jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1396552 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/core/ main/java/org/apache/jackrabbit/oak/security/ main/java/org/apache/jackrabbit/oak/security/authentication/ main/java/org/apache/jackrabbit/oak/secur...
Date Wed, 10 Oct 2012 11:51:19 GMT
Author: angela
Date: Wed Oct 10 11:51:18 2012
New Revision: 1396552

URL: http://svn.apache.org/viewvc?rev=1396552&view=rev
Log:
 OAK-91 - Implement Authentication Support (WIP)
 OAK-50 - User Management (WIP)

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ConfigurationParametersTest.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/OpenPrincipalProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java Wed Oct 10 11:51:18 2012
@@ -293,7 +293,7 @@ public class RootImpl implements Root {
     }
 
     CompiledPermissions getPermissions() {
-        return accProvider.createAccessControlContext(subject).getPermissions();
+        return accProvider.getAccessControlContext(subject).getPermissions();
     }
 
     //------------------------------------------------------------< private >---

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java Wed Oct 10 11:51:18 2012
@@ -25,12 +25,15 @@ import org.apache.jackrabbit.oak.api.Roo
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.security.authentication.ConfigurationImpl;
 import org.apache.jackrabbit.oak.security.authentication.LoginContextProviderImpl;
+import org.apache.jackrabbit.oak.security.authentication.token.TokenProviderImpl;
 import org.apache.jackrabbit.oak.security.authorization.AccessControlProviderImpl;
 import org.apache.jackrabbit.oak.security.principal.PrincipalManagerImpl;
 import org.apache.jackrabbit.oak.security.principal.PrincipalProviderImpl;
 import org.apache.jackrabbit.oak.security.user.UserContextImpl;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
@@ -57,6 +60,12 @@ public class SecurityProviderImpl implem
 
     @Nonnull
     @Override
+    public TokenProvider getTokenProvider(Root root, ConfigurationParameters options) {
+        return new TokenProviderImpl(root, options, getUserContext());
+    }
+
+    @Nonnull
+    @Override
     public UserContext getUserContext() {
         return new UserContextImpl();
     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java Wed Oct 10 11:51:18 2012
@@ -16,14 +16,17 @@
  */
 package org.apache.jackrabbit.oak.security.authentication;
 
+import java.util.Collections;
 import javax.jcr.Credentials;
 import javax.jcr.GuestCredentials;
 import javax.jcr.RepositoryException;
 import javax.jcr.SimpleCredentials;
 import javax.security.auth.Subject;
 
+import org.apache.jackrabbit.oak.api.AuthInfo;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
+import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
 import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
@@ -42,8 +45,6 @@ public class AuthenticationImpl implemen
     private final UserProvider userProvider;
     private final PrincipalProvider principalProvider;
 
-    private Tree userTree;
-
     public AuthenticationImpl(String userId, UserProvider userProvider, PrincipalProvider principalProvider) {
         this.userId = userId;
         this.userProvider = userProvider;
@@ -52,48 +53,41 @@ public class AuthenticationImpl implemen
 
     @Override
     public boolean authenticate(Credentials credentials) {
-        // TODO
-        return true;
-
-//        Tree userTree = getUserTree();
-//        if (userTree == null || userProvider.isDisabled(userTree)) {
-//            return false;
-//        }
-//
-//        if (credentials instanceof SimpleCredentials) {
-//            SimpleCredentials creds = (SimpleCredentials) credentials;
-//            return PasswordUtility.isSame(userProvider.getPasswordHash(userTree), creds.getPassword());
-//        } else {
-//            return credentials instanceof GuestCredentials;
-//        }
-    }
+        Tree userTree = getUserTree();
+        if (userTree == null || userProvider.isDisabled(userTree)) {
+            return false;
+        }
 
