jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1406946 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/ oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/nodetype/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/ oak-core/src/main...
Date Thu, 08 Nov 2012 07:57:04 GMT
Author: angela
Date: Thu Nov  8 07:57:03 2012
New Revision: 1406946

URL: http://svn.apache.org/viewvc?rev=1406946&view=rev
Log:
OAK-64 : Privilege Management (WIP)

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionProviderImpl.java
      - copied, changed from r1406500, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializer.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
  (contents, props changed)
      - copied, changed from r1406500, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeDefinitionProvider.java
      - copied, changed from r1406500, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeProvider.java
Removed:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeProvider.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/nodetype/NodeTypeConstants.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeRegistrationTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java?rev=1406946&r1=1406945&r2=1406946&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java Thu Nov
 8 07:57:03 2012
@@ -164,12 +164,9 @@ public class Oak {
     @Nonnull
     public Oak with(@Nonnull SecurityProvider securityProvider) {
         this.securityProvider = securityProvider;
-        try {
-            for (SecurityConfiguration sc : securityProvider.getSecurityConfigurations())
{
-                validatorProviders.addAll(sc.getValidatorProviders());
-            }
-        } catch (UnsupportedOperationException e) {
-            log.info(e.getMessage());
+        for (SecurityConfiguration sc : securityProvider.getSecurityConfigurations()) {
+            validatorProviders.addAll(sc.getValidatorProviders());
+            initializers.add(sc.getRepositoryInitializer());
         }
         return this;
     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/nodetype/NodeTypeConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/nodetype/NodeTypeConstants.java?rev=1406946&r1=1406945&r2=1406946&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/nodetype/NodeTypeConstants.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/nodetype/NodeTypeConstants.java
Thu Nov  8 07:57:03 2012
@@ -33,6 +33,12 @@ public interface NodeTypeConstants exten
     String JCR_AVAILABLE_QUERY_OPERATORS = "jcr:availableQueryOperators";
 
     /**
+     * Constants for built-in repository defined node type names
+     */
+    String NT_REP_ROOT = "rep:root";
+    String NT_REP_SYSTEM = "rep:system";
+
+    /**
      * Additinal name constants not present in JcrConstants
      */
     String JCR_CREATEDBY = "jcr:createdBy";

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java?rev=1406946&r1=1406945&r2=1406946&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
Thu Nov  8 07:57:03 2012
@@ -25,10 +25,10 @@ import org.apache.jackrabbit.oak.api.Con
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
 import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeManagerImpl;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeProvider;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinitionProvider;
 
 /**
  * PrivilegeConfigurationImpl... TODO
@@ -36,14 +36,20 @@ import org.apache.jackrabbit.oak.spi.sec
 public class PrivilegeConfigurationImpl extends SecurityConfiguration.Default implements
PrivilegeConfiguration {
 
     @Override
-    public PrivilegeProvider getPrivilegeProvider(ContentSession contentSession, Root root)
{
-        return new PrivilegeRegistry(contentSession, root);
+    public PrivilegeDefinitionProvider getPrivilegeDefinitionProvider(ContentSession contentSession,
Root root) {
+        return new PrivilegeDefinitionProviderImpl(contentSession, root);
     }
 
     @Nonnull
     @Override
     public PrivilegeManager getPrivilegeManager(ContentSession contentSession, Root root,
NamePathMapper namePathMapper) {
-        return new PrivilegeManagerImpl(root, getPrivilegeProvider(contentSession, root),
namePathMapper);
+        return new PrivilegeManagerImpl(root, getPrivilegeDefinitionProvider(contentSession,
root), namePathMapper);
+    }
+
+    @Nonnull
+    @Override
+    public RepositoryInitializer getRepositoryInitializer() {
+        return new PrivilegeInitializer();
     }
 
