jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1402535 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak: security/user/ spi/security/user/action/
Date Fri, 26 Oct 2012 14:47:56 GMT
Author: angela
Date: Fri Oct 26 14:47:56 2012
New Revision: 1402535

URL: http://svn.apache.org/viewvc?rev=1402535&view=rev
Log:
OAK-50 : Implement User Management (WIP)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/JcrAuthorizableProperties.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/JcrAuthorizableProperties.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/JcrAuthorizableProperties.java?rev=1402535&r1=1402534&r2=1402535&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/JcrAuthorizableProperties.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/JcrAuthorizableProperties.java
Fri Oct 26 14:47:56 2012
@@ -25,6 +25,7 @@ import javax.jcr.Property;
 import javax.jcr.PropertyIterator;
 import javax.jcr.RepositoryException;
 import javax.jcr.Value;
+import javax.jcr.nodetype.ConstraintViolationException;
 import javax.jcr.nodetype.NodeType;
 import javax.jcr.nodetype.PropertyDefinition;
 
@@ -152,6 +153,8 @@ class JcrAuthorizableProperties implemen
             if (isAuthorizableProperty(p, true)) {
                 p.remove();
                 return true;
+            } else {
+                throw new ConstraintViolationException("Property " + relPath + " isn't a
modifiable authorizable property");
             }
         }
         // no such property or wasn't a property of this authorizable.

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?rev=1402535&r1=1402534&r2=1402535&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
Fri Oct 26 14:47:56 2012
@@ -239,11 +239,7 @@ public class UserManagerImpl implements 
      */
     void onCreate(User user, String password) throws RepositoryException {
         for (AuthorizableAction action : authorizableActions) {
-            if (session != null) {
-                action.onCreate(user, password, session);
-            } else {
-                action.onCreate(user, password, root);
-            }
+            action.onCreate(user, password, root);
         }
     }
 
@@ -257,11 +253,7 @@ public class UserManagerImpl implements 
      */
     void onCreate(Group group) throws RepositoryException {
         for (AuthorizableAction action : authorizableActions) {
-            if (session != null) {
-                action.onCreate(group, session);
-            } else {
-                action.onCreate(group, root);
-            }
+            action.onCreate(group, root);
         }
     }
 
@@ -275,11 +267,7 @@ public class UserManagerImpl implements 
      */
     void onRemove(Authorizable authorizable) throws RepositoryException {
         for (AuthorizableAction action : authorizableActions) {
-            if (session != null) {
-                action.onRemove(authorizable, session);
-            } else {
-                action.onRemove(authorizable, root);
-            }
+            action.onRemove(authorizable, root);
         }
     }
 
@@ -294,11 +282,7 @@ public class UserManagerImpl implements 
      */
     void onPasswordChange(User user, String password) throws RepositoryException {
         for (AuthorizableAction action : authorizableActions) {
-            if (session != null) {
-                action.onPasswordChange(user, password, session);
-            } else {
-                action.onPasswordChange(user, password, root);
-            }
+            action.onPasswordChange(user, password, root);
         }
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java?rev=1402535&r1=1402534&r2=1402535&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java
Fri Oct 26 14:47:56 2012
@@ -17,7 +17,6 @@
 package org.apache.jackrabbit.oak.spi.security.user.action;
 
 import javax.jcr.RepositoryException;
-import javax.jcr.Session;
 