-    @Override
-    public boolean impersonate(Subject subject) {
-        // TODO
-        return true;
-
-//        Tree userTree = getUserTree();
-//        if (userTree == null || userProvider.isDisabled(userTree)) {
-//            return false;
-//        } else {
-//            try {
-//                return userProvider.getImpersonation(userTree, principalProvider).allows(subject);
-//            } catch (RepositoryException e) {
-//                log.debug("Error while validating impersonation", e.getMessage());
-//                return false;
-//            }
-//        }
+        boolean success;
+        if (credentials instanceof SimpleCredentials) {
+            SimpleCredentials creds = (SimpleCredentials) credentials;
+            success = PasswordUtility.isSame(userProvider.getPasswordHash(userTree), creds.getPassword());
+        } else if (credentials instanceof ImpersonationCredentials) {
+            AuthInfo info = ((ImpersonationCredentials) credentials).getImpersonatorInfo();
+            success = impersonate(info, userTree);
+        } else {
+            // guest login is allowed if an anonymous user exists in the content (see getUserTree above)
+            success = (credentials instanceof GuestCredentials);
+        }
+        return success;
     }
 
     //--------------------------------------------------------------------------
     private Tree getUserTree() {
         if (userProvider == null || userId == null) {
             return null;
+        } else {
+            return userProvider.getAuthorizable(userId, AuthorizableType.USER);
         }
-        if (userTree == null) {
-            userTree = userProvider.getAuthorizable(userId, AuthorizableType.USER);
+    }
+
+    private boolean impersonate(AuthInfo info, Tree userTree) {
+        Subject subject = new Subject(true, info.getPrincipals(), Collections.emptySet(), Collections.emptySet());
+        try {
+            return userProvider.getImpersonation(userTree, principalProvider).allows(subject);
+        } catch (RepositoryException e) {
+            log.debug("Error while validating impersonation", e.getMessage());
         }
-        return userTree;
+        return false;
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java Wed Oct 10 11:51:18 2012
@@ -18,7 +18,6 @@ package org.apache.jackrabbit.oak.securi
 
 import java.io.IOException;
 import java.security.Principal;
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
@@ -35,6 +34,7 @@ import javax.security.auth.callback.Unsu
 import javax.security.auth.login.LoginException;
 
 import org.apache.jackrabbit.oak.api.AuthInfo;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
 import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
 import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
@@ -111,16 +111,11 @@ public class LoginModuleImpl extends Abs
 
     @Override
     public boolean login() throws LoginException {
-        // TODO
         credentials = getCredentials();
         userID = getUserID();
 
         Authentication authentication = new AuthenticationImpl(userID, getUserProvider(), getPrincipalProvider());
         boolean success = authentication.authenticate(credentials);
-        if (!success) {
-            success = impersonate(authentication);
-        }
-
         if (success) {
             principals = getPrincipals(userID);
 
@@ -157,7 +152,6 @@ public class LoginModuleImpl extends Abs
     }
 
     //------------------------------------------------< AbstractLoginModule >---
-
     @Override
     protected Set<Class> getSupportedCredentials() {
         return SUPPORTED_CREDENTIALS;
@@ -197,19 +191,12 @@ public class LoginModuleImpl extends Abs
     }
 
     private String getAnonymousID() {
-        // TODO
-        return "anonymous";
-    }
-
-    private boolean impersonate(Authentication authentication) {
-        if (credentials instanceof ImpersonationCredentials) {
-            AuthInfo info = ((ImpersonationCredentials) credentials).getImpersonatorInfo();
-            Subject subject = new Subject(true, info.getPrincipals(), Collections.emptySet(), Collections.emptySet());
-            if (authentication.impersonate(subject)) {
-                return true;
-            }
+        SecurityProvider sp = getSecurityProvider();
+        if (sp == null) {
+            return null;
+        } else {
+            return sp.getUserContext().getUserConfig().getAnonymousId();
         }
-        return false;
     }
 
     private AuthInfo createAuthInfo() {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java Wed Oct 10 11:51:18 2012
@@ -19,7 +19,6 @@ package org.apache.jackrabbit.oak.securi
 import java.util.Date;
 import javax.annotation.Nonnull;
 import javax.jcr.Credentials;
-import javax.security.auth.Subject;
 
 import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
 import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
@@ -58,14 +57,6 @@ class TokenAuthentication implements Aut
         return success;
     }
 