     @Override

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionImpl.java?rev=1406946&r1=1406945&r2=1406946&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionImpl.java
Thu Nov  8 07:57:03 2012
@@ -36,14 +36,16 @@ class PrivilegeDefinitionImpl implements
                             Set<String> declaredAggregateNames) {
         this.name = name;
         this.isAbstract = isAbstract;
-        this.declaredAggregateNames = declaredAggregateNames;
+        this.declaredAggregateNames = ImmutableSet.copyOf(declaredAggregateNames);
     }
 
     PrivilegeDefinitionImpl(String name, boolean isAbstract,
                             String... declaredAggregateNames) {
-        this(name, isAbstract, (declaredAggregateNames == null) ?
+        this.name = name;
+        this.isAbstract = isAbstract;
+        this.declaredAggregateNames = (declaredAggregateNames == null) ?
                 Collections.<String>emptySet() :
-                ImmutableSet.copyOf(declaredAggregateNames));
+                ImmutableSet.copyOf(declaredAggregateNames);
     }
 
     //------------------------------------------------< PrivilegeDefinition >---

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionProviderImpl.java
(from r1406500, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionProviderImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionProviderImpl.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java&r1=1406500&r2=1406946&rev=1406946&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionProviderImpl.java
Thu Nov  8 07:57:03 2012
@@ -16,95 +16,48 @@
  */
 package org.apache.jackrabbit.oak.security.privilege;
 
-import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
-
 import javax.annotation.Nonnull;
 import javax.jcr.RepositoryException;
 
-import org.apache.jackrabbit.oak.api.CommitFailedException;
 import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeProvider;
-import org.apache.jackrabbit.oak.util.NodeUtil;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinitionProvider;
 
 /**
- * PrivilegeRegistry... TODO
- *
+ * PrivilegeDefinitionProviderImpl... TODO
  *
- * TODO: define if/how built-in privileges are reflected in the mk
- * TODO: define if custom privileges are read with editing content session (thus enforcing
read permissions)
+ * TODO: review if jcr:all should be present in the content as well (updated in the privilege
commit validator)
  */
-public class PrivilegeRegistry implements PrivilegeProvider, PrivilegeConstants {
-
-    private static final Map<String, String[]> AGGREGATE_PRIVILEGES = new HashMap<String,String[]>();
-    static {
-        AGGREGATE_PRIVILEGES.put(JCR_READ, AGGR_JCR_READ);
-        AGGREGATE_PRIVILEGES.put(JCR_MODIFY_PROPERTIES, AGGR_JCR_MODIFY_PROPERTIES);
-        AGGREGATE_PRIVILEGES.put(JCR_WRITE, AGGR_JCR_WRITE);
-        AGGREGATE_PRIVILEGES.put(REP_WRITE, AGGR_REP_WRITE);
-    }
+class PrivilegeDefinitionProviderImpl implements PrivilegeDefinitionProvider, PrivilegeConstants
{
 
     private final ContentSession contentSession;
     private final Root root;
 
-    private final Map<String, PrivilegeDefinition> definitions;
-
-    public PrivilegeRegistry(ContentSession contentSession, Root root) {
+    PrivilegeDefinitionProviderImpl(ContentSession contentSession, Root root) {
         this.contentSession = contentSession;
         this.root = root;
-        this.definitions = getAllDefinitions(new PrivilegeDefinitionReader(root));
-    }
-
-    static Map<String, PrivilegeDefinition> getAllDefinitions(PrivilegeDefinitionReader
reader) {
-        Map<String, PrivilegeDefinition> definitions = new HashMap<String, PrivilegeDefinition>();
-        for (String privilegeName : NON_AGGR_PRIVILEGES) {
-            PrivilegeDefinition def = new PrivilegeDefinitionImpl(privilegeName, false);
-            definitions.put(privilegeName, def);
-        }
-
-        for (String privilegeName : AGGREGATE_PRIVILEGES.keySet()) {
-            PrivilegeDefinition def = new PrivilegeDefinitionImpl(privilegeName, false, AGGREGATE_PRIVILEGES.get(privilegeName));
-            definitions.put(privilegeName, def);
-        }
-
-        updateCustomDefinitions(reader, definitions);
-        updateJcrAllPrivilege(definitions);
-
-        return definitions;
-    }
-
-    private static void updateCustomDefinitions(PrivilegeDefinitionReader reader, Map<String,
PrivilegeDefinition> definitions) {
-        definitions.putAll(reader.readDefinitions());
-    }
-
-    private static void updateJcrAllPrivilege(Map<String, PrivilegeDefinition> definitions)
{
-        Map<String, PrivilegeDefinition> m = new HashMap<String, PrivilegeDefinition>(definitions);
-        m.remove(JCR_ALL);
-        definitions.put(JCR_ALL, new PrivilegeDefinitionImpl(JCR_ALL, false, m.keySet()));
     }
 
