Return-Path: X-Original-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Delivered-To: apmail-jackrabbit-oak-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 120F3DCB5 for ; Fri, 5 Oct 2012 09:09:15 +0000 (UTC) Received: (qmail 10444 invoked by uid 500); 5 Oct 2012 09:09:15 -0000 Delivered-To: apmail-jackrabbit-oak-commits-archive@jackrabbit.apache.org Received: (qmail 9688 invoked by uid 500); 5 Oct 2012 09:09:12 -0000 Mailing-List: contact oak-commits-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: oak-dev@jackrabbit.apache.org Delivered-To: mailing list oak-commits@jackrabbit.apache.org Received: (qmail 9444 invoked by uid 99); 5 Oct 2012 09:09:11 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 05 Oct 2012 09:09:11 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 05 Oct 2012 09:09:02 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id F39CB23889C5; Fri, 5 Oct 2012 09:08:16 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1394418 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/api/ oak-core/src/main/java/org/apache/jackrabbit/oak/core/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/ oak-core/src/main/java/org/apache/j... Date: Fri, 05 Oct 2012 09:08:15 -0000 To: oak-commits@jackrabbit.apache.org From: angela@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20121005090816.F39CB23889C5@eris.apache.org> Author: angela Date: Fri Oct 5 09:08:14 2012 New Revision: 1394418 URL: http://svn.apache.org/viewvc?rev=1394418&view=rev Log: OAK-91 - Implement Authentication Support (WIP) - add (still commented) implementation for user-validation and principal access - expose root instead of contentsession in RepositoryCallback (TODO: need a fast way to create functional root object from the nodestore without having to call login and contentsession#getLatestRoot which is unbearably slow). OAK-50 - User Management (WIP) - make creation of userprovider indenpendant of contentsession - move password handing to userprovider - simplify user-mgt implementation Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/api/Root.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/query/AbstractQueryTest.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/util/JsopUtilTest.java jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/api/Root.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/api/Root.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/api/Root.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/api/Root.java Fri Oct 5 09:08:14 2012 @@ -135,4 +135,11 @@ public interface Root { @Nonnull SessionQueryEngine getQueryEngine(); + /** + * Get the value factory. + * + * @return the value factory + */ + CoreValueFactory getValueFactory(); + } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java Fri Oct 5 09:08:14 2012 @@ -28,6 +28,7 @@ import javax.security.auth.Subject; import org.apache.jackrabbit.oak.api.ChangeExtractor; import org.apache.jackrabbit.oak.api.CommitFailedException; +import org.apache.jackrabbit.oak.api.CoreValueFactory; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.SessionQueryEngine; import org.apache.jackrabbit.oak.api.TreeLocation; @@ -111,6 +112,7 @@ public class RootImpl implements Root { * @param workspaceName name of the workspace * @param subject the subject. * @param accProvider the access control context provider. + * @param indexProvider the query index provider. */ @SuppressWarnings("UnusedParameters") public RootImpl(NodeStore store, @@ -247,6 +249,16 @@ public class RootImpl implements Root { }; } + @Override + public SessionQueryEngine getQueryEngine() { + return new SessionQueryEngineImpl(store, indexProvider); + } + + @Override + public CoreValueFactory getValueFactory() { + return store.getValueFactory(); + } + //-----------------------------------------------------------< internal >--- /** @@ -303,9 +315,4 @@ public class RootImpl implements Root { purgeListener.purged(); } } - @Override - public SessionQueryEngine getQueryEngine() { - return new SessionQueryEngineImpl(store, indexProvider); - } - } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java Fri Oct 5 09:08:14 2012 @@ -21,7 +21,6 @@ import javax.jcr.Session; import javax.security.auth.login.Configuration; import org.apache.jackrabbit.api.security.principal.PrincipalManager; -import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.security.authentication.ConfigurationImpl; @@ -68,17 +67,17 @@ public class SecurityProviderImpl implem return new PrincipalConfiguration() { @Nonnull @Override - public PrincipalManager getPrincipalManager(Session session, ContentSession contentSession, Root root, NamePathMapper namePathMapper) { - PrincipalProvider principalProvider = getPrincipalProvider(contentSession, root, namePathMapper); + public PrincipalManager getPrincipalManager(Session session, Root root, NamePathMapper namePathMapper) { + PrincipalProvider principalProvider = getPrincipalProvider(root, namePathMapper); return new PrincipalManagerImpl(principalProvider); } @Nonnull @Override - public PrincipalProvider getPrincipalProvider(ContentSession contentSession, Root root, NamePathMapper namePathMapper) { + public PrincipalProvider getPrincipalProvider(Root root, NamePathMapper namePathMapper) { UserContext userContext = getUserContext(); - UserProvider userProvider = userContext.getUserProvider(contentSession, root); - MembershipProvider msProvider = userContext.getMembershipProvider(contentSession, root); + UserProvider userProvider = userContext.getUserProvider(root); + MembershipProvider msProvider = userContext.getMembershipProvider(root); return new PrincipalProviderImpl(userProvider, msProvider, namePathMapper); } }; Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java Fri Oct 5 09:08:14 2012 @@ -22,7 +22,10 @@ import javax.jcr.Credentials; import javax.jcr.GuestCredentials; import javax.jcr.SimpleCredentials; +import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.spi.security.authentication.Authentication; +import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility; +import org.apache.jackrabbit.oak.spi.security.user.UserProvider; /** * AuthenticationImpl... @@ -30,22 +33,32 @@ import org.apache.jackrabbit.oak.spi.sec public class AuthenticationImpl implements Authentication { private final String userID; + private final UserProvider userProvider; - public AuthenticationImpl(String userID) { + public AuthenticationImpl(String userID, UserProvider userProvider) { this.userID = userID; + this.userProvider = userProvider; } @Override public boolean authenticate(Credentials credentials) { - if (credentials instanceof SimpleCredentials) { - // TODO - return true; - } else if (credentials instanceof GuestCredentials) { - // TODO - return true; - } else { - return false; - } + // TODO + return true; + +// if (userProvider == null || userID == null) { +// return false; +// } +// +// if (credentials instanceof SimpleCredentials) { +// SimpleCredentials creds = (SimpleCredentials) credentials; +// return userID.equals(creds.getUserID()) && +// PasswordUtility.isSame(userProvider.getPassword(userID), creds.getPassword()); +// } else if (credentials instanceof GuestCredentials) { +// return userProvider.getAuthorizable(userID) != null; +// } else { +// // unsupported credentials object +// return false; +// } } @Override Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java Fri Oct 5 09:08:14 2012 @@ -106,8 +106,6 @@ public class LoginModuleImpl extends Abs @Override public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { super.initialize(subject, callbackHandler, sharedState, options); - - // TODO } @Override @@ -116,7 +114,7 @@ public class LoginModuleImpl extends Abs credentials = getCredentials(); userID = getUserID(); - Authentication authentication = new AuthenticationImpl(userID); + Authentication authentication = new AuthenticationImpl(userID, getUserProvider()); boolean success = authentication.authenticate(credentials); if (!success) { success = impersonate(authentication); @@ -173,7 +171,7 @@ public class LoginModuleImpl extends Abs if (credentials instanceof SimpleCredentials) { userID = ((SimpleCredentials) credentials).getUserID(); } else if (credentials instanceof GuestCredentials) { - userID = "anonymous"; + userID = getAnonymousID(); } else if (credentials instanceof ImpersonationCredentials) { Credentials bc = ((ImpersonationCredentials) credentials).getBaseCredentials(); if (bc instanceof SimpleCredentials) { @@ -199,6 +197,11 @@ public class LoginModuleImpl extends Abs return userID; } + private String getAnonymousID() { + // TODO + return "anonymous"; + } + private boolean impersonate(Authentication authentication) { if (credentials instanceof ImpersonationCredentials) { AuthInfo info = ((ImpersonationCredentials) credentials).getImpersonatorInfo(); Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java Fri Oct 5 09:08:14 2012 @@ -36,7 +36,6 @@ import javax.jcr.SimpleCredentials; import org.apache.jackrabbit.JcrConstants; import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials; import org.apache.jackrabbit.oak.api.CommitFailedException; -import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.CoreValueFactory; import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Root; @@ -96,17 +95,15 @@ public class TokenProviderImpl implement private static final char DELIM = '_'; - private final ContentSession contentSession; private final Root root; private final UserProvider userProvider; private final long tokenExpiration; - public TokenProviderImpl(ContentSession contentSession, long tokenExpiration, UserContext userContext) { - this.contentSession = contentSession; - this.root = contentSession.getLatestRoot(); + public TokenProviderImpl(Root root, long tokenExpiration, UserContext userContext) { + this.root = root; this.tokenExpiration = tokenExpiration; - this.userProvider = userContext.getUserProvider(contentSession, root); + this.userProvider = userContext.getUserProvider(root); } //------------------------------------------------------< TokenProvider >--- @@ -126,7 +123,7 @@ public class TokenProviderImpl implement SimpleCredentials sc = extractSimpleCredentials(credentials); if (sc != null) { String userId = sc.getUserID(); - CoreValueFactory valueFactory = contentSession.getCoreValueFactory(); + CoreValueFactory valueFactory = root.getValueFactory(); try { Tree userTree = userProvider.getAuthorizable(userId, Type.USER); if (userTree != null) { @@ -188,7 +185,7 @@ public class TokenProviderImpl implement if (tokenTree == null || userId == null) { return null; } else { - return new TokenInfoImpl(new NodeUtil(tokenTree, contentSession), token, userId); + return new TokenInfoImpl(new