From oak-commits-return-1755-apmail-jackrabbit-oak-commits-archive=jackrabbit.apache.org@jackrabbit.apache.org Tue Oct 2 16:22:05 2012 Return-Path: X-Original-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Delivered-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 31E529329 for ; Tue, 2 Oct 2012 16:22:05 +0000 (UTC) Received: (qmail 17501 invoked by uid 500); 2 Oct 2012 16:22:05 -0000 Delivered-To: apmail-jackrabbit-oak-commits-archive@jackrabbit.apache.org Received: (qmail 17482 invoked by uid 500); 2 Oct 2012 16:22:05 -0000 Mailing-List: contact oak-commits-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: oak-dev@jackrabbit.apache.org Delivered-To: mailing list oak-commits@jackrabbit.apache.org Received: (qmail 17474 invoked by uid 99); 2 Oct 2012 16:22:05 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Oct 2012 16:22:05 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 Oct 2012 16:22:00 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 45A9623888CD; Tue, 2 Oct 2012 16:21:17 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1393009 [1/2] - in /jackrabbit/oak/trunk: oak-bench/base/src/main/java/org/apache/jackrabbit/oak/performance/ oak-core/ oak-core/src/main/java/org/apache/jackrabbit/oak/ oak-core/src/main/java/org/apache/jackrabbit/oak/core/ oak-core/src/m... Date: Tue, 02 Oct 2012 16:21:14 -0000 To: oak-commits@jackrabbit.apache.org From: angela@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20121002162117.45A9623888CD@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: angela Date: Tue Oct 2 16:21:12 2012 New Revision: 1393009 URL: http://svn.apache.org/viewvc?rev=1393009&view=rev Log: OAK-50 : Implement User Management (WIP) - move implementation of jackrabbit-api to user-plugin code - remove hardcoded uservalidator from RepositoryImpl - change UserContext#getUserValidatorProvider to return list - adjust SessionDelegate such that user-mgt implementation is created from UserContext which itself is part of the SecurityProvider -> Oak.with(SecurityProvider) OAK-51 : Implement JCR Access Control Management - rename AccessControlContextProvider to AccessControlProvider - add method to retrieve implementation specific validation providers associated with that implementation - replace Oak.with(AccessControlContextProvider) by with(SecurityProvider) in order to assert that the various security related components are managed and maintained together OAK-91 : Implement Authentication Support - replace Oak.with(LoginContextProvider) by with(SecurityProvider) in order to assert that the various security related components are managed and maintained together Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlObserver.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java (contents, props changed) - copied, changed from r1392909, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextProviderImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java (contents, props changed) - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java (contents, props changed) - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java (contents, props changed) - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java (contents, props changed) - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java (contents, props changed) - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/Condition.java - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/Condition.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ConditionVisitor.java - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ConditionVisitor.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/RelationOp.java - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/RelationOp.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ResultIterator.java - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ResultIterator.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryBuilder.java - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryBuilder.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryEvaluator.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java (contents, props changed) - copied, changed from r1392909, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContextProvider.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java (contents, props changed) - copied, changed from r1392909, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlContextProvider.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalIteratorAdapter.java (contents, props changed) - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalIteratorAdapter.java jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableTest.java - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImplTest.java jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImplTest.java jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationTest.java - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImplTest.java jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerTest.java - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImplTest.java jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserTest.java - copied, changed from r1392769, jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImplTest.java Removed: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextProviderImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContextProvider.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlContextProvider.java jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalIteratorAdapter.java jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/Condition.java jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ConditionVisitor.java jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/RelationOp.java jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ResultIterator.java jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryBuilder.java jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryEvaluator.java jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImplTest.java jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImplTest.java jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImplTest.java jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImplTest.java jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImplTest.java Modified: jackrabbit/oak/trunk/oak-bench/base/src/main/java/org/apache/jackrabbit/oak/performance/AbstractPerformanceTest.java jackrabbit/oak/trunk/oak-core/pom.xml jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ReadOnlyTree.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/AdminPrincipal.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractCoreTest.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/RepositoryImpl.java jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/osgi/OsgiRepository.java jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerImpl.java jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/AbstractUserTest.java jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/run/Main.java Modified: jackrabbit/oak/trunk/oak-bench/base/src/main/java/org/apache/jackrabbit/oak/performance/AbstractPerformanceTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-bench/base/src/main/java/org/apache/jackrabbit/oak/performance/AbstractPerformanceTest.java?rev=1393009&r1=1393008&r2=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-bench/base/src/main/java/org/apache/jackrabbit/oak/performance/AbstractPerformanceTest.java (original) +++ jackrabbit/oak/trunk/oak-bench/base/src/main/java/org/apache/jackrabbit/oak/performance/AbstractPerformanceTest.java Tue Oct 2 16:21:12 2012 @@ -178,7 +178,7 @@ public abstract class AbstractPerformanc mk = new IndexWrapper(mk); ContentRepository contentRepository = new Oak(mk).createContentRepository(); - return new RepositoryImpl(contentRepository, null); + return new RepositoryImpl(contentRepository, null, null); } Modified: jackrabbit/oak/trunk/oak-core/pom.xml URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/pom.xml?rev=1393009&r1=1393008&r2=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/pom.xml (original) +++ jackrabbit/oak/trunk/oak-core/pom.xml Tue Oct 2 16:21:12 2012 @@ -44,7 +44,7 @@ org.apache.jackrabbit.oak.core, org.apache.jackrabbit.oak.util, org.apache.jackrabbit.oak.namepath, - org.apache.jackrabbit.oak.value, + org.apache.jackrabbit.oak.value, org.apache.jackrabbit.oak.plugins.identifier, org.apache.jackrabbit.oak.plugins.name, org.apache.jackrabbit.oak.plugins.type, @@ -53,6 +53,7 @@ org.apache.jackrabbit.oak.spi.query, org.apache.jackrabbit.oak.spi.commit, org.apache.jackrabbit.oak.spi.state, + org.apache.jackrabbit.oak.spi.security, org.apache.jackrabbit.oak.spi.security.authentication, org.apache.jackrabbit.oak.spi.security.principal, org.apache.jackrabbit.oak.spi.security.privilege, Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java?rev=1393009&r1=1393008&r2=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java Tue Oct 2 16:21:12 2012 @@ -17,9 +17,9 @@ package org.apache.jackrabbit.oak; import java.util.List; - import javax.annotation.Nonnull; +import com.google.common.collect.Lists; import org.apache.jackrabbit.mk.api.MicroKernel; import org.apache.jackrabbit.mk.core.MicroKernelImpl; import org.apache.jackrabbit.oak.api.ContentRepository; @@ -34,13 +34,12 @@ import org.apache.jackrabbit.oak.spi.com import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider; import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider; +import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider; -import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContextProvider; +import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider; import org.apache.jackrabbit.oak.spi.state.NodeState; import org.apache.jackrabbit.oak.spi.state.NodeStore; -import com.google.common.collect.Lists; - /** * Builder class for constructing {@link ContentRepository} instances with * a set of specified plugin components. This class acts as a public facade @@ -61,9 +60,11 @@ public class Oak { private final List validatorProviders = Lists.newArrayList(); + private SecurityProvider securityProvider; + private LoginContextProvider loginContextProvider; - private AccessControlContextProvider accProvider; + private AccessControlProvider accProvider; public Oak(MicroKernel kernel) { this.kernel = kernel; @@ -145,29 +146,14 @@ public class Oak { }); } - /** - * Associates the given login context provider with the repository to be - * created. - * - * @param loginContextProvider a login context provider. - * @return this builder. - */ @Nonnull - public Oak with(@Nonnull LoginContextProvider loginContextProvider) { - this.loginContextProvider = loginContextProvider; - return this; - } + public Oak with(@Nonnull SecurityProvider securityProvider) { + this.securityProvider = securityProvider; - /** - * Associates the given access control context provider with the repository - * to be created. - * - * @param accProvider an access control context provider. - * @return this builder. - */ - @Nonnull - public Oak with(@Nonnull AccessControlContextProvider accProvider) { - this.accProvider = accProvider; + if (securityProvider != null) { + this.validatorProviders.addAll(securityProvider.getAccessControlProvider().getValidatorProviders()); + this.validatorProviders.addAll(securityProvider.getUserContext().getValidatorProviders()); + } return this; } @@ -176,7 +162,7 @@ public class Oak { kernel, CompositeQueryIndexProvider.compose(queryIndexProviders), createCommitHook(), - loginContextProvider, accProvider); + securityProvider); } private CommitHook createCommitHook() { Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java?rev=1393009&r1=1393008&r2=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java Tue Oct 2 16:21:12 2012 @@ -28,8 +28,9 @@ import org.apache.jackrabbit.oak.api.Con import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.kernel.KernelNodeStore; import org.apache.jackrabbit.oak.plugins.commit.AnnotatingConflictHandlerProvider; +import org.apache.jackrabbit.oak.security.SecurityProviderImpl; import org.apache.jackrabbit.oak.security.authentication.LoginContextProviderImpl; -import org.apache.jackrabbit.oak.security.authorization.AccessControlContextProviderImpl; +import org.apache.jackrabbit.oak.security.authorization.AccessControlProviderImpl; import org.apache.jackrabbit.oak.spi.commit.CommitHook; import org.apache.jackrabbit.oak.spi.commit.CompositeHook; import org.apache.jackrabbit.oak.spi.commit.ConflictHandlerProvider; @@ -38,8 +39,9 @@ import org.apache.jackrabbit.oak.spi.com import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider; import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider; +import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider; -import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContextProvider; +import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -59,7 +61,7 @@ public class ContentRepositoryImpl imple new AnnotatingConflictHandlerProvider(); private final LoginContextProvider loginContextProvider; - private final AccessControlContextProvider accProvider; + private final AccessControlProvider accProvider; private final QueryIndexProvider indexProvider; private final KernelNodeStore nodeStore; @@ -73,7 +75,7 @@ public class ContentRepositoryImpl imple } public ContentRepositoryImpl(CommitHook hook) { - this(new MicroKernelImpl(), new LoginContextProviderImpl(), + this(new MicroKernelImpl(), new SecurityProviderImpl(), new CompositeQueryIndexProvider(), hook); } @@ -93,7 +95,7 @@ public class