     //--------------------------------------------------< PrivilegeProvider >---
-    @Override
-    public void refresh() {
-        // re-read the definitions (TODO: evaluate if it was better to always read privileges
on demand only.)
-        updateCustomDefinitions(new PrivilegeDefinitionReader(root), definitions);
-        updateJcrAllPrivilege(definitions);
-    }
 
-    @Nonnull
     @Override
     public PrivilegeDefinition[] getPrivilegeDefinitions() {
+        Map<String, PrivilegeDefinition> definitions = getReader().readDefinitions();
+        definitions.put(JCR_ALL, getJcrAllDefinition(definitions));
         return definitions.values().toArray(new PrivilegeDefinition[definitions.size()]);
     }
 
     @Override
     public PrivilegeDefinition getPrivilegeDefinition(String name) {
-        return definitions.get(name);
+        if (JCR_ALL.equals(name)) {
+            return getJcrAllDefinition(getReader().readDefinitions());
+        } else {
+            return getReader().readDefinition(name);
+        }
     }
 
     @Override
@@ -114,50 +67,23 @@ public class PrivilegeRegistry implement
             throws RepositoryException {
 
         PrivilegeDefinition definition = new PrivilegeDefinitionImpl(privilegeName, isAbstract,
declaredAggregateNames);
-        internalRegisterDefinitions(definition);
+        PrivilegeDefinitionWriter writer = new PrivilegeDefinitionWriter(contentSession.getLatestRoot());
+        writer.writeDefinition(definition);
+
+        // refresh the current root to make sure the definition is visible
+        root.refresh();
+
         return definition;
     }
 
     //------------------------------------------------------------< private >---
 
-    private void internalRegisterDefinitions(PrivilegeDefinition toRegister) throws RepositoryException
{
-        Root latestRoot = contentSession.getLatestRoot();
-        try {
-            // make sure the privileges path is defined
-            Tree privilegesTree = latestRoot.getTree(PRIVILEGES_PATH);
-            if (privilegesTree == null) {
-                throw new RepositoryException("Repository doesn't contain node " + PRIVILEGES_PATH);
-            }
-
-            NodeUtil privilegesNode = new NodeUtil(privilegesTree);
-            writeDefinition(privilegesNode, toRegister);
-
-            // delegate validation to the commit validation (see above)
-            latestRoot.commit();
-
-        } catch (CommitFailedException e) {
-            Throwable t = e.getCause();
-            if (t instanceof RepositoryException) {
-                throw (RepositoryException) t;
-            } else {
-                throw new RepositoryException(e.getMessage());
-            }
-        }
-
-        root.refresh();
-        definitions.put(toRegister.getName(), toRegister);
-        updateJcrAllPrivilege(definitions);
+    private PrivilegeDefinitionReader getReader() {
+        return new PrivilegeDefinitionReader(root);
     }
 