NodeUtil(tokenTree, root.getValueFactory()), token, userId); } } @@ -212,7 +209,7 @@ public class TokenProviderImpl implement public boolean resetTokenExpiration(TokenInfo tokenInfo, long loginTime) { Tree tokenTree = getTokenTree(tokenInfo); if (tokenTree != null) { - NodeUtil tokenNode = new NodeUtil(tokenTree, contentSession); + NodeUtil tokenNode = new NodeUtil(tokenTree, root.getValueFactory()); long expTime = tokenNode.getLong(TOKEN_ATTRIBUTE_EXPIRY, 0); if (expTime - loginTime <= tokenExpiration/2) { long expirationTime = loginTime + tokenExpiration; Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java Fri Oct 5 09:08:14 2012 @@ -109,7 +109,6 @@ public class PrivilegeRegistry implement private void internalRegisterDefinitions(PrivilegeDefinition toRegister) throws RepositoryException { Root root = contentSession.getLatestRoot(); - try { // make sure the privileges path is defined Tree privilegesTree = root.getTree(PRIVILEGES_PATH); @@ -117,7 +116,7 @@ public class PrivilegeRegistry implement throw new RepositoryException("Repository doesn't contain node " + PRIVILEGES_PATH); } - NodeUtil privilegesNode = new NodeUtil(privilegesTree, contentSession); + NodeUtil privilegesNode = new NodeUtil(privilegesTree, root.getValueFactory()); writeDefinition(privilegesNode, toRegister); // delegate validation to the commit validation (see above) Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java Fri Oct 5 09:08:14 2012 @@ -17,7 +17,6 @@ package org.apache.jackrabbit.oak.security.user; import org.apache.jackrabbit.JcrConstants; -import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.CoreValueFactory; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; @@ -40,13 +39,15 @@ abstract class AuthorizableBaseProvider */ private static final Logger log = LoggerFactory.getLogger(AuthorizableBaseProvider.class); - final CoreValueFactory valueFactory; + final UserConfig config; final Root root; + final CoreValueFactory valueFactory; final IdentifierManager identifierManager; - AuthorizableBaseProvider(ContentSession contentSession, Root root, UserConfig config) { - this.valueFactory = contentSession.getCoreValueFactory(); + AuthorizableBaseProvider(Root root, UserConfig config) { this.root = root; + this.config = config; + this.valueFactory = root.getValueFactory(); this.identifierManager = new IdentifierManager(root); } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java Fri Oct 5 09:08:14 2012 @@ -39,6 +39,7 @@ import org.apache.jackrabbit.oak.api.Tre import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal; import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider; import org.apache.jackrabbit.oak.spi.security.user.UserConstants; +import org.apache.jackrabbit.oak.spi.security.user.UserProvider; import org.apache.jackrabbit.util.Text; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -321,6 +322,14 @@ abstract class AuthorizableImpl implemen } /** + * @return The user provider associated with this authorizable + */ + @Nonnull + UserProvider getUserProvider() { + return userManager.getUserProvider(); + } + + /** * @return The principal name of this authorizable. * @throws RepositoryException If no principal name can be retrieved. */ Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java Fri Oct 5 09:08:14 2012 @@ -52,7 +52,7 @@ class GroupImpl extends AuthorizableImpl @Override void checkValidTree(Tree tree) throws RepositoryException { - if (tree == null || !getUserManager().getUserProvider().isAuthorizableType(tree, Type.GROUP)) { + if (tree == null || !getUserProvider().isAuthorizableType(tree, Type.GROUP)) { throw new IllegalArgumentException("Invalid group node: node type rep:Group expected."); } } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProviderImpl.java Fri Oct 5 09:08:14 2012 @@ -31,7 +31,6 @@ import com.google.common.collect.Iterato import com.google.common.collect.Lists; import org.apache.jackrabbit.commons.iterator.RangeIteratorAdapter; -import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.CoreValue; import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Root; @@ -87,8 +86,8 @@ public class MembershipProviderImpl exte private final int splitSize; - MembershipProviderImpl(ContentSession contentSession, Root root, UserConfig config) { - super(contentSession, root, config); + MembershipProviderImpl(Root root, UserConfig config) { + super(root, config); int splitValue = config.getConfigValue(UserConfig.PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE, 0); if (splitValue != 0 && splitValue < 4) { Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java Fri Oct 5 09:08:14 2012 @@ -21,7 +21,6 @@ import java.util.List; import javax.jcr.Session; import org.apache.jackrabbit.api.security.user.UserManager; -import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; @@ -47,13 +46,13 @@ public class UserContextImpl implements } @Override - public UserProvider getUserProvider(ContentSession contentSession, Root root) { - return new UserProviderImpl(contentSession, root, config); + public UserProvider getUserProvider(Root root) { + return new UserProviderImpl(root, config); } @Override - public MembershipProvider getMembershipProvider(ContentSession contentSession, Root root) { - return new MembershipProviderImpl(contentSession, root, config); + public MembershipProvider getMembershipProvider(Root