-    /**
-     * Always returns {@code false}
-     */
-    @Override
-    public boolean impersonate(Subject subject) {
-        return false;
-    }
-
     //-----------------------------------------------------------< internal >---
     @Nonnull
     TokenInfo getTokenInfo() {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java Wed Oct 10 11:51:18 2012
@@ -29,7 +29,9 @@ import javax.security.auth.login.LoginEx
 
 import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
 import org.apache.jackrabbit.oak.api.AuthInfo;
+import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.security.authentication.AuthInfoImpl;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
 import org.apache.jackrabbit.oak.spi.security.authentication.callback.TokenProviderCallback;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
@@ -38,7 +40,8 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 /**
- * TokenLoginModule... TODO
+ * {@code LoginModule} implementation that is able to handle login request
+ * based on {@link TokenCredentials}.
  */
 public class TokenLoginModule extends AbstractLoginModule {
 
@@ -55,7 +58,6 @@ public class TokenLoginModule extends Ab
     private Set<? extends Principal> principals;
 
     //--------------------------------------------------------< LoginModule >---
-
     @Override
     public boolean login() throws LoginException {
         tokenProvider = getTokenProvider();
@@ -131,7 +133,12 @@ public class TokenLoginModule extends Ab
     //--------------------------------------------------------------------------
     private TokenProvider getTokenProvider() {
         TokenProvider provider = null;
-        if (callbackHandler != null) {
+        SecurityProvider securityProvider = getSecurityProvider();
+        Root root = getRoot();
+        if (root != null && securityProvider != null) {
+            provider = securityProvider.getTokenProvider(root, options);
+        }
+        if (provider == null && callbackHandler != null) {
             try {
                 TokenProviderCallback tcCallback = new TokenProviderCallback();
                 callbackHandler.handle(new Callback[] {tcCallback});

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java Wed Oct 10 11:51:18 2012
@@ -40,6 +40,7 @@ import org.apache.jackrabbit.oak.api.Cor
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
@@ -99,10 +100,13 @@ public class TokenProviderImpl implement
     private final UserProvider userProvider;
     private final long tokenExpiration;
 
+    public TokenProviderImpl(Root root, ConfigurationParameters options, UserContext userContext) {
+        this(root, options.getConfigValue(PARAM_TOKEN_EXPIRATION, Long.valueOf(DEFAULT_TOKEN_EXPIRATION)), userContext);
+    }
+
     public TokenProviderImpl(Root root, long tokenExpiration, UserContext userContext) {
         this.root = root;
         this.tokenExpiration = tokenExpiration;
-
         this.userProvider = userContext.getUserProvider(root);
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java Wed Oct 10 11:51:18 2012
@@ -32,7 +32,7 @@ import org.apache.jackrabbit.oak.spi.sec
 public class AccessControlProviderImpl implements AccessControlProvider {
 
     @Override
-    public AccessControlContext createAccessControlContext(Subject subject) {
+    public AccessControlContext getAccessControlContext(Subject subject) {
         return new AccessControlContextImpl(subject);
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java Wed Oct 10 11:51:18 2012
@@ -44,7 +44,7 @@ public class PermissionValidatorProvider
 
         // FIXME: should use same provider as in ContentRepositoryImpl
         AccessControlContext context = new AccessControlProviderImpl()
-                .createAccessControlContext(subject);
+                .getAccessControlContext(subject);
 
         NodeUtil rootBefore = new NodeUtil(new ReadOnlyTree(before));
         NodeUtil rootAfter = new NodeUtil(new ReadOnlyTree(after));

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java Wed Oct 10 11:51:18 2012
@@ -18,6 +18,7 @@ package org.apache.jackrabbit.oak.securi
 
 import java.util.Collections;
 import java.util.List;
+import javax.annotation.Nonnull;
 import javax.jcr.Session;
 
 import org.apache.jackrabbit.api.security.user.UserManager;
@@ -38,13 +39,19 @@ public class UserContextImpl implements 
 
     // TODO add proper configuration
     public UserContextImpl() {
-        this(new UserConfig("admin"));
+        this(new UserConfig());
     }
 
     public UserContextImpl(UserConfig config) {
         this.config = config;
     }
 