-    private void writeDefinition(NodeUtil privilegesNode, PrivilegeDefinition definition)
{
-        NodeUtil privNode = privilegesNode.addChild(definition.getName(), NT_REP_PRIVILEGE);
-        if (definition.isAbstract()) {
-            privNode.setBoolean(REP_IS_ABSTRACT, true);
-        }
-        Set<String> declAggrNames = definition.getDeclaredAggregateNames();
-        if (!declAggrNames.isEmpty()) {
-            String[] names = definition.getDeclaredAggregateNames().toArray(new String[declAggrNames.size()]);
-            privNode.setNames(REP_AGGREGATES, names);
-        }
+    @Nonnull
+    private static PrivilegeDefinition getJcrAllDefinition(Map<String, PrivilegeDefinition>
definitions) {
+        return new PrivilegeDefinitionImpl(JCR_ALL, false, definitions.keySet());
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java?rev=1406946&r1=1406945&r2=1406946&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java
Thu Nov  8 07:57:03 2012
@@ -25,6 +25,8 @@ import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import javax.annotation.CheckForNull;
+import javax.annotation.Nonnull;
 import javax.jcr.NamespaceRegistry;
 import javax.jcr.RepositoryException;
 import javax.xml.parsers.DocumentBuilder;
@@ -65,6 +67,7 @@ class PrivilegeDefinitionReader {
         this(root.getTree(PRIVILEGES_PATH));
     }
 
+    @Nonnull
     Map<String, PrivilegeDefinition> readDefinitions() {
         Map<String, PrivilegeDefinition> definitions = new HashMap<String, PrivilegeDefinition>();
         if (privilegesTree != null) {
@@ -76,7 +79,14 @@ class PrivilegeDefinitionReader {
         return definitions;
     }
 
-    PrivilegeDefinition readDefinition(Tree definitionTree) {
+    @CheckForNull
+    PrivilegeDefinition readDefinition(String privilegeName) {
+        Tree definitionTree = privilegesTree.getChild(privilegeName);
+        return (definitionTree == null) ? null : readDefinition(definitionTree);
+    }
+
+    @Nonnull
+    static PrivilegeDefinition readDefinition(Tree definitionTree) {
         NodeUtil n = new NodeUtil(definitionTree);
         String name = n.getName();
         boolean isAbstract = n.getBoolean(REP_IS_ABSTRACT);
@@ -111,8 +121,6 @@ class PrivilegeDefinitionReader {
         return definitions.values().toArray(new PrivilegeDefinition[definitions.size()]);
     }
 
-
-
     //--------------------------------------------------------------------------
     /**
      * The {@code PrivilegeXmlHandler} loads privilege definitions from a XML

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java?rev=1406946&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
Thu Nov  8 07:57:03 2012
@@ -0,0 +1,94 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.privilege;
+
+import java.util.Collections;
+import java.util.Set;
+import javax.jcr.RepositoryException;
+
+import org.apache.jackrabbit.oak.api.CommitFailedException;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
+import org.apache.jackrabbit.oak.util.NodeUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * PrivilegeDefinitionWriter... TODO
+ */
+class PrivilegeDefinitionWriter implements PrivilegeConstants {
+
+    /**
+     * logger instance
+     */
+    private static final Logger log = LoggerFactory.getLogger(PrivilegeDefinitionWriter.class);
+
+    private final Root root;
+
+    PrivilegeDefinitionWriter(Root root) {
+        this.root = root;
+    }
+
+    void writeDefinition(PrivilegeDefinition definition) throws RepositoryException {
+        writeDefinitions(Collections.singleton(definition));
+    }
+
+    void writeDefinitions(Set<PrivilegeDefinition> definitions) throws RepositoryException
{
+        try {
+            // make sure the privileges path is defined
+            Tree privilegesTree = root.getTree(PRIVILEGES_PATH);
+            if (privilegesTree == null) {
+                throw new RepositoryException("Repository doesn't contain node " + PRIVILEGES_PATH);
+            }
+
+            NodeUtil privilegesNode = new NodeUtil(privilegesTree);
+            for (PrivilegeDefinition definition : definitions) {
+                writePrivilegeNode(privilegesNode, definition);
+            }
+
+            // delegate validation to the commit validation (see above)
+            root.commit();
+
+        } catch (CommitFailedException e) {
+            Throwable t = e.getCause();
+            if (t instanceof RepositoryException) {
+                throw (RepositoryException) t;
+            } else {
+                throw new RepositoryException(e.getMessage());
+            }
+        }
+    }
+
+    private static void writePrivilegeNode(NodeUtil privilegesNode, PrivilegeDefinition definition)
throws RepositoryException {
+        String name = definition.getName();
+        if (privilegesNode.hasChild(definition.getName())) {
+            throw new RepositoryException("Privilege definition with name '"+name+"' already
exists.");
+        }
+
+        NodeUtil privNode = privilegesNode.addChild(name, NT_REP_PRIVILEGE);
+        if (definition.isAbstract()) {
+            privNode.setBoolean(REP_IS_ABSTRACT, true);
+        }
+        Set<String> declAggrNames = definition.getDeclaredAggregateNames();
+        if (!declAggrNames.isEmpty()) {
+            String[] names = definition.getDeclaredAggregateNames().toArray(new String[declAggrNames.size()]);
+            privNode.setNames(REP_AGGREGATES, names);
+        }
+    }
+}
\ No newline at end of file

