jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1407477 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak: core/ security/ security/authorization/ spi/security/ spi/security/authentication/callback/ spi/security/authorization/ spi/security/user/
Date Fri, 09 Nov 2012 14:56:59 GMT
Author: angela
Date: Fri Nov  9 14:56:57 2012
New Revision: 1407477

URL: http://svn.apache.org/viewvc?rev=1407477&view=rev
Log:
OAK-51 : Implement JCR Access Control Management

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
  (contents, props changed)
      - copied, changed from r1407386, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java
  (contents, props changed)
      - copied, changed from r1407386, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java
  (contents, props changed)
      - copied, changed from r1407386, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java
Removed:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java?rev=1407477&r1=1407476&r2=1407477&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
Fri Nov  9 14:56:57 2012
@@ -30,7 +30,7 @@ import org.apache.jackrabbit.oak.spi.que
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContext;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
 import org.apache.jackrabbit.oak.spi.state.NodeStore;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -88,8 +88,8 @@ public class ContentRepositoryImpl imple
         LoginContext loginContext = lcProvider.getLoginContext(credentials, workspaceName);
         loginContext.login();
 
-        AccessControlProvider acProvider = securityProvider.getAccessControlProvider();
-        return new ContentSessionImpl(loginContext, acProvider, workspaceName,
+        AccessControlConfiguration acConfiguration = securityProvider.getAccessControlProvider();
+        return new ContentSessionImpl(loginContext, acConfiguration, workspaceName,
                 nodeStore, conflictHandler, indexProvider);
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java?rev=1407477&r1=1407476&r2=1407477&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java
Fri Nov  9 14:56:57 2012
@@ -27,7 +27,7 @@ import org.apache.jackrabbit.oak.api.Roo
 import org.apache.jackrabbit.oak.spi.commit.ConflictHandler;
 import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContext;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
 import org.apache.jackrabbit.oak.spi.state.NodeStore;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -42,7 +42,7 @@ class ContentSessionImpl implements Cont
     private static final Logger log = LoggerFactory.getLogger(ContentSessionImpl.class);
 
     private final LoginContext loginContext;
-    private final AccessControlProvider accProvider;
+    private final AccessControlConfiguration accConfiguration;
     private final String workspaceName;
     private final NodeStore store;
     private final ConflictHandler conflictHandler;
@@ -51,11 +51,11 @@ class ContentSessionImpl implements Cont
     private volatile boolean live = true;
 
     public ContentSessionImpl(LoginContext loginContext,
-            AccessControlProvider accProvider, String workspaceName,
+            AccessControlConfiguration accConfiguration, String workspaceName,
             NodeStore store, ConflictHandler conflictHandler,
             QueryIndexProvider indexProvider) {
         this.loginContext = loginContext;
-        this.accProvider = accProvider;
+        this.accConfiguration = accConfiguration;
         this.workspaceName = workspaceName;
         this.store = store;
         this.conflictHandler = conflictHandler;
@@ -88,7 +88,7 @@ class ContentSessionImpl implements Cont
     @Override
     public Root getLatestRoot() {
         checkLive();
-        RootImpl root = new RootImpl(store, workspaceName, loginContext.getSubject(), accProvider,
indexProvider) {
+        RootImpl root = new RootImpl(store, workspaceName, loginContext.getSubject(), accConfiguration,
indexProvider) {
             @Override
             protected void checkLive() {
                 ContentSessionImpl.this.checkLive();

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java?rev=1407477&r1=1407476&r2=1407477&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
Fri Nov  9 14:56:57 2012
@@ -39,9 +39,9 @@ import org.apache.jackrabbit.oak.spi.com
 import org.apache.jackrabbit.oak.spi.observation.ChangeExtractor;
 import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider;
 import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
-import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlConfiguration;
 import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
 import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
@@ -69,7 +69,7 @@ public class RootImpl implements Root {
     /**
      * The access control context provider.
      */
-    private final AccessControlProvider accProvider;
+    private final AccessControlConfiguration accConfiguration;
 