+    @Nonnull
+    @Override
+    public UserConfig getUserConfig() {
+        return config;
+    }
+
     @Override
     public UserProvider getUserProvider(Root root) {
         return new UserProviderImpl(root, config);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java Wed Oct 10 11:51:18 2012
@@ -136,9 +136,10 @@ class UserValidator extends DefaultValid
         return node.hasPrimaryNodeTypeName(NT_REP_USER) || node.hasPrimaryNodeTypeName(NT_REP_GROUP);
     }
 
+    // FIXME: copied from UserProvider#isAdminUser
     private boolean isAdminUser(NodeUtil userNode) {
-        // FIXME: add proper implementation
-        return userNode.hasPrimaryNodeTypeName(NT_REP_USER) && "admin".equals(userNode.getName());
+        String id = (userNode.getString(REP_AUTHORIZABLE_ID, Text.unescapeIllegalJcrChars(userNode.getName())));
+        return userNode.hasPrimaryNodeTypeName(NT_REP_USER) && provider.getConfig().getAdminId().equals(id);
     }
 
     private static void fail(String msg) throws CommitFailedException {

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java?rev=1396552&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java Wed Oct 10 11:51:18 2012
@@ -0,0 +1,83 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security;
+
+import java.util.Collections;
+import java.util.Map;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * ConfigurationParameters... TODO
+ */
+public class ConfigurationParameters {
+
+    /**
+     * logger instance
+     */
+    private static final Logger log = LoggerFactory.getLogger(ConfigurationParameters.class);
+
+    private final Map<String, Object> options;
+
+    public ConfigurationParameters() {
+        this(null);
+    }
+
+    public ConfigurationParameters(Map<String, ?> options) {
+        this.options = (options == null) ? Collections.<String, Object>emptyMap() : Collections.unmodifiableMap(options);
+    }
+
+    public <T> T getConfigValue(String key, T defaultValue) {
+        if (options != null && options.containsKey(key)) {
+            return convert(options.get(key), defaultValue);
+        } else {
+            return defaultValue;
+        }
+    }
+
+    //--------------------------------------------------------< private >---
+    @SuppressWarnings("unchecked")
+    private static <T> T convert(Object configProperty, T defaultValue) {
+        T value;
+        String str = configProperty.toString();
+        Class targetClass = (defaultValue == null) ? configProperty.getClass() : defaultValue.getClass();
+        try {
+            if (targetClass == configProperty.getClass()) {
+                value = (T) configProperty;
+            } else if (targetClass == String.class) {
+                value = (T) str;
+            } else if (targetClass == Integer.class) {
+                value = (T) Integer.valueOf(str);
+            } else if (targetClass == Long.class) {
+                value = (T) Long.valueOf(str);
+            } else if (targetClass == Double.class) {
+                value = (T) Double.valueOf(str);
+            } else if (targetClass == Boolean.class) {
+                value = (T) Boolean.valueOf(str);
+            } else {
+                // unsupported target type
+                log.warn("Unsupported target type {} for value {}", targetClass.getName(), str);
+                throw new IllegalArgumentException("Cannot convert config entry " + str + " to " + targetClass.getName());
+            }
+        } catch (NumberFormatException e) {
+            log.warn("Invalid value {}; cannot be parsed into {}", str, targetClass.getName());
+            value = defaultValue;
+        }
+        return value;
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java Wed Oct 10 11:51:18 2012
@@ -28,12 +28,14 @@ import org.apache.jackrabbit.oak.namepat
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.OpenLoginContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.OpenPrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
 import org.apache.jackrabbit.oak.spi.security.user.UserContext;
 import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.apache.jackrabbit.oak.spi.state.NodeStore;
@@ -57,11 +59,23 @@ public class OpenSecurityProvider implem
 
     @Nonnull
     @Override
+    public TokenProvider getTokenProvider(Root root, ConfigurationParameters options) {
+        throw new UnsupportedOperationException();
+    }
+
+    @Nonnull
+    @Override
     public UserContext getUserContext() {
         // TODO
         return new UserContext() {
             @Nonnull
             @Override
+            public UserConfig getUserConfig() {
+                return new UserConfig();
+            }
+
+            @Nonnull
+            @Override
             public UserProvider getUserProvider(Root root) {
                 throw new UnsupportedOperationException();
             }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java Wed Oct 10 11:51:18 2012
@@ -18,7 +18,9 @@ package org.apache.jackrabbit.oak.spi.se
 
 import javax.annotation.Nonnull;
 