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializer.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializer.java?rev=1406946&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializer.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializer.java
Thu Nov  8 07:57:03 2012
@@ -0,0 +1,98 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.privilege;
+
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import javax.jcr.RepositoryException;
+
+import org.apache.jackrabbit.JcrConstants;
+import org.apache.jackrabbit.oak.api.CommitFailedException;
+import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.core.RootImpl;
+import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
+import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
+import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
+import org.apache.jackrabbit.oak.spi.state.NodeStore;
+import org.apache.jackrabbit.oak.spi.state.NodeStoreBranch;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * PrivilegeInitializer... TODO
+ */
+class PrivilegeInitializer implements RepositoryInitializer, PrivilegeConstants {
+
+    /**
+     * logger instance
+     */
+    private static final Logger log = LoggerFactory.getLogger(PrivilegeInitializer.class);
+
+    private static final Map<String, String[]> AGGREGATE_PRIVILEGES = new HashMap<String,String[]>();
+    static {
+        AGGREGATE_PRIVILEGES.put(JCR_READ, AGGR_JCR_READ);
+        AGGREGATE_PRIVILEGES.put(JCR_MODIFY_PROPERTIES, AGGR_JCR_MODIFY_PROPERTIES);
+        AGGREGATE_PRIVILEGES.put(JCR_WRITE, AGGR_JCR_WRITE);
+        AGGREGATE_PRIVILEGES.put(REP_WRITE, AGGR_REP_WRITE);
+    }
+
+    @Override
+    public void initialize(NodeStore store) {
+        NodeStoreBranch branch = store.branch();
+
+        NodeBuilder root = branch.getRoot().builder();
+        NodeBuilder system = root.child(JcrConstants.JCR_SYSTEM);
+        system.setProperty(JcrConstants.JCR_PRIMARYTYPE, NodeTypeConstants.NT_REP_SYSTEM,
Type.NAME);
+
+        NodeBuilder privileges = system.child(REP_PRIVILEGES);
+        privileges.setProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_PRIVILEGES, Type.NAME);
+
+        try {
+            branch.setRoot(root.getNodeState());
+            branch.merge();
+        } catch (CommitFailedException e) {
+            log.error("Failed to initialize privilege content ", e);
+            throw new RuntimeException(e);
+        }
+
+        PrivilegeDefinitionWriter writer = new PrivilegeDefinitionWriter(new RootImpl(store));
+        try {
+            writer.writeDefinitions(getBuiltInDefinitions());
+        } catch (RepositoryException e) {
+            log.error("Failed to register built-in privileges", e);
+            throw new RuntimeException(e);
+        }
+    }
+
+    Set<PrivilegeDefinition> getBuiltInDefinitions() {
+        Set<PrivilegeDefinition> definitions = new HashSet<PrivilegeDefinition>();
+        for (String privilegeName : NON_AGGR_PRIVILEGES) {
+            PrivilegeDefinition def = new PrivilegeDefinitionImpl(privilegeName, false);
+            definitions.add(def);
+        }
+        for (String privilegeName : AGGREGATE_PRIVILEGES.keySet()) {
+            PrivilegeDefinition def = new PrivilegeDefinitionImpl(privilegeName, false, AGGREGATE_PRIVILEGES.get(privilegeName));
+            definitions.add(def);
+        }
+        return definitions;
+    }
+}
\ No newline at end of file