root) { + return new MembershipProviderImpl(root, config); } @Override @@ -63,10 +62,9 @@ public class UserContextImpl implements } @Override - public UserManager getUserManager(Session session, ContentSession contentSession, - Root root, NamePathMapper namePathMapper) { - UserProvider up = getUserProvider(contentSession, root); - MembershipProvider mp = getMembershipProvider(contentSession, root); + public UserManager getUserManager(Session session, Root root, NamePathMapper namePathMapper) { + UserProvider up = getUserProvider(root); + MembershipProvider mp = getMembershipProvider(root); return new UserManagerImpl(session, namePathMapper, up, mp, config); } } \ No newline at end of file Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java Fri Oct 5 09:08:14 2012 @@ -49,7 +49,7 @@ class UserImpl extends AuthorizableImpl } void checkValidTree(Tree tree) throws RepositoryException { - if (tree == null || !getUserManager().getUserProvider().isAuthorizableType(tree, Type.USER)) { + if (tree == null || !getUserProvider().isAuthorizableType(tree, Type.USER)) { throw new IllegalArgumentException("Invalid user node: node type rep:User expected."); } } @@ -79,7 +79,7 @@ class UserImpl extends AuthorizableImpl */ @Override public boolean isAdmin() { - return getUserManager().getUserProvider().isAdminUser(getTree()); + return getUserProvider().isAdminUser(getTree()); } /** @@ -107,7 +107,7 @@ class UserImpl extends AuthorizableImpl public void changePassword(String password) throws RepositoryException { UserManagerImpl userManager = getUserManager(); userManager.onPasswordChange(this, password); - userManager.setPassword(getTree(), password, true); + getUserProvider().setPassword(getTree(), password, true); } /** @@ -169,10 +169,10 @@ class UserImpl extends AuthorizableImpl //-------------------------------------------------------------------------- void setProtectedProperty(String oakName, String value) throws RepositoryException { - getUserManager().getUserProvider().setProtectedProperty(getTree(), oakName, value, PropertyType.STRING); + getUserProvider().setProtectedProperty(getTree(), oakName, value, PropertyType.STRING); } void setProtectedProperty(String oakName, String[] values) throws RepositoryException { - getUserManager().getUserProvider().setProtectedProperty(getTree(), oakName, values, PropertyType.STRING); + getUserProvider().setProtectedProperty(getTree(), oakName, values, PropertyType.STRING); } } \ No newline at end of file Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java Fri Oct 5 09:08:14 2012 @@ -16,8 +16,6 @@ */ package org.apache.jackrabbit.oak.security.user; -import java.io.UnsupportedEncodingException; -import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.util.Iterator; import javax.annotation.CheckForNull; @@ -38,7 +36,6 @@ import org.apache.jackrabbit.oak.securit import org.apache.jackrabbit.oak.security.user.query.XPathQueryEvaluator; import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal; import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider; -import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility; import org.apache.jackrabbit.oak.spi.security.user.Type; import org.apache.jackrabbit.oak.spi.security.user.UserConfig; import org.apache.jackrabbit.oak.spi.security.user.UserConstants; @@ -147,7 +144,7 @@ public class UserManagerImpl implements } Tree userTree = userProvider.createUser(userID, intermediatePath); setPrincipal(userTree, principal); - setPassword(userTree, password, true); + userProvider.setPassword(userTree, password, true); User user = new UserImpl(userID, userTree, this); onCreate(user, password); @@ -283,41 +280,6 @@ public class UserManagerImpl implements } //-------------------------------------------------------------------------- - /** - * - * - * @param userTree The tree representing the user. - * @param password The plaintext password to set. - * @param forceHash If true the specified password will always be hashed. - * @throws javax.jcr.RepositoryException If an error occurs - */ - void setPassword(Tree userTree, String password, boolean forceHash) throws RepositoryException { - if (password == null) { - log.debug("Password is null."); - return; - } - String pwHash; - if (forceHash || PasswordUtility.isPlainTextPassword(password)) { - try { - pwHash = PasswordUtility.buildPasswordHash(password, config); - } catch (NoSuchAlgorithmException e) { - throw new RepositoryException(e); - } catch (UnsupportedEncodingException e) { - throw new RepositoryException(e); - } - } else { - pwHash = password; - } - getUserProvider().setProtectedProperty(userTree, UserConstants.REP_PASSWORD, pwHash, PropertyType.STRING); - } - - void setPrincipal(Tree userTree, Principal principal) throws RepositoryException { - // TODO: remove check once user-validator properly enforces that constraint - if (userTree.getStatus() != Tree.Status.NEW || userTree.hasProperty(UserConstants.REP_PRINCIPAL_NAME)) { - throw new RepositoryException("rep:principalName can only be set once on a new node."); - } - getUserProvider().setProtectedProperty(userTree, UserConstants.REP_PRINCIPAL_NAME, principal.getName(), PropertyType.STRING); - } Session getSession() { return session; @@ -374,6 +336,10 @@ public class UserManagerImpl implements } } + private void setPrincipal(Tree userTree, Principal