ContentRepositoryImpl imple public ContentRepositoryImpl( MicroKernel microKernel, QueryIndexProvider indexProvider, ValidatorProvider validatorProvider) { - this(microKernel, new LoginContextProviderImpl(), indexProvider, + this(microKernel, new SecurityProviderImpl(), indexProvider, new ValidatingHook(validatorProvider != null ? validatorProvider : DefaultValidatorProvider.INSTANCE)); } @@ -108,14 +110,14 @@ public class ContentRepositoryImpl imple * initialized components. * * @param microKernel underlying kernel instance - * @param loginContextProvider login context provider + * @param securityProvider security provider * @param indexProvider index provider * @param commitHook the commit hook */ public ContentRepositoryImpl( - MicroKernel microKernel, LoginContextProvider loginContextProvider, + MicroKernel microKernel, SecurityProvider securityProvider, QueryIndexProvider indexProvider, CommitHook commitHook) { - this(microKernel, indexProvider, commitHook, loginContextProvider, null); + this(microKernel, indexProvider, commitHook, securityProvider); } /** @@ -125,17 +127,13 @@ public class ContentRepositoryImpl imple * @param microKernel underlying kernel instance * @param indexProvider index provider * @param commitHook the commit hook - * @param lcProvider the login context provider or null if a - * default implementation should be used. - * @param accProvider the access control context provider or - * null if a default implementation should - * be used. + * @param securityProvider The configured security provider or {@code null} if + * default implementations should be used. */ public ContentRepositoryImpl(MicroKernel microKernel, QueryIndexProvider indexProvider, CommitHook commitHook, - LoginContextProvider lcProvider, - AccessControlContextProvider accProvider) { + SecurityProvider securityProvider) { nodeStore = new KernelNodeStore(microKernel); nodeStore.setHook(commitHook); @@ -143,17 +141,13 @@ public class ContentRepositoryImpl imple this.indexProvider = indexProvider != null ? indexProvider : new CompositeQueryIndexProvider(); - if (lcProvider != null) { - this.loginContextProvider = lcProvider; + if (securityProvider != null) { + this.loginContextProvider = securityProvider.getLoginContextProvider(); + this.accProvider = securityProvider.getAccessControlProvider(); } else { // use default implementation this.loginContextProvider = new LoginContextProviderImpl(); - } - if (accProvider != null) { - this.accProvider = accProvider; - } else { - // use default implementation - this.accProvider = new AccessControlContextProviderImpl(); + this.accProvider = new AccessControlProviderImpl(); } } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java?rev=1393009&r1=1393008&r2=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java Tue Oct 2 16:21:12 2012 @@ -29,7 +29,7 @@ import org.apache.jackrabbit.oak.api.Cor import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.spi.commit.ConflictHandlerProvider; import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider; -import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContextProvider; +import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider; import org.apache.jackrabbit.oak.spi.state.NodeStore; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -42,14 +42,14 @@ class ContentSessionImpl implements Cont private static final Logger log = LoggerFactory.getLogger(ContentSessionImpl.class); private final LoginContext loginContext; - private final AccessControlContextProvider accProvider; + private final AccessControlProvider accProvider; private final String workspaceName; private final NodeStore store; private final ConflictHandlerProvider conflictHandlerProvider; private final QueryIndexProvider indexProvider; public ContentSessionImpl(LoginContext loginContext, - AccessControlContextProvider accProvider, String workspaceName, + AccessControlProvider accProvider, String workspaceName, NodeStore store, ConflictHandlerProvider conflictHandlerProvider, QueryIndexProvider indexProvider) { this.loginContext = loginContext; Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ReadOnlyTree.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ReadOnlyTree.java?rev=1393009&r1=1393008&r2=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ReadOnlyTree.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ReadOnlyTree.java Tue Oct 2 16:21:12 2012 @@ -133,6 +133,7 @@ public class ReadOnlyTree implements Tre @Override public TreeLocation getLocation() { + // TODO: add implementation throw new UnsupportedOperationException(); } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java?rev=1393009&r1=1393008&r2=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java Tue Oct 2 16:21:12 2012 @@ -35,7 +35,7 @@ import org.apache.jackrabbit.oak.plugins import org.apache.jackrabbit.oak.query.SessionQueryEngineImpl; import org.apache.jackrabbit.oak.spi.commit.ConflictHandler; import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider; -import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContextProvider; +import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider; import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions; import org.apache.jackrabbit.oak.spi.state.NodeBuilder; import org.apache.jackrabbit.oak.spi.state.NodeState; @@ -66,7 +66,7 @@ public class RootImpl implements Root { /** * The access control context provider. */ - private final AccessControlContextProvider accProvider; + private final AccessControlProvider accProvider; /** Current branch this root operates on */ private NodeStoreBranch branch; @@ -116,7 +116,7 @@ public class RootImpl implements Root { public RootImpl(NodeStore store, String workspaceName, Subject subject, - AccessControlContextProvider accProvider, + AccessControlProvider accProvider, QueryIndexProvider indexProvider) { this.store = checkNotNull(store); this.subject = checkNotNull(subject); Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java?rev=1393009&r1=1393008&r2=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java Tue Oct 2 16:21:12 2012 @@ -16,15 +16,30 @@ */ package org.apache.jackrabbit.oak.plugins.type; +import java.util.Collections; +import java.util.List; +import javax.annotation.Nonnull; +import javax.jcr.Session; + import org.apache.felix.scr.annotations.Component; import org.apache.felix.scr.annotations.Service; +import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.jackrabbit.mk.api.MicroKernel; import org.apache.jackrabbit.oak.Oak; +import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; import org.apache.jackrabbit.oak.spi.lifecycle.DefaultMicroKernelTracker; import org.apache.jackrabbit.oak.spi.lifecycle.MicroKernelTracker; +import org.apache.jackrabbit.oak.spi.security.SecurityProvider; +import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider; import