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.Group;
@@ -34,17 +33,6 @@ public abstract class AbstractAuthorizab
     /**
      * Doesn't perform any action.
      *
-     * @see AuthorizableAction#onCreate(org.apache.jackrabbit.api.security.user.Group, javax.jcr.Session)
-     */
-    @Override
-    public void onCreate(Group group, Session session) throws RepositoryException {
-        // nothing to do
-
-    }
-
-    /**
-     * Doesn't perform any action.
-     *
      * @see AuthorizableAction#onCreate(org.apache.jackrabbit.api.security.user.Group, Root)
      */
     @Override
@@ -55,16 +43,6 @@ public abstract class AbstractAuthorizab
     /**
      * Doesn't perform any action.
      *
-     * @see AuthorizableAction#onCreate(org.apache.jackrabbit.api.security.user.User, String,
javax.jcr.Session)
-     */
-    @Override
-    public void onCreate(User user, String password, Session session) throws RepositoryException
{
-        // nothing to do
-    }
-
-    /**
-     * Doesn't perform any action.
-     *
      * @see AuthorizableAction#onCreate(org.apache.jackrabbit.api.security.user.User, String,
Root)
      */
     @Override
@@ -75,16 +53,6 @@ public abstract class AbstractAuthorizab
     /**
      * Doesn't perform any action.
      *
-     * @see AuthorizableAction#onRemove(org.apache.jackrabbit.api.security.user.Authorizable,
javax.jcr.Session)
-     */
-    @Override
-    public void onRemove(Authorizable authorizable, Session session) throws RepositoryException
{
-        // nothing to do
-    }
-
-    /**
-     * Doesn't perform any action.
-     *
      * @see AuthorizableAction#onRemove(org.apache.jackrabbit.api.security.user.Authorizable,
Root)
      */
     @Override
@@ -95,20 +63,10 @@ public abstract class AbstractAuthorizab
     /**
      * Doesn't perform any action.
      *
-     * @see AuthorizableAction#onPasswordChange(org.apache.jackrabbit.api.security.user.User,
String, javax.jcr.Session)
-     */
-    @Override
-    public void onPasswordChange(User user, String newPassword, Session session) throws RepositoryException
{
-        // nothing to do
-    }
-
-    /**
-     * Doesn't perform any action.
-     *
      * @see AuthorizableAction#onPasswordChange(org.apache.jackrabbit.api.security.user.User,
String, Root)
      */
     @Override
     public void onPasswordChange(User user, String newPassword, Root root) throws RepositoryException
{
         // nothing to do
     }
-}
\ No newline at end of file
+}

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java?rev=1402535&r1=1402534&r2=1402535&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
Fri Oct 26 14:47:56 2012
@@ -16,18 +16,12 @@
  */
 package org.apache.jackrabbit.oak.spi.security.user.action;
 
-import java.security.Principal;
 import java.util.ArrayList;
 import java.util.List;
-import javax.jcr.Node;
 import javax.jcr.RepositoryException;
-import javax.jcr.Session;
 import javax.jcr.security.AccessControlManager;
-import javax.jcr.security.AccessControlPolicy;
-import javax.jcr.security.AccessControlPolicyIterator;
 import javax.jcr.security.Privilege;
 
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.api.security.user.User;
@@ -103,22 +97,6 @@ public class AccessControlAction extends
     private String[] userPrivilegeNames = new String[0];
 
     //-------------------------------------------------< AuthorizableAction >---
-    /**
-     * @see AuthorizableAction#onCreate(org.apache.jackrabbit.api.security.user.Group, javax.jcr.Session)
-     */
-    @Override
-    public void onCreate(Group group, Session session) throws RepositoryException {
-        setAC(group, session);
-    }
-
-    /**
-     * @see AuthorizableAction#onCreate(org.apache.jackrabbit.api.security.user.User, String,
javax.jcr.Session)
-     */
-    @Override
-    public void onCreate(User user, String password, Session session) throws RepositoryException
{
-        setAC(user, session);
-    }
-
     @Override
     public void onCreate(Group group, Root root) throws RepositoryException {
         setAC(group, root);
@@ -154,46 +132,45 @@ public class AccessControlAction extends
     }
 
     //------------------------------------------------------------< private >---
-    private void setAC(Authorizable authorizable, Session session) throws RepositoryException
{
-        Node aNode;
-        String path = authorizable.getPath();
-
-        JackrabbitAccessControlList acl = null;
-        AccessControlManager acMgr = session.getAccessControlManager();
-        for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path); it.hasNext();)
{
-            AccessControlPolicy plc = it.nextAccessControlPolicy();
-            if (plc instanceof JackrabbitAccessControlList) {
-                acl = (JackrabbitAccessControlList) plc;
-                break;
-            }
-        }
-
-        if (acl == null) {
-            log.warn("Cannot process AccessControlAction: no applicable ACL at " + path);
-        } else {
-            // setup acl according to configuration.
-            Principal principal = authorizable.getPrincipal();
-            boolean modified = false;
-            if (authorizable.isGroup()) {
-                // new authorizable is a Group
-                if (groupPrivilegeNames.length > 0) {
-                    modified = acl.addAccessControlEntry(principal, getPrivileges(groupPrivilegeNames,
acMgr));
-                }
-            } else {
-                // new authorizable is a User
-                if (userPrivilegeNames.length > 0) {
-                    modified = acl.addAccessControlEntry(principal, getPrivileges(userPrivilegeNames,
acMgr));
-                }
-            }
-            if (modified) {
-                acMgr.setPolicy(path, acl);
-            }
-        }
-    }
 