principal) { + getUserProvider().setProtectedProperty(userTree, UserConstants.REP_PRINCIPAL_NAME, principal.getName(), PropertyType.STRING); + } + private static Type getAuthorizableType(int searchType) { switch (searchType) { case UserManager.SEARCH_TYPE_USER: Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java Fri Oct 5 09:08:14 2012 @@ -16,17 +16,18 @@ */ package org.apache.jackrabbit.oak.security.user; +import java.io.UnsupportedEncodingException; +import java.security.NoSuchAlgorithmException; import java.security.Principal; import java.text.ParseException; import java.util.Collections; import java.util.Iterator; - +import javax.jcr.PropertyType; import javax.jcr.RepositoryException; import javax.jcr.nodetype.ConstraintViolationException; import javax.jcr.query.Query; import org.apache.jackrabbit.JcrConstants; -import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.CoreValue; import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Result; @@ -36,6 +37,7 @@ import org.apache.jackrabbit.oak.api.Tre import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.plugins.memory.SinglePropertyState; import org.apache.jackrabbit.oak.spi.security.principal.TreeBasedPrincipal; +import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility; import org.apache.jackrabbit.oak.spi.security.user.Type; import org.apache.jackrabbit.oak.spi.security.user.UserConfig; import org.apache.jackrabbit.oak.spi.security.user.UserConstants; @@ -152,16 +154,14 @@ class UserProviderImpl extends Authoriza private static final String DELIMITER = "/"; private final int defaultDepth; - private final String adminId; private final String groupPath; private final String userPath; - UserProviderImpl(ContentSession contentSession, Root root, UserConfig config) { - super(contentSession, root, config); + UserProviderImpl(Root root, UserConfig config) { + super(root, config); defaultDepth = config.getConfigValue(UserConfig.PARAM_DEFAULT_DEPTH, DEFAULT_DEPTH); - adminId = config.getAdminId(); groupPath = config.getConfigValue(UserConfig.PARAM_GROUP_PATH, DEFAULT_GROUP_PATH); userPath = config.getConfigValue(UserConfig.PARAM_USER_PATH, DEFAULT_USER_PATH); @@ -253,7 +253,39 @@ class UserProviderImpl extends Authoriza @Override public boolean isAdminUser(Tree userTree) { checkNotNull(userTree); - return adminId.equals(getAuthorizableId(userTree)); + return config.getAdminId().equals(getAuthorizableId(userTree)); + } + + @Override + public String getPassword(String userID) { + Tree userTree = getAuthorizable(userID, Type.USER); + if (userTree != null) { + NodeUtil n = new NodeUtil(userTree, valueFactory); + return n.getString(UserConstants.REP_PASSWORD, null); + } else { + return null; + } + } + + @Override + public void setPassword(Tree userTree, String password, boolean forceHash) throws RepositoryException { + if (password == null) { + log.debug("Password is null."); + return; + } + String pwHash; + if (forceHash || PasswordUtility.isPlainTextPassword(password)) { + try { + pwHash = PasswordUtility.buildPasswordHash(password, config); + } catch (NoSuchAlgorithmException e) { + throw new RepositoryException(e); + } catch (UnsupportedEncodingException e) { + throw new RepositoryException(e); + } + } else { + pwHash = password; + } + setProtectedProperty(userTree, UserConstants.REP_PASSWORD, pwHash, PropertyType.STRING); } @Override Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java Fri Oct 5 09:08:14 2012 @@ -23,7 +23,6 @@ import javax.jcr.Session; import org.apache.jackrabbit.api.security.principal.PrincipalManager; import org.apache.jackrabbit.api.security.user.UserManager; -import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; @@ -63,13 +62,13 @@ public class OpenSecurityProvider implem return new UserContext() { @Nonnull @Override - public UserProvider getUserProvider(ContentSession contentSession, Root root) { + public UserProvider getUserProvider(Root root) { throw new UnsupportedOperationException(); } @Nonnull @Override - public MembershipProvider getMembershipProvider(ContentSession contentSession, Root root) { + public MembershipProvider getMembershipProvider(Root root) { throw new UnsupportedOperationException(); } @@ -81,7 +80,7 @@ public class OpenSecurityProvider implem @Nonnull @Override - public UserManager getUserManager(Session session, ContentSession contentSession, Root root, NamePathMapper namePathMapper) { + public UserManager getUserManager(Session session, Root root, NamePathMapper namePathMapper) { throw new UnsupportedOperationException(); } }; @@ -93,13 +92,13 @@ public class OpenSecurityProvider implem return new PrincipalConfiguration() { @Nonnull @Override - public PrincipalManager getPrincipalManager(Session session, ContentSession contentSession, Root root, NamePathMapper namePathMapper) { + public PrincipalManager getPrincipalManager(Session session, Root root, NamePathMapper namePathMapper) { throw new UnsupportedOperationException(); } @Nonnull @Override - public PrincipalProvider getPrincipalProvider(ContentSession contentSession, Root root, NamePathMapper namePathMapper) { + public PrincipalProvider getPrincipalProvider(Root root, NamePathMapper namePathMapper) { return new OpenPrincipalProvider(); } }; Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java Fri Oct 5 09:08:14 2012 @@ -22,6 +22,7 @@ import