org.apache.jackrabbit.oak.spi.security.authentication.OpenLoginContextProvider; -import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlContextProvider; +import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider; +import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlProvider; +import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider; +import org.apache.jackrabbit.oak.spi.security.user.UserContext; +import org.apache.jackrabbit.oak.spi.security.user.UserProvider; import org.apache.jackrabbit.oak.spi.state.NodeState; import org.apache.jackrabbit.oak.spi.state.NodeStore; @@ -60,9 +75,42 @@ public class InitialContent extends Defa } private Root createRoot(MicroKernel mk) { + SecurityProvider securityProvider = new SecurityProvider() { + @Override + public LoginContextProvider getLoginContextProvider() { + return new OpenLoginContextProvider(); + } + @Override + public AccessControlProvider getAccessControlProvider() { + return new OpenAccessControlProvider(); + } + @Override + public UserContext getUserContext() { + return new UserContext() { + @Override + public UserProvider getUserProvider(ContentSession contentSession, Root root) { + throw new UnsupportedOperationException(); + } + @Override + public MembershipProvider getMembershipProvider(ContentSession contentSession, Root root) { + throw new UnsupportedOperationException(); + } + @Override + public List getValidatorProviders() { + return Collections.emptyList(); + } + + @Nonnull + @Override + public UserManager getUserManager(Session session, ContentSession contentSession, Root root, NamePathMapper namePathMapper) { + throw new UnsupportedOperationException(); + } + }; + } + }; + Oak oak = new Oak(mk); - oak.with(new OpenLoginContextProvider()); - oak.with(new OpenAccessControlContextProvider()); + oak.with(securityProvider); // TODO: The context class loader hack below shouldn't be needed // with a properly OSGi-compatible JAAS implementation Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java?rev=1393009&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java (added) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java Tue Oct 2 16:21:12 2012 @@ -0,0 +1,47 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.security; + +import javax.annotation.Nonnull; + +import org.apache.jackrabbit.oak.security.authentication.LoginContextProviderImpl; +import org.apache.jackrabbit.oak.security.authorization.AccessControlProviderImpl; +import org.apache.jackrabbit.oak.security.user.UserContextImpl; +import org.apache.jackrabbit.oak.spi.security.SecurityProvider; +import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider; +import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider; +import org.apache.jackrabbit.oak.spi.security.user.UserContext; + +public class SecurityProviderImpl implements SecurityProvider { + @Nonnull + @Override + public LoginContextProvider getLoginContextProvider() { + return new LoginContextProviderImpl(); + } + + @Nonnull + @Override + public AccessControlProvider getAccessControlProvider() { + return new AccessControlProviderImpl(); + } + + @Nonnull + @Override + public UserContext getUserContext() { + return new UserContextImpl(); + } +} Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java?rev=1393009&r1=1393008&r2=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java Tue Oct 2 16:21:12 2012 @@ -22,9 +22,9 @@ import java.util.Set; import javax.security.auth.Subject; import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext; -import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContextProvider; +import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider; import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions; -import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlContextProvider; +import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlProvider; import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal; /** @@ -35,7 +35,7 @@ class AccessControlContextImpl implement private static final CompiledPermissions ADMIN_PERMISSIONS; static { - AccessControlContextProvider accProvider = new OpenAccessControlContextProvider(); + AccessControlProvider accProvider = new OpenAccessControlProvider(); Subject subject = new Subject(); subject.getPrincipals().add(AdminPrincipal.INSTANCE); ADMIN_PERMISSIONS = accProvider.createAccessControlContext(subject).getPermissions(); Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlObserver.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlObserver.java?rev=1393009&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlObserver.java (added) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlObserver.java Tue Oct 2 16:21:12 2012 @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.security.authorization; + +import org.apache.jackrabbit.oak.spi.commit.Observer; +import org.apache.jackrabbit.oak.spi.state.NodeState; + +/** + * {@code Observer} implementation that processes any modification made to + * access control content and updates persisted permission caches associated + * with access control related data stored in the repository. + */ +public class AccessControlObserver implements Observer { + + @Override + public void contentChanged(NodeState before, NodeState after) { + // TODO + throw new UnsupportedOperationException("not yet implemented"); + } +} \ No newline at end of file Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java (from r1392909, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextProviderImpl.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextProviderImpl.java&r1=1392909&r2=1393009&rev=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextProviderImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java Tue Oct 2 16:21:12 2012 @@ -16,20 +16,32 @@ */ package org.apache.jackrabbit.oak.security.authorization; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; import javax.security.auth.Subject; +import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext; -import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContextProvider; +import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider; /** * AccessControlContextProviderImpl is a default implementation and * creates {@link AccessControlContextImpl} for a given set of principals. */ -public class AccessControlContextProviderImpl - implements AccessControlContextProvider { +public class AccessControlProviderImpl + implements AccessControlProvider { @Override public AccessControlContext createAccessControlContext(Subject subject) { return new AccessControlContextImpl(subject); } + + @Override + public List getValidatorProviders() { + List vps = new ArrayList(); + vps.add(new PermissionValidatorProvider()); + vps.add(new AccessControlValidatorProvider()); + return