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
(from r1406500, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeManagerImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeManagerImpl.java&r1=1406500&r2=1406946&rev=1406946&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
Thu Nov  8 07:57:03 2012
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.jackrabbit.oak.spi.security.privilege;
+package org.apache.jackrabbit.oak.security.privilege;
 
 import java.util.Arrays;
 import java.util.Collections;
@@ -29,6 +29,8 @@ import javax.jcr.security.Privilege;
 import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinitionProvider;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -45,19 +47,14 @@ public class PrivilegeManagerImpl implem
     private final Root root;
     private final NamePathMapper namePathMapper;
 
-    private final PrivilegeProvider provider;
+    private final PrivilegeDefinitionProvider provider;
 
-    public PrivilegeManagerImpl(Root root, PrivilegeProvider provider, NamePathMapper namePathMapper)
{
+    public PrivilegeManagerImpl(Root root, PrivilegeDefinitionProvider provider, NamePathMapper
namePathMapper) {
         this.root = root;
         this.namePathMapper = namePathMapper;
         this.provider = provider;
     }
 
-    // TODO: review
-    public void refresh() {
-        provider.refresh();
-    }
-
     @Override
     public Privilege[] getRegisteredPrivileges() throws RepositoryException {
         Set<Privilege> privileges = new HashSet<Privilege>();

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java?rev=1406946&r1=1406945&r2=1406946&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java
Thu Nov  8 07:57:03 2012
@@ -42,7 +42,7 @@ public class PrivilegeMigrator {
      * @throws RepositoryException
      */
     public void migrateCustomPrivileges() throws RepositoryException {
-        PrivilegeRegistry pr = new PrivilegeRegistry(contentSession, contentSession.getLatestRoot());
+        PrivilegeDefinitionProviderImpl pr = new PrivilegeDefinitionProviderImpl(contentSession,
contentSession.getLatestRoot());
         InputStream stream = null;
         // TODO: order custom privileges such that validation succeeds.
         // FIXME: user proper path to jr2 custom privileges stored in fs

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java?rev=1406946&r1=1406945&r2=1406946&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
Thu Nov  8 07:57:03 2012
@@ -52,7 +52,7 @@ class PrivilegeValidator implements Priv
 
         if (privilegesBefore != null) {
             reader = new PrivilegeDefinitionReader(privilegesBefore);
-            definitions = PrivilegeRegistry.getAllDefinitions(reader);
+            definitions = reader.readDefinitions();
         } else {
             reader = null;
             definitions = null;

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java?rev=1406946&r1=1406945&r2=1406946&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
Thu Nov  8 07:57:03 2012
@@ -22,6 +22,8 @@ import javax.annotation.Nonnull;
 
 import org.apache.jackrabbit.oak.spi.commit.Observer;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+import org.apache.jackrabbit.oak.spi.lifecycle.CompositeInitializer;
+import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
 import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
 
 /**
@@ -33,6 +35,9 @@ public interface SecurityConfiguration {
     ConfigurationParameters getConfigurationParameters();
 
     @Nonnull
+    RepositoryInitializer getRepositoryInitializer();
+
+    @Nonnull
     List<ValidatorProvider> getValidatorProviders();
 
     @Nonnull
@@ -54,6 +59,12 @@ public interface SecurityConfiguration {
 
         @Nonnull
         @Override
+        public RepositoryInitializer getRepositoryInitializer() {
+            return new CompositeInitializer(Collections.<RepositoryInitializer>emptyList());
+        }
+
+        @Nonnull
+        @Override
         public List<ValidatorProvider> getValidatorProviders() {
             return Collections.emptyList();
         }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java?rev=1406946&r1=1406945&r2=1406946&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java
Thu Nov  8 07:57:03 2012
@@ -30,7 +30,7 @@ import org.apache.jackrabbit.oak.spi.sec
 public interface PrivilegeConfiguration extends SecurityConfiguration {
 