java.util.Collections; import java.util.Map; import java.util.Set; import javax.annotation.CheckForNull; +import javax.annotation.Nonnull; import javax.jcr.Credentials; import javax.security.auth.Subject; import javax.security.auth.callback.Callback; @@ -30,7 +31,7 @@ import javax.security.auth.callback.Unsu import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; -import org.apache.jackrabbit.oak.api.ContentSession; +import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authentication.callback.CredentialsCallback; @@ -39,6 +40,7 @@ import org.apache.jackrabbit.oak.spi.sec import org.apache.jackrabbit.oak.spi.security.authentication.callback.SecurityProviderCallback; import org.apache.jackrabbit.oak.spi.security.principal.OpenPrincipalProvider; import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider; +import org.apache.jackrabbit.oak.spi.security.user.UserProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -69,6 +71,9 @@ public abstract class AbstractLoginModul protected CallbackHandler callbackHandler; protected Map sharedState; + private SecurityProvider securityProvider; + private Root root; + //--------------------------------------------------------< LoginModule >--- @Override public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { @@ -92,6 +97,7 @@ public abstract class AbstractLoginModul } //-------------------------------------------------------------------------- + @Nonnull protected abstract Set getSupportedCredentials(); @CheckForNull @@ -156,6 +162,7 @@ public abstract class AbstractLoginModul } + @Nonnull protected Set getPrincipals(String userID) { PrincipalProvider principalProvider = getPrincipalProvider(); if (principalProvider == null) { @@ -166,43 +173,73 @@ public abstract class AbstractLoginModul } } - private PrincipalProvider getPrincipalProvider() { - // TODO: replace fake pp to enable proper principal resolution. code below works but... + @CheckForNull + protected PrincipalProvider getPrincipalProvider() { + // TODO: replace fake pp to enable proper principal resolution. return new OpenPrincipalProvider(); // PrincipalProvider principalProvider = null; -// if (callbackHandler != null) { -// RepositoryCallback rcb = new RepositoryCallback(); -// SecurityProviderCallback scb = new SecurityProviderCallback(); +// +// SecurityProvider sp = getSecurityProvider(); +// Root r = getRoot(); +// if (root != null && securityProvider != null) { +// principalProvider = securityProvider.getPrincipalConfiguration().getPrincipalProvider(root, NamePathMapper.DEFAULT); +// } +// +// if (principalProvider == null && callbackHandler != null) { // try { -// callbackHandler.handle(new Callback[] {rcb, scb}); -// ContentSession contentSession = rcb.getContentSession(); -// SecurityProvider securityProvider = scb.getSecurityProvider(); -// if (contentSession != null && securityProvider != null) { -// // FIXME: getLatestRoot is unbearable slow. -// // FIXME: - either use a different Root that passed from the repo to the callback-handler or -// // FIXME: - fix mk such that retrieving the root is for free -// principalProvider = securityProvider.getPrincipalConfiguration(). -// getPrincipalProvider(contentSession, contentSession.getLatestRoot(), NamePathMapper.DEFAULT); -// } -// } catch (UnsupportedCallbackException e) { -// log.debug(e.getMessage()); +// PrincipalProviderCallback principalCallBack = new PrincipalProviderCallback(); +// callbackHandler.handle(new Callback[] {principalCallBack}); +// principalProvider = principalCallBack.getPrincipalProvider(); // } catch (IOException e) { // log.debug(e.getMessage()); +// } catch (UnsupportedCallbackException e) { +// log.debug(e.getMessage()); // } -// -// if (principalProvider == null) { -// try { -// PrincipalProviderCallback principalCallBack = new PrincipalProviderCallback(); -// callbackHandler.handle(new Callback[] {principalCallBack}); -// principalProvider = principalCallBack.getPrincipalProvider(); -// } catch (IOException e) { -// log.debug(e.getMessage()); -// } catch (UnsupportedCallbackException e) { -// log.debug(e.getMessage()); -// } -// } -// // } // return principalProvider; } + + @CheckForNull + protected UserProvider getUserProvider() { + return null; // TODO +// SecurityProvider sp = getSecurityProvider(); +// Root r = getRoot(); +// if (root != null && securityProvider != null) { +// return securityProvider.getUserContext().getUserProvider(root); +// } else { +// return null; +// } + } + + @CheckForNull + private SecurityProvider getSecurityProvider() { + if (securityProvider == null && callbackHandler != null) { + SecurityProviderCallback scb = new SecurityProviderCallback(); + try { + callbackHandler.handle(new Callback[] {scb}); + securityProvider = scb.getSecurityProvider(); + } catch (UnsupportedCallbackException e) { + log.debug(e.getMessage()); + } catch (IOException e) { + log.debug(e.getMessage()); + } + } + return securityProvider; + } + + @CheckForNull + private Root getRoot() { + if (root == null) { + RepositoryCallback rcb = new RepositoryCallback(); + try { + callbackHandler.handle(new Callback[] {rcb}); + root = rcb.getRoot(); + } catch (UnsupportedCallbackException e) { + log.debug(e.getMessage()); + } catch (IOException e) { + log.debug(e.getMessage()); + } + } + return root; + } } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java Fri Oct 5 09:08:14 2012 @@ -47,7 +47,7 @@ import org.slf4j.LoggerFactory; *