+import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.UserContext;
@@ -36,6 +38,9 @@ public interface SecurityProvider {
     AccessControlProvider getAccessControlProvider();
 
     @Nonnull
+    TokenProvider getTokenProvider(Root root, ConfigurationParameters options);
+
+    @Nonnull
     UserContext getUserContext(); // TODO review naming consistency
 
     @Nonnull

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java Wed Oct 10 11:51:18 2012
@@ -33,12 +33,12 @@ import javax.security.auth.spi.LoginModu
 
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.callback.CredentialsCallback;
 import org.apache.jackrabbit.oak.spi.security.authentication.callback.PrincipalProviderCallback;
 import org.apache.jackrabbit.oak.spi.security.authentication.callback.RepositoryCallback;
 import org.apache.jackrabbit.oak.spi.security.authentication.callback.SecurityProviderCallback;
-import org.apache.jackrabbit.oak.spi.security.principal.OpenPrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
 import org.slf4j.Logger;
@@ -70,6 +70,7 @@ public abstract class AbstractLoginModul
     protected Subject subject;
     protected CallbackHandler callbackHandler;
     protected Map sharedState;
+    protected ConfigurationParameters options;
 
     private SecurityProvider securityProvider;
     private Root root;
@@ -80,6 +81,7 @@ public abstract class AbstractLoginModul
         this.subject = subject;
         this.callbackHandler = callbackHandler;
         this.sharedState = sharedState;
+        this.options = new ConfigurationParameters(options);
     }
 
     @Override
@@ -175,44 +177,40 @@ public abstract class AbstractLoginModul
 
     @CheckForNull
     protected PrincipalProvider getPrincipalProvider() {
-        // TODO: replace fake pp to enable proper principal resolution.
-        return new OpenPrincipalProvider();
-//        PrincipalProvider principalProvider = null;
-//
-//        SecurityProvider sp = getSecurityProvider();
-//        Root r = getRoot();
-//        if (root != null && securityProvider != null) {
-//            principalProvider = securityProvider.getPrincipalConfiguration().getPrincipalProvider(root, NamePathMapper.DEFAULT);
-//        }
-//
-//        if (principalProvider == null && callbackHandler != null) {
-//            try {
-//                PrincipalProviderCallback principalCallBack = new PrincipalProviderCallback();
-//                callbackHandler.handle(new Callback[] {principalCallBack});
-//                principalProvider = principalCallBack.getPrincipalProvider();
-//            } catch (IOException e) {
-//                log.debug(e.getMessage());
-//            } catch (UnsupportedCallbackException e) {
-//                log.debug(e.getMessage());
-//            }
-//        }
-//        return principalProvider;
+        PrincipalProvider principalProvider = null;
+        SecurityProvider sp = getSecurityProvider();
+        Root root = getRoot();
+        if (root != null && sp != null) {
+            principalProvider = sp.getPrincipalConfiguration().getPrincipalProvider(root, NamePathMapper.DEFAULT);
+        }
+
+        if (principalProvider == null && callbackHandler != null) {
+            try {
+                PrincipalProviderCallback principalCallBack = new PrincipalProviderCallback();
+                callbackHandler.handle(new Callback[] {principalCallBack});
+                principalProvider = principalCallBack.getPrincipalProvider();
+            } catch (IOException e) {
+                log.debug(e.getMessage());
+            } catch (UnsupportedCallbackException e) {
+                log.debug(e.getMessage());
+            }
+        }
+        return principalProvider;
     }
 
     @CheckForNull
     protected UserProvider getUserProvider() {
-        return null; // TODO
-//        SecurityProvider sp = getSecurityProvider();
-//        Root r = getRoot();
-//        if (root != null && securityProvider != null) {
-//            return securityProvider.getUserContext().getUserProvider(root);
-//        } else {
-//            return null;
-//        }
+        SecurityProvider sp = getSecurityProvider();
+        Root root = getRoot();
+        if (root != null && sp != null) {
+            return sp.getUserContext().getUserProvider(root);
+        } else {
+            return null;
+        }
     }
 
