperty(Tree authorizableTree, String propertyName, String value, int propertyType);
 
     void setProtectedProperty(Tree v, String propertyName, String[] values, int propertyType);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java Fri Oct  5 09:08:14 2012
@@ -30,7 +30,6 @@ import javax.jcr.ValueFactory;
 import com.google.common.collect.Iterables;
 import com.google.common.collect.Lists;
 import org.apache.jackrabbit.JcrConstants;
-import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.CoreValue;
 import org.apache.jackrabbit.oak.api.CoreValueFactory;
 import org.apache.jackrabbit.oak.api.PropertyState;
@@ -75,10 +74,6 @@ public class NodeUtil {
         this(tree, factory, NamePathMapper.DEFAULT);
     }
 
-    public NodeUtil(Tree tree, ContentSession contentSession) {
-        this(tree, contentSession.getCoreValueFactory());
-    }
-
     public NodeUtil(Tree tree) {
         this(tree, MemoryValueFactory.INSTANCE);
     }

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/query/AbstractQueryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/query/AbstractQueryTest.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/query/AbstractQueryTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/query/AbstractQueryTest.java Fri Oct  5 09:08:14 2012
@@ -43,9 +43,9 @@ public abstract class AbstractQueryTest 
     public void before() throws Exception {
         super.before();
         session = createAdminSession();
-        vf = session.getCoreValueFactory();
         root = session.getLatestRoot();
         qe = root.getQueryEngine();
+        vf = root.getValueFactory();
     }
 
     protected Result executeQuery(String statement, String language, HashMap<String, CoreValue> sv) throws ParseException {

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java Fri Oct  5 09:08:14 2012
@@ -108,13 +108,13 @@ public class UserProviderImplTest extend
     }
 
     private UserProvider createUserProvider() {
-        return new UserProviderImpl(contentSession, root, defaultConfig);
+        return new UserProviderImpl(root, defaultConfig);
     }
 
     private UserProvider createUserProvider(int defaultDepth) {
         Map<String, Object> options = new HashMap<String, Object>(customOptions);
         options.put(UserConfig.PARAM_DEFAULT_DEPTH, defaultDepth);
-        return new UserProviderImpl(contentSession, root, new UserConfig("admin", options, Collections.<AuthorizableAction>emptySet()));
+        return new UserProviderImpl(root, new UserConfig("admin", options, Collections.<AuthorizableAction>emptySet()));
     }
 
     @Test

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/util/JsopUtilTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/util/JsopUtilTest.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/util/JsopUtilTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/util/JsopUtilTest.java Fri Oct  5 09:08:14 2012
@@ -43,7 +43,7 @@ public class JsopUtilTest extends Abstra
         super.before();
         session = createAdminSession();
         root = session.getLatestRoot();
-        vf = session.getCoreValueFactory();
+        vf = root.getValueFactory();
     }
 
     @Override

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java?rev=1394418&r1=1394417&r2=1394418&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java Fri Oct  5 09:08:14 2012
@@ -477,7 +477,7 @@ public class SessionDelegate {
     @Nonnull
     PrincipalManager getPrincipalManager() throws RepositoryException {
         if (securityProvider != null) {
-            return securityProvider.getPrincipalConfiguration().getPrincipalManager(session, contentSession, root, getNamePathMapper());
+            return securityProvider.getPrincipalConfiguration().getPrincipalManager(session, root, getNamePathMapper());
         } else {
             throw new UnsupportedRepositoryOperationException("Principal management not supported.");
         }
@@ -486,7 +486,7 @@ public class SessionDelegate {
     @Nonnull
     UserManager getUserManager() throws UnsupportedRepositoryOperationException {
         if (securityProvider != null) {
-            return securityProvider.getUserContext().getUserManager(session, contentSession, root, getNamePathMapper());
+            return securityProvider.getUserContext().getUserManager(session, root, getNamePathMapper());
         } else {
             throw new UnsupportedRepositoryOperationException("User management not supported.");
         }



Mime
View raw message