Collections.unmodifiableList(vps); + } } Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java ------------------------------------------------------------------------------ svn:keywords = Author Date Id Revision Rev URL Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java?rev=1393009&r1=1393008&r2=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java Tue Oct 2 16:21:12 2012 @@ -17,8 +17,6 @@ package org.apache.jackrabbit.oak.security.authorization; import java.security.AccessController; -import java.security.Principal; -import java.util.Set; import javax.annotation.Nonnull; import javax.security.auth.Subject; @@ -30,8 +28,6 @@ import org.apache.jackrabbit.oak.spi.sec import org.apache.jackrabbit.oak.spi.state.NodeState; import org.apache.jackrabbit.oak.util.NodeUtil; -import com.google.common.collect.ImmutableSet; - /** * PermissionValidatorProvider... TODO */ @@ -47,7 +43,7 @@ public class PermissionValidatorProvider } // FIXME: should use same provider as in ContentRepositoryImpl - AccessControlContext context = new AccessControlContextProviderImpl() + AccessControlContext context = new AccessControlProviderImpl() .createAccessControlContext(subject); NodeUtil rootBefore = new NodeUtil(new ReadOnlyTree(before)); Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java&r1=1392769&r2=1393009&rev=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java Tue Oct 2 16:21:12 2012 @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.jackrabbit.oak.jcr.security.user; +package org.apache.jackrabbit.oak.security.user; import java.util.ArrayList; import java.util.Collections; Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java ------------------------------------------------------------------------------ svn:eol-style = native Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java&r1=1392769&r2=1393009&rev=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableIterator.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java Tue Oct 2 16:21:12 2012 @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.jackrabbit.oak.jcr.security.user; +package org.apache.jackrabbit.oak.security.user; import java.util.Iterator; import javax.jcr.RangeIterator; Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java&r1=1392769&r2=1393009&rev=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java Tue Oct 2 16:21:12 2012 @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.jackrabbit.oak.jcr.security.user; +package org.apache.jackrabbit.oak.security.user; import java.security.Principal; import java.util.Enumeration; Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java ------------------------------------------------------------------------------ svn:eol-style = native Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java&r1=1392769&r2=1393009&rev=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java Tue Oct 2 16:21:12 2012 @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.jackrabbit.oak.jcr.security.user; +package org.apache.jackrabbit.oak.security.user; import java.security.Principal; import java.security.acl.Group; @@ -34,7 +34,7 @@ import org.apache.jackrabbit.api.securit import org.apache.jackrabbit.oak.api.CoreValue; import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Tree; -import org.apache.jackrabbit.oak.jcr.security.principal.PrincipalIteratorAdapter; +import org.apache.jackrabbit.oak.spi.security.principal.PrincipalIteratorAdapter; import org.apache.jackrabbit.oak.spi.security.user.UserConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java ------------------------------------------------------------------------------ svn:eol-style = native Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java?rev=1393009&r1=1393008&r2=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java Tue Oct 2 16:21:12 2012 @@ -16,9 +16,14 @@ */ package org.apache.jackrabbit.oak.security.user; +import java.util.Collections; +import java.util.List; +import javax.jcr.Session; + +import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.jackrabbit.oak.api.ContentSession; -import org.apache.jackrabbit.oak.api.CoreValueFactory; import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider; import org.apache.jackrabbit.oak.spi.security.user.UserConfig; @@ -42,11 +47,6 @@ public class UserContextImpl implements } @Override - public UserConfig getConfig() { - return config; - } - - @Override public UserProvider getUserProvider(ContentSession contentSession, Root root) { return new UserProviderImpl(contentSession, root, config); } @@ -57,7 +57,16 @@ public class UserContextImpl implements } @Override - public ValidatorProvider getUserValidatorProvider(CoreValueFactory valueFactory) { - return new UserValidatorProvider(config); + public List getValidatorProviders() { + ValidatorProvider vp = new UserValidatorProvider(config); + return Collections.singletonList(vp); + } + + @Override + public UserManager getUserManager(Session session, ContentSession contentSession, + Root root, NamePathMapper namePathMapper) { + UserProvider up = getUserProvider(contentSession, root); + MembershipProvider mp = getMembershipProvider(contentSession, root); + return new UserManagerImpl(session, namePathMapper, up, mp, config); } } \ No newline at end of file Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java&r1=1392769&r2=1393009&rev=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java Tue Oct 2 16:21:12 2012 @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.jackrabbit.oak.jcr.security.user; +package org.apache.jackrabbit.oak.security.user; import java.security.Principal; import javax.jcr.Credentials; Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java ------------------------------------------------------------------------------ svn:eol-style = native Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java&r1=1392769&r2=1393009&rev=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java Tue Oct 2 16:21:12 2012 @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.jackrabbit.oak.jcr.security.user; +package org.apache.jackrabbit.oak.security.user; import java.io.UnsupportedEncodingException; import java.security.NoSuchAlgorithmException; @@ -33,9 +33,9 @@ import org.apache.jackrabbit.api.securit import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.jackrabbit.oak.api.Tree; -import org.apache.jackrabbit.oak.jcr.security.user.query.XPathQueryBuilder; -import org.apache.jackrabbit.oak.jcr.security.user.query.XPathQueryEvaluator; import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.security.user.query.XPathQueryBuilder; +import org.apache.jackrabbit.oak.security.user.query.XPathQueryEvaluator; import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal; import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider; import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility; Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java ------------------------------------------------------------------------------ svn:eol-style = native Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/Condition.