     @CheckForNull
-    private SecurityProvider getSecurityProvider() {
+    protected SecurityProvider getSecurityProvider() {
         if (securityProvider == null && callbackHandler != null) {
             SecurityProviderCallback scb = new SecurityProviderCallback();
             try {
@@ -228,8 +226,8 @@ public abstract class AbstractLoginModul
     }
 
     @CheckForNull
-    private Root getRoot() {
-        if (root == null) {
+    protected Root getRoot() {
+        if (root == null && callbackHandler != null) {
             RepositoryCallback rcb = new RepositoryCallback();
             try {
                 callbackHandler.handle(new Callback[] {rcb});

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java Wed Oct 10 11:51:18 2012
@@ -17,7 +17,6 @@
 package org.apache.jackrabbit.oak.spi.security.authentication;
 
 import javax.jcr.Credentials;
-import javax.security.auth.Subject;
 
 /**
  * The {@code Authentication} interface defines methods to validate
@@ -46,15 +45,4 @@ public interface Authentication {
      * if the specified credentials are not supported or if validation failed.
      */
     boolean authenticate(Credentials credentials);
-
-    /**
-     * Test if the given subject (i.e. any of the principals it contains) is
-     * allowed to impersonate.
-     *
-     * @param subject The subject that wants to impersonate.
-     * @return true if this {@code Impersonation} allows the specified
-     * set of principals to impersonate.
-     */
-    boolean impersonate(Subject subject);
-
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java Wed Oct 10 11:51:18 2012
@@ -25,9 +25,14 @@ import javax.jcr.Credentials;
 public interface TokenProvider {
 
     /**
+     * Optional configuration parameter to set the token expiration time in ms.
+     */
+    public static final String PARAM_TOKEN_EXPIRATION = "tokenExpiration";
+
+    /**
      * Default expiration time in ms for login tokens is 2 hours.
      */
-    long TOKEN_EXPIRATION = 2 * 3600 * 1000;
+    long DEFAULT_TOKEN_EXPIRATION = 2 * 3600 * 1000;
 
     boolean doCreateToken(Credentials credentials);
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java Wed Oct 10 11:51:18 2012
@@ -26,7 +26,7 @@ import org.apache.jackrabbit.oak.spi.com
  */
 public interface AccessControlProvider {
 
-    public AccessControlContext createAccessControlContext(Subject subject);
+    public AccessControlContext getAccessControlContext(Subject subject);
 
     public List<ValidatorProvider> getValidatorProviders();
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java Wed Oct 10 11:51:18 2012
@@ -24,13 +24,13 @@ import org.apache.jackrabbit.oak.spi.com
 
 /**
  * This class implements an {@link AccessControlProvider} which grants
- * full access to any {@link Subject} passed to {@link #createAccessControlContext(Subject)}.
+ * full access to any {@link Subject} passed to {@link #getAccessControlContext(Subject)}.
  */
 public class OpenAccessControlProvider
         implements AccessControlProvider {
 
     @Override
-    public AccessControlContext createAccessControlContext(Subject subject) {
+    public AccessControlContext getAccessControlContext(Subject subject) {
         return new AccessControlContext() {
             @Override
             public CompiledPermissions getPermissions() {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/OpenPrincipalProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/OpenPrincipalProvider.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/OpenPrincipalProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/OpenPrincipalProvider.java Wed Oct 10 11:51:18 2012
@@ -50,10 +50,6 @@ public class OpenPrincipalProvider imple
         Principal p = getPrincipal(userID);
         principals.add(p);
         principals.addAll(getGroupMembership(p));
-        // TODO: remove again (currently needed because LoginContextProviderImpl uses this dummy principal provider)
-        if ("admin".equals(userID)) {
-            principals.add(AdminPrincipal.INSTANCE);
-        }
         return principals;
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java Wed Oct 10 11:51:18 2012
@@ -21,22 +21,26 @@ import java.util.Map;
 import java.util.Set;
 import javax.annotation.Nonnull;
 
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import static com.google.common.base.Preconditions.checkNotNull;
-
 /**
  * UserConfig provides utilities to retrieve configuration options
  * related to user management. In addition it defines some constants that
  * have been used in Jackrabbit 2.0 default user management implementation.
  */
-public class UserConfig {
+public class UserConfig extends ConfigurationParameters {
 
     private static final Logger log = LoggerFactory.getLogger(UserConfig.class);
 