     private void setAC(Authorizable authorizable, Root root) throws RepositoryException {
         // TODO: add implementation
         log.error("Not yet implemented");
+
+//        Node aNode;
+//        String path = authorizable.getPath();
+//
+//        JackrabbitAccessControlList acl = null;
+//        AccessControlManager acMgr = session.getAccessControlManager();
+//        for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path); it.hasNext();)
{
+//            AccessControlPolicy plc = it.nextAccessControlPolicy();
+//            if (plc instanceof JackrabbitAccessControlList) {
+//                acl = (JackrabbitAccessControlList) plc;
+//                break;
+//            }
+//        }
+//
+//        if (acl == null) {
+//            log.warn("Cannot process AccessControlAction: no applicable ACL at " + path);
+//        } else {
+//            // setup acl according to configuration.
+//            Principal principal = authorizable.getPrincipal();
+//            boolean modified = false;
+//            if (authorizable.isGroup()) {
+//                // new authorizable is a Group
+//                if (groupPrivilegeNames.length > 0) {
+//                    modified = acl.addAccessControlEntry(principal, getPrivileges(groupPrivilegeNames,
acMgr));
+//                }
+//            } else {
+//                // new authorizable is a User
+//                if (userPrivilegeNames.length > 0) {
+//                    modified = acl.addAccessControlEntry(principal, getPrivileges(userPrivilegeNames,
acMgr));
+//                }
+//            }
+//            if (modified) {
+//                acMgr.setPolicy(path, acl);
+//            }
+//        }
     }
 
     /**

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java?rev=1402535&r1=1402534&r2=1402535&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java
Fri Oct 26 14:47:56 2012
@@ -17,7 +17,6 @@
 package org.apache.jackrabbit.oak.spi.security.user.action;
 
 import javax.jcr.RepositoryException;
-import javax.jcr.Session;
 
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.Group;
@@ -43,26 +42,13 @@ import org.apache.jackrabbit.oak.api.Roo
  */
 public interface AuthorizableAction {
 
-    // TODO: review (rather split into OAK and JCR level interface?)
-    /**
-     * Allows to add application specific modifications or validation associated
-     * with the creation of a new group. Note, that this method is called
-     * <strong>before</strong> any {@code Session#save} call.
-     *
-     * @param group The new group that has not yet been persisted;
-     * e.g. the associated node is still 'NEW'.
-     * @param session The editing session associated with the user manager.
-     * @throws javax.jcr.RepositoryException If an error occurs.
-     */
-    void onCreate(Group group, Session session) throws RepositoryException;
-
     /**
      * Allows to add application specific modifications or validation associated
      * with the creation of a new group. Note, that this method is called
      * <strong>before</strong> any {@code Root#commit()} call.
      *
      * @param group The new group that has not yet been persisted;
-     * e.g. the associated node is still 'NEW'.
+     * e.g. the associated tree is still 'NEW'.
      * @param root The root associated with the user manager.
      * @throws javax.jcr.RepositoryException If an error occurs.
      */
@@ -71,23 +57,10 @@ public interface AuthorizableAction {
     /**
      * Allows to add application specific modifications or validation associated
      * with the creation of a new user. Note, that this method is called
-     * <strong>before</strong> any {@code Session#save} call.
-     *
-     * @param user The new user that has not yet been persisted;
-     * e.g. the associated node is still 'NEW'.
-     * @param password The password that was specified upon user creation.
-     * @param session The editing session associated with the user manager.
-     * @throws RepositoryException If an error occurs.
-     */
-    void onCreate(User user, String password, Session session) throws RepositoryException;
-
-    /**
-     * Allows to add application specific modifications or validation associated
-     * with the creation of a new user. Note, that this method is called
      * <strong>before</strong> any {@code Root#commit()} call.
      *
      * @param user The new user that has not yet been persisted;
-     * e.g. the associated node is still 'NEW'.
+     * e.g. the associated tree is still 'NEW'.
      * @param password The password that was specified upon user creation.
      * @param root The root associated with the user manager.
      * @throws RepositoryException If an error occurs.
@@ -101,18 +74,6 @@ public interface AuthorizableAction {
      * target authorizable still exists.
      *
      * @param authorizable The authorizable to be removed.
-     * @param session The editing session associated with the user manager.
-     * @throws RepositoryException If an error occurs.
-     */
-    void onRemove(Authorizable authorizable, Session session) throws RepositoryException;
-
-    /**
-     * Allows to add application specific behavior associated with the removal
-     * of an authorizable. Note, that this method is called <strong>before</strong>
-     * {@link org.apache.jackrabbit.api.security.user.Authorizable#remove} is executed (and
persisted); thus the
-     * target authorizable still exists.
-     *
-     * @param authorizable The authorizable to be removed.
      * @param root The root associated with the user manager.
      * @throws RepositoryException If an error occurs.
      */
@@ -125,18 +86,6 @@ public interface AuthorizableAction {
      *
      * @param user The user that whose password is going to change.
      * @param newPassword The new password as specified in {@link User#changePassword}
-     * @param session The editing session associated with the user manager.
-     * @throws RepositoryException If an exception or error occurs.
-     */
-    void onPasswordChange(User user, String newPassword, Session session) throws RepositoryException;
-
-    /**
-     * Allows to add application specific action or validation associated with
-     * changing a user password. Note, that this method is called <strong>before</strong>
-     * the password property is being modified in the content.
-     *
-     * @param user The user that whose password is going to change.
-     * @param newPassword The new password as specified in {@link User#changePassword}
      * @param root The root associated with the user manager.
      * @throws RepositoryException If an exception or error occurs.
      */