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/Condition.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/Condition.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/Condition.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/Condition.java&r1=1392769&r2=1393009&rev=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/Condition.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/Condition.java Tue Oct 2 16:21:12 2012 @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.jackrabbit.oak.jcr.security.user.query; +package org.apache.jackrabbit.oak.security.user.query; import java.util.ArrayList; import java.util.Iterator; Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ConditionVisitor.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ConditionVisitor.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ConditionVisitor.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ConditionVisitor.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ConditionVisitor.java&r1=1392769&r2=1393009&rev=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ConditionVisitor.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ConditionVisitor.java Tue Oct 2 16:21:12 2012 @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.jackrabbit.oak.jcr.security.user.query; +package org.apache.jackrabbit.oak.security.user.query; import javax.jcr.RepositoryException; Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/RelationOp.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/RelationOp.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/RelationOp.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/RelationOp.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/RelationOp.java&r1=1392769&r2=1393009&rev=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/RelationOp.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/RelationOp.java Tue Oct 2 16:21:12 2012 @@ -1,4 +1,4 @@ -package org.apache.jackrabbit.oak.jcr.security.user.query; +package org.apache.jackrabbit.oak.security.user.query; /** * Relational operators for comparing a property to a value. Correspond Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ResultIterator.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ResultIterator.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ResultIterator.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ResultIterator.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ResultIterator.java&r1=1392769&r2=1393009&rev=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/ResultIterator.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ResultIterator.java Tue Oct 2 16:21:12 2012 @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.jackrabbit.oak.jcr.security.user.query; +package org.apache.jackrabbit.oak.security.user.query; import java.util.Iterator; import java.util.NoSuchElementException; Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryBuilder.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryBuilder.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryBuilder.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryBuilder.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryBuilder.java&r1=1392769&r2=1393009&rev=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryBuilder.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryBuilder.java Tue Oct 2 16:21:12 2012 @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.jackrabbit.oak.jcr.security.user.query; +package org.apache.jackrabbit.oak.security.user.query; import javax.jcr.Value; Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryEvaluator.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryEvaluator.java&r1=1392769&r2=1393009&rev=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/query/XPathQueryEvaluator.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java Tue Oct 2 16:21:12 2012 @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.jackrabbit.oak.jcr.security.user.query; +package org.apache.jackrabbit.oak.security.user.query; import java.util.Iterator; @@ -35,7 +35,6 @@ import org.apache.jackrabbit.api.securit import org.apache.jackrabbit.api.security.user.QueryBuilder; import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.api.security.user.UserManager; -import org.apache.jackrabbit.oak.jcr.security.user.UserManagerImpl; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.security.user.UserConstants; import org.apache.jackrabbit.util.Text; @@ -56,7 +55,7 @@ public class XPathQueryEvaluator impleme private final StringBuilder xPath = new StringBuilder(); - public XPathQueryEvaluator(XPathQueryBuilder builder, UserManagerImpl userManager, + public XPathQueryEvaluator(XPathQueryBuilder builder, UserManager userManager, QueryManager queryManager, NamePathMapper namePathMapper) { this.builder = builder; this.userManager = userManager; Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java?rev=1393009&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java (added) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java Tue Oct 2 16:21:12 2012 @@ -0,0 +1,38 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.spi.security; + +import javax.annotation.Nonnull; + +import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider; +import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider; +import org.apache.jackrabbit.oak.spi.security.user.UserContext; + +/** + * SecurityProvider... TODO + */ +public interface SecurityProvider { + + @Nonnull + LoginContextProvider getLoginContextProvider(); + + @Nonnull + AccessControlProvider getAccessControlProvider(); + + @Nonnull + UserContext getUserContext(); // TODO review naming consistency +} \ No newline at end of file Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java (from r1392909, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContextProvider.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContextProvider.java&r1=1392909&r2=1393009&rev=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContextProvider.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java Tue Oct 2 16:21:12 2012 @@ -16,15 +16,17 @@ */ package org.apache.jackrabbit.oak.spi.security.authorization; -import java.security.Principal; -import java.util.Set; - +import java.util.List; import javax.security.auth.Subject; +import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; + /** - * AccessControlContextProvider... + * {@code AccessControlContextProvider}... */ -public interface AccessControlContextProvider { +public interface AccessControlProvider { public AccessControlContext createAccessControlContext(Subject subject); + + public List getValidatorProviders(); } Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java ------------------------------------------------------------------------------ svn:keywords = Author Date Id Revision Rev URL Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java (from r1392909, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlContextProvider.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlContextProvider.java&r1=1392909&r2=1393009&rev=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlContextProvider.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java Tue Oct 2 16:21:12 2012 @@ -16,17 +16,20 @@ */ package org.apache.jackrabbit.oak.spi.security.authorization; +import java.util.Collections; +import java.util.List; import javax.security.auth.Subject; import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Tree; +import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; /** - * This class implements an {@link AccessControlContextProvider} which grants + * This class implements an {@link AccessControlProvider} which grants * full access to any {@link Subject} passed to {@link #createAccessControlContext(Subject)}. */ -public class OpenAccessControlContextProvider - implements AccessControlContextProvider { +public class OpenAccessControlProvider + implements AccessControlProvider { @Override public AccessControlContext createAccessControlContext(Subject subject) { @@ -38,6 +41,11 @@ public class OpenAccessControlContextPro }; } + @Override + public List getValidatorProviders() { + return Collections.emptyList(); + } + private static final class AllPermissions implements CompiledPermissions { private static final CompiledPermissions INSTANCE = new AllPermissions(); Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java ------------------------------------------------------------------------------ svn:keywords = Author Date Id Revision Rev URL Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/AdminPrincipal.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/AdminPrincipal.java?rev=1393009&r1=1393008&r2=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/AdminPrincipal.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/AdminPrincipal.java Tue Oct 2 16:21:12 2012 @@ -28,7 +28,7 @@ public final class AdminPrincipal implem public static final String NAME = "administrator"; - public static final AdminPrincipal INSTANCE = new AdminPrincipal(); + public static final Principal INSTANCE = new AdminPrincipal(); private AdminPrincipal() { } Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalIteratorAdapter.java (from r1392769, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalIteratorAdapter.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalIteratorAdapter.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalIteratorAdapter.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalIteratorAdapter.java&r1=1392769&r2=1393009&rev=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalIteratorAdapter.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalIteratorAdapter.java Tue Oct 2 16:21:12 2012 @@ -14,22 +14,21 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.jackrabbit.oak.jcr.security.principal; +package org.apache.jackrabbit.oak.spi.security.principal; -import org.apache.jackrabbit.api.security.principal.PrincipalIterator; -import org.apache.jackrabbit.commons.iterator.RangeIteratorAdapter; -import org.apache.jackrabbit.commons.iterator.RangeIteratorDecorator; - -import javax.jcr.RangeIterator; import java.security.Principal; import java.util.Collection; import java.util.Iterator; import java.util.NoSuchElementException; +import javax.jcr.RangeIterator; + +import org.apache.jackrabbit.api.security.principal.PrincipalIterator; +import org.apache.jackrabbit.commons.iterator.RangeIteratorAdapter; +import org.apache.jackrabbit.commons.iterator.RangeIteratorDecorator; /** - * PrincipalIteratorAdapter... - * - * TODO: move to jackrabbit-jcr-commons + * Principal specific {@code RangeIteratorAdapter} implementing the + * {@code PrincipalIterator} interface. */ public class PrincipalIteratorAdapter extends RangeIteratorDecorator implements PrincipalIterator { Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalIteratorAdapter.java ------------------------------------------------------------------------------ svn:eol-style = native Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java?rev=1393009&r1=1393008&r2=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java Tue Oct 2 16:21:12 2012 @@ -36,19 +36,4 @@ public interface UserConstants { String DEFAULT_USER_PATH = "/rep:security/rep:authorizables/rep:users"; String DEFAULT_GROUP_PATH = "/rep:security/rep:authorizables/rep:groups"; int DEFAULT_DEPTH = 2; - - int SEARCH_TYPE_USER = 1; - - /** - * Filter flag indicating that only Groups should be searched - * and returned. - */ - int SEARCH_TYPE_GROUP = 2; - - /** - * Filter flag indicating that all Authorizables should be - * searched. - */ - int SEARCH_TYPE_AUTHORIZABLE = 3; - } \ No newline at end of file Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java?rev=1393009&r1=1393008&r2=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java Tue Oct 2 16:21:12 2012 @@ -16,11 +16,15 @@ */ package org.apache.jackrabbit.oak.spi.security.user; +import java.util.List; import javax.annotation.Nonnull; +import javax.jcr.Session; +import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.CoreValueFactory; import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; /** @@ -29,15 +33,14 @@ import org.apache.jackrabbit.oak.spi.com public interface UserContext { @Nonnull - UserConfig getConfig(); - - @Nonnull UserProvider getUserProvider(ContentSession contentSession, Root root); @Nonnull MembershipProvider getMembershipProvider(ContentSession contentSession, Root root); @Nonnull - ValidatorProvider getUserValidatorProvider(CoreValueFactory valueFactory); + List getValidatorProviders(); + @Nonnull + UserManager getUserManager(Session session, ContentSession contentSession, Root root, NamePathMapper namePathMapper); } \ No newline at end of file Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractCoreTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractCoreTest.java?rev=1393009&r1=1393008&r2=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractCoreTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractCoreTest.java Tue Oct 2 16:21:12 2012 @@ -22,7 +22,7 @@ import org.apache.jackrabbit.mk.api.Micr import org.apache.jackrabbit.mk.core.MicroKernelImpl; import org.apache.jackrabbit.oak.api.CoreValueFactory; import org.apache.jackrabbit.oak.kernel.KernelNodeStore; -import org.apache.jackrabbit.oak.security.authorization.AccessControlContextProviderImpl; +import