     @Nonnull
-    PrivilegeProvider getPrivilegeProvider(ContentSession contentSession, Root root);
+    PrivilegeDefinitionProvider getPrivilegeDefinitionProvider(ContentSession contentSession,
Root root);
 
     @Nonnull
     PrivilegeManager getPrivilegeManager(ContentSession contentSession, Root root, NamePathMapper
namePathMapper);

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeDefinitionProvider.java
(from r1406500, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeProvider.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeDefinitionProvider.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeDefinitionProvider.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeProvider.java&r1=1406500&r2=1406946&rev=1406946&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeDefinitionProvider.java
Thu Nov  8 07:57:03 2012
@@ -17,21 +17,14 @@
 package org.apache.jackrabbit.oak.spi.security.privilege;
 
 import java.util.Set;
+import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
 import javax.jcr.RepositoryException;
 
-import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
-
 /**
- * PrivilegeProvider... TODO
+ * PrivilegeDefinitionProvider... TODO
  */
-public interface PrivilegeProvider {
-
-    /**
-     * Refresh this privilege provider.
-     */
-    void refresh();
+public interface PrivilegeDefinitionProvider {
 
     /**
      * Returns all privilege definitions accessible to this provider.
@@ -49,7 +42,7 @@ public interface PrivilegeProvider {
      * @return The privilege definition with the given name or {@code null} if
      * no such definition exists.
      */
-    @Nullable
+    @CheckForNull
     PrivilegeDefinition getPrivilegeDefinition(String name);
 
     /**
@@ -63,5 +56,6 @@ public interface PrivilegeProvider {
      * @return The new definition.
      * @throws RepositoryException If the definition could not be registered.
      */
+    @Nonnull
     PrivilegeDefinition registerDefinition(String privilegeName, boolean isAbstract, Set<String>
declaredAggregateNames) throws RepositoryException;
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java?rev=1406946&r1=1406945&r2=1406946&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
Thu Nov  8 07:57:03 2012
@@ -51,7 +51,6 @@ import org.apache.jackrabbit.oak.plugins
 import org.apache.jackrabbit.oak.plugins.nodetype.EffectiveNodeTypeProvider;
 import org.apache.jackrabbit.oak.plugins.observation.ObservationManagerImpl;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeManagerImpl;
 import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -253,10 +252,6 @@ public class SessionDelegate {
             root.refresh();
         }
         revision++;
-        // TODO: improve
-        if (privilegeManager != null && privilegeManager instanceof PrivilegeManagerImpl)
{
-            ((PrivilegeManagerImpl) privilegeManager).refresh();
-        }
     }
 
     /**

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerTest.java?rev=1406946&r1=1406945&r2=1406946&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerTest.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerTest.java
Thu Nov  8 07:57:03 2012
@@ -59,7 +59,7 @@ public class PrivilegeManagerTest extend
         set.addAll(Arrays.asList(all.getAggregatePrivileges()));
 
         for (Privilege p : registered) {
-            assertTrue(set.remove(p));
+            assertTrue(p.getName(), set.remove(p));
         }
         assertTrue(set.isEmpty());
     }

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeRegistrationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeRegistrationTest.java?rev=1406946&r1=1406945&r2=1406946&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeRegistrationTest.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeRegistrationTest.java
Thu Nov  8 07:57:03 2012
@@ -146,6 +146,15 @@ public class PrivilegeRegistrationTest e
                 // success
             }
         }
+
+        for (String builtInName : builtIns.keySet()) {
+            try {
+                privilegeManager.registerPrivilege(builtInName, true, builtIns.get(builtInName));
+                fail("Privilege name " +builtInName+ " already in use -> Exception expected");
+            } catch (RepositoryException e) {
+                // success
+            }
+        }
     }
 
     @Test



Mime
View raw message