  • Try to retrieve JCR credentials from the {@link CallbackHandler} using * the {@link CredentialsCallback}
    • *
  • In case no credentials could be obtained it pushes a new instance of - * {@link GuestCredentials} to the shared stated. Subsequent login module + * {@link GuestCredentials} to the shared stated. Subsequent login modules * in the authentication process may retrieve the {@link GuestCredentials} * instead of failing to obtain any credentials.
    • * @@ -116,7 +116,7 @@ public class GuestLoginModule implements @Override public boolean commit() throws LoginException { - if (guestCredentials != null) { + if (guestCredentials != null && !subject.isReadOnly()) { subject.getPublicCredentials().add(guestCredentials); subject.getPrincipals().add(EveryonePrincipal.getInstance()); } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java Fri Oct 5 09:08:14 2012 @@ -21,7 +21,7 @@ import javax.jcr.NoSuchWorkspaceExceptio import javax.security.auth.callback.Callback; import javax.security.auth.login.LoginException; -import org.apache.jackrabbit.oak.api.ContentSession; +import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.core.ContentRepositoryImpl; import org.apache.jackrabbit.oak.spi.security.OpenSecurityProvider; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; @@ -49,12 +49,14 @@ public class RepositoryCallback implemen } @CheckForNull - public ContentSession getContentSession() { + public Root getRoot() { if (nodeStore != null) { try { - // TODO rather use Oak or similar setup mechanism + // FIXME: need a direct and fast way to create Root from the node store + // FIXME: - without login + // FIXME: - without ContentSession#getLatestRoot which is unbearably slow SecurityProvider sp = new OpenSecurityProvider(); - return new ContentRepositoryImpl(nodeStore, null, sp).login(null, workspaceName); + return new ContentRepositoryImpl(nodeStore, null, sp).login(null, workspaceName).getLatestRoot(); } catch (LoginException e) { log.warn("Internal error ", e.getMessage()); } catch (NoSuchWorkspaceException e) { Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java Fri Oct 5 09:08:14 2012 @@ -30,8 +30,8 @@ import org.apache.jackrabbit.oak.namepat public interface PrincipalConfiguration { @Nonnull - public PrincipalManager getPrincipalManager(Session session, ContentSession contentSession, Root root, NamePathMapper namePathMapper); + public PrincipalManager getPrincipalManager(Session session, Root root, NamePathMapper namePathMapper); @Nonnull - public PrincipalProvider getPrincipalProvider(ContentSession contentSession, Root root, NamePathMapper namePathMapper); + public PrincipalProvider getPrincipalProvider(Root root, NamePathMapper namePathMapper); } \ No newline at end of file Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java Fri Oct 5 09:08:14 2012 @@ -129,8 +129,21 @@ public class PasswordUtility { * * @param hashedPassword Password hash. * @param password The password to compare. - * @return If the hash of the specified {@code password} equals the given - * {@code hashedPassword} string. + * @return If the hash created from the specified {@code password} equals + * the given {@code hashedPassword} string. + */ + public static boolean isSame(String hashedPassword, char[] password) { + return isSame(hashedPassword, String.valueOf(password)); + } + + /** + * Returns {@code true} if hash of the specified {@code password} equals the + * given hashed password. + * + * @param hashedPassword Password hash. + * @param password The password to compare. + * @return If the hash created from the specified {@code password} equals + * the given {@code hashedPassword} string. */ public static boolean isSame(String hashedPassword, String password) { try { Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java Fri Oct 5 09:08:14 2012 @@ -37,6 +37,14 @@ public class UserConfig { private static final Logger log = LoggerFactory.getLogger(UserConfig.class); /** + * Configuration option defining the ID of the anonymous user. The ID + * might be {@code null} of no anonymous user exists. In this case + * Session#getUserID() may return {@code null} if it has been obtained + * using {@link javax.jcr.GuestCredentials}. + */ + public static final String PARAM_ANONYMOUS_ID = "anonymousId"; + + /** * Configuration option to define the path underneath which user nodes * are being created. */ @@ -104,6 +112,10 @@ public class UserConfig { return adminId; } + public String getAnonymousId() { + return getConfigValue(PARAM_ANONYMOUS_ID, null); + } + public T getConfigValue(String key, T defaultValue) { if (options != null && options.containsKey(key)) { return convert(options.get(key), defaultValue); Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java Fri Oct 5 09:08:14 2012 @@ -21,7 +21,6 @@ import javax.annotation.Nonnull; import javax.jcr.Session; import org.apache.jackrabbit.api.security.user.UserManager; -import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; @@ -32,14 +31,14 @@ import org.apache.jackrabbit.oak.spi.com public interface UserContext { @Nonnull - UserProvider getUserProvider(ContentSession contentSession, Root root); + UserProvider getUserProvider(Root root); @Nonnull - MembershipProvider getMembershipProvider(ContentSession contentSession, Root