org.apache.jackrabbit.oak.security.authorization.AccessControlProviderImpl; import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider; import org.apache.jackrabbit.oak.spi.state.NodeState; import org.junit.Before; @@ -57,6 +57,6 @@ public abstract class AbstractCoreTest { protected RootImpl createRootImpl(String workspaceName) { return new RootImpl(store, workspaceName, new Subject(), - new AccessControlContextProviderImpl(), new CompositeQueryIndexProvider()); + new AccessControlProviderImpl(), new CompositeQueryIndexProvider()); } } \ No newline at end of file Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java?rev=1393009&r1=1393008&r2=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java Tue Oct 2 16:21:12 2012 @@ -32,7 +32,7 @@ import org.apache.jackrabbit.oak.api.Tre import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.core.RootImplFuzzIT.Operation.Rebase; import org.apache.jackrabbit.oak.kernel.KernelNodeStore; -import org.apache.jackrabbit.oak.security.authorization.AccessControlContextProviderImpl; +import org.apache.jackrabbit.oak.security.authorization.AccessControlProviderImpl; import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider; import org.junit.Before; import org.junit.Test; @@ -83,13 +83,13 @@ public class RootImplFuzzIT { vf = store1.getValueFactory(); mk1.commit("", "+\"/root\":{}", mk1.getHeadRevision(), ""); root1 = new RootImpl(store1, null, new Subject(), - new AccessControlContextProviderImpl(), new CompositeQueryIndexProvider()); + new AccessControlProviderImpl(), new CompositeQueryIndexProvider()); MicroKernel mk2 = new MicroKernelImpl("./target/mk2/" + random.nextInt()); store2 = new KernelNodeStore(mk2); mk2.commit("", "+\"/root\":{}", mk2.getHeadRevision(), ""); root2 = new RootImpl(store2, null, new Subject(), - new AccessControlContextProviderImpl(), new CompositeQueryIndexProvider()); + new AccessControlProviderImpl(), new CompositeQueryIndexProvider()); } @Test Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java?rev=1393009&r1=1393008&r2=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java Tue Oct 2 16:21:12 2012 @@ -26,7 +26,7 @@ import org.apache.jackrabbit.oak.kernel. import org.apache.jackrabbit.oak.plugins.memory.MemoryValueFactory; import org.apache.jackrabbit.oak.query.ast.Operator; import org.apache.jackrabbit.oak.query.index.FilterImpl; -import org.apache.jackrabbit.oak.security.authorization.AccessControlContextProviderImpl; +import org.apache.jackrabbit.oak.security.authorization.AccessControlProviderImpl; import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider; import org.apache.jackrabbit.oak.spi.query.Cursor; import org.apache.jackrabbit.oak.spi.query.Filter; @@ -50,7 +50,7 @@ public class LuceneEditorTest implements KernelNodeStore store = new KernelNodeStore(new MicroKernelImpl()); store.setHook(new LuceneEditor(testID)); Root root = new RootImpl(store, null, new Subject(), - new AccessControlContextProviderImpl(), new CompositeQueryIndexProvider()); + new AccessControlProviderImpl(), new CompositeQueryIndexProvider()); Tree tree = root.getTree("/"); tree.setProperty("foo", MemoryValueFactory.INSTANCE.createValue("bar")); Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/RepositoryImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/RepositoryImpl.java?rev=1393009&r1=1393008&r2=1393009&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/RepositoryImpl.java (original) +++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/RepositoryImpl.java Tue Oct 2 16:21:12 2012 @@ -18,7 +18,6 @@ package org.apache.jackrabbit.oak.jcr; import java.util.concurrent.Executors; import java.util.concurrent.ScheduledExecutorService; - import javax.jcr.Credentials; import javax.jcr.Repository; import javax.jcr.RepositoryException; @@ -32,22 +31,19 @@ import org.apache.jackrabbit.mk.core.Mic import org.apache.jackrabbit.oak.Oak; import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; -import org.apache.jackrabbit.oak.core.ContentRepositoryImpl; +import org.apache.jackrabbit.oak.plugins.commit.ConflictValidatorProvider; import org.apache.jackrabbit.oak.plugins.name.NameValidatorProvider; import org.apache.jackrabbit.oak.plugins.name.NamespaceValidatorProvider; import org.apache.jackrabbit.oak.plugins.type.InitialContent; import org.apache.jackrabbit.oak.plugins.type.TypeValidatorProvider; import org.apache.jackrabbit.oak.plugins.unique.UniqueIndexHook; -import org.apache.jackrabbit.oak.plugins.commit.ConflictValidatorProvider; -import org.apache.jackrabbit.oak.security.authorization.AccessControlValidatorProvider; import org.apache.jackrabbit.oak.security.authorization.PermissionValidatorProvider; import org.apache.jackrabbit.oak.security.privilege.PrivilegeValidatorProvider; -import org.apache.jackrabbit.oak.security.user.UserValidatorProvider; import org.apache.jackrabbit.oak.spi.commit.CompositeHook; import org.apache.jackrabbit.oak.spi.commit.CompositeValidatorProvider; import org.apache.jackrabbit.oak.spi.commit.ValidatingHook; import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; -import org.apache.jackrabbit.oak.spi.security.user.UserConfig; +import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -67,10 +63,8 @@ public class RepositoryImpl implements R new NamespaceValidatorProvider(), new TypeValidatorProvider(), new ConflictValidatorProvider(), + // FIXME: permission validator depends on AccessControlProvider new PermissionValidatorProvider(), - new AccessControlValidatorProvider(), - // FIXME: retrieve from user context - new UserValidatorProvider(new UserConfig("admin")), new PrivilegeValidatorProvider()); private static final CompositeHook DEFAULT_COMMIT_HOOK = @@ -83,11 +77,15 @@ public class RepositoryImpl implements R private final ScheduledExecutorService executor; + private final SecurityProvider securityProvider; + public RepositoryImpl( ContentRepository contentRepository, - ScheduledExecutorService executor) { + ScheduledExecutorService executor, + SecurityProvider securityProvider) { this.contentRepository = contentRepository; this.executor = executor; + this.securityProvider = securityProvider; } public RepositoryImpl( @@ -95,7 +93,7 @@ public class RepositoryImpl implements R this(new Oak(setupInitialContent(kernel)) .with(DEFAULT_COMMIT_HOOK) .createContentRepository(), - executor); + executor, null); } /** @@ -175,7 +173,7 @@ public class RepositoryImpl implements R // TODO: needs complete refactoring try { ContentSession contentSession = contentRepository.login(credentials, workspaceName); - return new SessionDelegate(this, executor, contentSession, false).getSession(); + return new SessionDelegate(this, executor, contentSession, securityProvider, false).getSession(); } catch (LoginException e) { throw new javax.jcr.LoginException(e.getMessage(), e); }