     /**
+     * Configuration option defining the ID of the administrator user.
+     */
+    public static final String PARAM_ADMIN_ID = "adminId";
+
+    /**
      * Configuration option defining the ID of the anonymous user. The ID
      * might be {@code null} of no anonymous user exists. In this case
      * Session#getUserID() may return {@code null} if it has been obtained
@@ -93,68 +97,28 @@ public class UserConfig {
      */
     public static final String PARAM_PASSWORD_SALT_SIZE = "passwordSaltSize";
 
-    private final String adminId;
-    private final Map<String, Object> options;
     private final Set<AuthorizableAction> actions;
 
-    public UserConfig(String adminId) {
-        this(adminId, null, null);
+    public UserConfig() {
+        this(null, null);
     }
 
-    public UserConfig(String adminId, Map<String, Object> options, Set<AuthorizableAction> actions) {
-        this.adminId = checkNotNull(adminId);
-        this.options = (options == null) ? Collections.<String, Object>emptyMap() : Collections.unmodifiableMap(options);
+    public UserConfig(Map<String, Object> options, Set<AuthorizableAction> actions) {
+        super(options);
         this.actions = (actions == null) ? Collections.<AuthorizableAction>emptySet() : Collections.unmodifiableSet(actions);
     }
 
     @Nonnull
     public String getAdminId() {
-        return adminId;
+        return getConfigValue(PARAM_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID);
     }
 
     public String getAnonymousId() {
-        return getConfigValue(PARAM_ANONYMOUS_ID, null);
-    }
-
-    public <T> T getConfigValue(String key, T defaultValue) {
-        if (options != null && options.containsKey(key)) {
-            return convert(options.get(key), defaultValue);
-        } else {
-            return defaultValue;
-        }
+        return getConfigValue(PARAM_ANONYMOUS_ID, UserConstants.DEFAULT_ANONYMOUS_ID);
     }
 
     @Nonnull
     public AuthorizableAction[] getAuthorizableActions() {
         return actions.toArray(new AuthorizableAction[actions.size()]);
     }
-
-    //--------------------------------------------------------< private >---
-    @SuppressWarnings("unchecked")
-    private static <T> T convert(Object configProperty, T defaultValue) {
-        T value;
-        String str = configProperty.toString();
-        Class targetClass = (defaultValue == null) ? String.class : defaultValue.getClass();
-        try {
-            if (targetClass == String.class) {
-                value = (T) str;
-            } else if (targetClass == Integer.class) {
-                value = (T) Integer.valueOf(str);
-            } else if (targetClass == Long.class) {
-                value = (T) Long.valueOf(str);
-            } else if (targetClass == Double.class) {
-                value = (T) Double.valueOf(str);
-            } else if (targetClass == Boolean.class) {
-                value = (T) Boolean.valueOf(str);
-            } else {
-                // unsupported target type
-                log.warn("Unsupported target type {} for value {}", targetClass.getName(), str);
-                throw new IllegalArgumentException("Cannot convert config entry " + str + " to " + targetClass.getName());
-            }
-        } catch (NumberFormatException e) {
-            log.warn("Invalid value {}; cannot be parsed into {}", str, targetClass.getName());
-            value = defaultValue;
-        }
-        return value;
-    }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java Wed Oct 10 11:51:18 2012
@@ -36,4 +36,7 @@ public interface UserConstants {
     String DEFAULT_USER_PATH = "/rep:security/rep:authorizables/rep:users";
     String DEFAULT_GROUP_PATH = "/rep:security/rep:authorizables/rep:groups";
     int DEFAULT_DEPTH = 2;
+
+    String DEFAULT_ADMIN_ID = "admin";
+    String DEFAULT_ANONYMOUS_ID = "anonymous";
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java Wed Oct 10 11:51:18 2012
@@ -31,6 +31,9 @@ import org.apache.jackrabbit.oak.spi.com
 public interface UserContext {
 
     @Nonnull
+    UserConfig getUserConfig();
+
+    @Nonnull
     UserProvider getUserProvider(Root root);
 