root); + MembershipProvider getMembershipProvider(Root root); @Nonnull List getValidatorProviders(); @Nonnull - UserManager getUserManager(Session session, ContentSession contentSession, Root root, NamePathMapper namePathMapper); + UserManager getUserManager(Session session, Root root, NamePathMapper namePathMapper); } \ No newline at end of file Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java Fri Oct 5 09:08:14 2012 @@ -83,6 +83,27 @@ public interface UserProvider { boolean isAdminUser(Tree userTree); + /** + * Returns the password hash for the user with the specified ID or {@code null} + * if the user does not exist or if the hash is not accessible for the editing + * session. + * + * @param userID The id of a user. + * @return the password hash or {@code null}. + */ + String getPassword(String userID); + + /** + * Set the password for the user identified by the specified {@code userTree}. + * + * @param userTree The tree representing the user. + * @param password The plaintext password to set. + * @param forceHash If true the specified password needs to be hashed irrespective + * of it's format. + * @throws javax.jcr.RepositoryException If an error occurs + */ + void setPassword(Tree userTree, String password, boolean forceHash) throws RepositoryException; + void setProtectedProperty(Tree authorizableTree, String propertyName, String value, int propertyType); void setProtectedProperty(Tree v, String propertyName, String[] values, int propertyType); Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java Fri Oct 5 09:08:14 2012 @@ -30,7 +30,6 @@ import javax.jcr.ValueFactory; import com.google.common.collect.Iterables; import com.google.common.collect.Lists; import org.apache.jackrabbit.JcrConstants; -import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.CoreValue; import org.apache.jackrabbit.oak.api.CoreValueFactory; import org.apache.jackrabbit.oak.api.PropertyState; @@ -75,10 +74,6 @@ public class NodeUtil { this(tree, factory, NamePathMapper.DEFAULT); } - public NodeUtil(Tree tree, ContentSession contentSession) { - this(tree, contentSession.getCoreValueFactory()); - } - public NodeUtil(Tree tree) { this(tree, MemoryValueFactory.INSTANCE); } Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/query/AbstractQueryTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/query/AbstractQueryTest.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/query/AbstractQueryTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/query/AbstractQueryTest.java Fri Oct 5 09:08:14 2012 @@ -43,9 +43,9 @@ public abstract class AbstractQueryTest public void before() throws Exception { super.before(); session = createAdminSession(); - vf = session.getCoreValueFactory(); root = session.getLatestRoot(); qe = root.getQueryEngine(); + vf = root.getValueFactory(); } protected Result executeQuery(String statement, String language, HashMap sv) throws ParseException { Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java Fri Oct 5 09:08:14 2012 @@ -108,13 +108,13 @@ public class UserProviderImplTest extend } private UserProvider createUserProvider() { - return new UserProviderImpl(contentSession, root, defaultConfig); + return new UserProviderImpl(root, defaultConfig); } private UserProvider createUserProvider(int defaultDepth) { Map options = new HashMap(customOptions); options.put(UserConfig.PARAM_DEFAULT_DEPTH, defaultDepth); - return new UserProviderImpl(contentSession, root, new UserConfig("admin", options, Collections.emptySet())); + return new UserProviderImpl(root, new UserConfig("admin", options, Collections.emptySet())); } @Test Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/util/JsopUtilTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/util/JsopUtilTest.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/util/JsopUtilTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/util/JsopUtilTest.java Fri Oct 5 09:08:14 2012 @@ -43,7 +43,7 @@ public class JsopUtilTest extends Abstra super.before(); session = createAdminSession(); root = session.getLatestRoot(); - vf = session.getCoreValueFactory(); + vf = root.getValueFactory(); } @Override Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java?rev=1394418&r1=1394417&r2=1394418&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java (original) +++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java Fri Oct 5 09:08:14 2012 @@ -477,7 +477,7 @@ public class SessionDelegate { @Nonnull PrincipalManager getPrincipalManager() throws RepositoryException { if (securityProvider != null) { - return securityProvider.getPrincipalConfiguration().getPrincipalManager(session, contentSession, root, getNamePathMapper()); + return securityProvider.getPrincipalConfiguration().getPrincipalManager(session, root, getNamePathMapper()); } else { throw new UnsupportedRepositoryOperationException("Principal management not supported."); } @@ -486,7 +486,7 @@ public class SessionDelegate { @Nonnull UserManager getUserManager() throws UnsupportedRepositoryOperationException { if (securityProvider != null) { - return securityProvider.getUserContext().getUserManager(session, contentSession, root, getNamePathMapper()); + return securityProvider.getUserContext().getUserManager(session, root, getNamePathMapper()); } else { throw new UnsupportedRepositoryOperationException("User management not supported."); }