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java?rev=1402535&r1=1402534&r2=1402535&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java
Fri Oct 26 14:47:56 2012
@@ -18,7 +18,6 @@ package org.apache.jackrabbit.oak.spi.se
 
 import java.util.Iterator;
 import javax.jcr.RepositoryException;
-import javax.jcr.Session;
 
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.Group;
@@ -26,21 +25,13 @@ import org.apache.jackrabbit.oak.api.Roo
 
 /**
  * Authorizable action attempting to clear all group membership before removing
- * the specified authorizable. If {@link Group#removeMember(org.apache.jackrabbit.api.security.user.Authorizable)}
- * fails due to lack of permissions {@link #onRemove(org.apache.jackrabbit.api.security.user.Authorizable,
javax.jcr.Session)}
+ * the specified authorizable. If {@link Group#removeMember(Authorizable)}
+ * fails due to lack of permissions {@link #onRemove(Authorizable, Root)}
  * throws an exception and removing the specified authorizable will be aborted.
  */
 public class ClearMembershipAction extends AbstractAuthorizableAction {
 
     //-------------------------------------------------< AuthorizableAction >---
-    /**
-     * @see AuthorizableAction#onRemove(org.apache.jackrabbit.api.security.user.Authorizable,
javax.jcr.Session)
-     */
-    @Override
-    public void onRemove(Authorizable authorizable, Session session) throws RepositoryException
{
-        clearMembership(authorizable);
-    }
-
     @Override
     public void onRemove(Authorizable authorizable, Root root) throws RepositoryException
{
         clearMembership(authorizable);
@@ -53,4 +44,4 @@ public class ClearMembershipAction exten
             membership.next().removeMember(authorizable);
         }
     }
-}
\ No newline at end of file
+}

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java?rev=1402535&r1=1402534&r2=1402535&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java
Fri Oct 26 14:47:56 2012
@@ -19,7 +19,6 @@ package org.apache.jackrabbit.oak.spi.se
 import java.util.regex.Pattern;
 import java.util.regex.PatternSyntaxException;
 import javax.jcr.RepositoryException;
-import javax.jcr.Session;
 import javax.jcr.nodetype.ConstraintViolationException;
 
 import org.apache.jackrabbit.api.security.user.User;
@@ -56,21 +55,11 @@ public class PasswordValidationAction ex
 
     //-------------------------------------------------< AuthorizableAction >---
     @Override
-    public void onCreate(User user, String password, Session session) throws RepositoryException
{
-        validatePassword(password, false);
-    }
-
-    @Override
     public void onCreate(User user, String password, Root root) throws RepositoryException
{
         validatePassword(password, false);
     }
 
     @Override
-    public void onPasswordChange(User user, String newPassword, Session session) throws RepositoryException
{
-        validatePassword(newPassword, true);
-    }
-
-    @Override
     public void onPasswordChange(User user, String newPassword, Root root) throws RepositoryException
{
         validatePassword(newPassword, true);
     }



Mime
View raw message