     @Nonnull

Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ConfigurationParametersTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ConfigurationParametersTest.java?rev=1396552&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ConfigurationParametersTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ConfigurationParametersTest.java Wed Oct 10 11:51:18 2012
@@ -0,0 +1,112 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.user;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertNotNull;
+import static junit.framework.Assert.assertNull;
+
+/**
+ * ConfigurationParametersTest...
+ */
+public class ConfigurationParametersTest {
+
+    @Before
+    public void setup() {}
+
+    @After
+    public void tearDown() {}
+
+    @Test
+    public void testDefaultValue() {
+        TestObject testObject = new TestObject("t");
+        Integer int1000 = new Integer(1000);
+
+        ConfigurationParameters options = new ConfigurationParameters();
+
+        assertNull(options.getConfigValue("some", null));
+        assertEquals(testObject, options.getConfigValue("some", testObject));
+        assertEquals(int1000, options.getConfigValue("some", int1000));
+    }
+
+    @Test
+    public void testConversion() {
+        TestObject testObject = new TestObject("t");
+        Integer int1000 = new Integer(1000);
+
+        Map<String,Object> m = new HashMap<String, Object>();
+        m.put("TEST", testObject);
+        m.put("String", "1000");
+        m.put("Int2", new Integer(1000));
+        m.put("Int3", 1000);
+
+
+        ConfigurationParameters options = new ConfigurationParameters(m);
+
+        assertNotNull(options.getConfigValue("TEST", null));
+        assertEquals(testObject, options.getConfigValue("TEST", null));
+        assertEquals(testObject, options.getConfigValue("TEST", testObject));
+        assertEquals("t", options.getConfigValue("TEST", "defaultString"));
+
+        assertEquals("1000", options.getConfigValue("String", null));
+        assertEquals(int1000, options.getConfigValue("String", new Integer(10)));
+        assertEquals(new Long(1000), options.getConfigValue("String", new Long(10)));
+        assertEquals("1000", options.getConfigValue("String", "10"));
+
+        assertEquals(int1000, options.getConfigValue("Int2", null));
+        assertEquals(int1000, options.getConfigValue("Int2", new Integer(10)));
+        assertEquals("1000", options.getConfigValue("Int2", "1000"));
+
+        assertEquals(1000, options.getConfigValue("Int3", null));
+        assertEquals(int1000, options.getConfigValue("Int3", null));
+        assertEquals(int1000, options.getConfigValue("Int3", new Integer(10)));
+        assertEquals("1000", options.getConfigValue("Int3", "1000"));
+    }
+
+
+
+    private class TestObject {
+
+        private final String name;
+
+        private TestObject(String name) {
+            this.name = name;
+        }
+
+        public String toString() {
+            return name;
+        }
+
+        public boolean equals(Object object) {
+            if (object == this) {
+                return true;
+            }
+            if (object instanceof TestObject) {
+                return name.equals(((TestObject) object).name);
+            }
+            return false;
+        }
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java Wed Oct 10 11:51:18 2012
@@ -76,7 +76,7 @@ public class UserProviderImplTest extend
         contentSession = createAdminSession();
         root = contentSession.getLatestRoot();
 
-        defaultConfig = new UserConfig("admin");
+        defaultConfig = new UserConfig();
         defaultUserPath = defaultConfig.getConfigValue(UserConfig.PARAM_USER_PATH, UserConstants.DEFAULT_USER_PATH);
         defaultGroupPath = defaultConfig.getConfigValue(UserConfig.PARAM_GROUP_PATH, UserConstants.DEFAULT_GROUP_PATH);
 
@@ -113,7 +113,7 @@ public class UserProviderImplTest extend
     private UserProvider createUserProvider(int defaultDepth) {
         Map<String, Object> options = new HashMap<String, Object>(customOptions);
         options.put(UserConfig.PARAM_DEFAULT_DEPTH, defaultDepth);
-        return new UserProviderImpl(root, new UserConfig("admin", options, Collections.<AuthorizableAction>emptySet()));
+        return new UserProviderImpl(root, new UserConfig(options, Collections.<AuthorizableAction>emptySet()));
     }
 
     @Test



Mime
View raw message