     /** Current branch this root operates on */
     private NodeStoreBranch branch;
@@ -93,18 +93,18 @@ public class RootImpl implements Root {
      * @param store         node store
      * @param workspaceName name of the workspace
      * @param subject       the subject.
-     * @param accProvider   the access control context provider.
+     * @param accConfiguration   the access control context provider.
      * @param indexProvider the query index provider.
      */
     @SuppressWarnings("UnusedParameters")
     public RootImpl(NodeStore store,
                     String workspaceName,
                     Subject subject,
-                    AccessControlProvider accProvider,
+                    AccessControlConfiguration accConfiguration,
                     QueryIndexProvider indexProvider) {
         this.store = checkNotNull(store);
         this.subject = checkNotNull(subject);
-        this.accProvider = checkNotNull(accProvider);
+        this.accConfiguration = checkNotNull(accConfiguration);
         this.indexProvider = indexProvider;
         refresh();
     }
@@ -113,7 +113,7 @@ public class RootImpl implements Root {
     public RootImpl(NodeStore store) {
         this.store = checkNotNull(store);
         this.subject = new Subject(true, Collections.singleton(SystemPrincipal.INSTANCE),
Collections.<Object>emptySet(), Collections.<Object>emptySet());
-        this.accProvider = new OpenAccessControlProvider();
+        this.accConfiguration = new OpenAccessControlConfiguration();
         this.indexProvider = new CompositeQueryIndexProvider();
         refresh();
     }
@@ -318,7 +318,7 @@ public class RootImpl implements Root {
     }
 
     CompiledPermissions getPermissions() {
-        return accProvider.getAccessControlContext(subject).getPermissions();
+        return accConfiguration.getAccessControlContext(subject).getPermissions();
     }
 
     //------------------------------------------------------------< private >---

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java?rev=1407477&r1=1407476&r2=1407477&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
Fri Nov  9 14:56:57 2012
@@ -29,7 +29,7 @@ import org.apache.jackrabbit.oak.api.Roo
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.security.authentication.LoginContextProviderImpl;
 import org.apache.jackrabbit.oak.security.authentication.token.TokenProviderImpl;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlProviderImpl;
+import org.apache.jackrabbit.oak.security.authorization.AccessControlConfigurationImpl;
 import org.apache.jackrabbit.oak.security.principal.PrincipalManagerImpl;
 import org.apache.jackrabbit.oak.security.principal.PrincipalProviderImpl;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeConfigurationImpl;
@@ -41,7 +41,7 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
@@ -106,8 +106,8 @@ public class SecurityProviderImpl implem
 
     @Nonnull
     @Override
-    public AccessControlProvider getAccessControlProvider() {
-        return new AccessControlProviderImpl();
+    public AccessControlConfiguration getAccessControlProvider() {
+        return new AccessControlConfigurationImpl();
     }
 
     @Nonnull

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
(from r1407386, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java&r1=1407386&r2=1407477&rev=1407477&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
Fri Nov  9 14:56:57 2012
@@ -19,18 +19,26 @@ package org.apache.jackrabbit.oak.securi
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
+import javax.annotation.Nonnull;
+import javax.jcr.security.AccessControlManager;
 import javax.security.auth.Subject;
 
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
 import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
 
 /**
- * {@code AccessControlProviderImpl} is a default implementation and
- * creates {@link AccessControlContextImpl} for a given set of principals.
+ * {@code AccessControlConfigurationImpl} ... TODO
  */
-public class AccessControlProviderImpl extends SecurityConfiguration.Default implements AccessControlProvider
{
+public class AccessControlConfigurationImpl extends SecurityConfiguration.Default implements
AccessControlConfiguration {
+
+    @Override
+    public AccessControlManager getAccessControlManager(Root root, NamePathMapper namePathMapper)
{
+        throw new UnsupportedOperationException("not yet implemented");
+    }
 
     @Override
     public AccessControlContext getAccessControlContext(Subject subject) {
@@ -40,7 +48,7 @@ public class AccessControlProviderImpl e
     @Override
     public List<ValidatorProvider> getValidatorProviders() {
         List<ValidatorProvider> vps = new ArrayList<ValidatorProvider>();
-        vps.add(new PermissionValidatorProvider());
+        vps.add(new PermissionValidatorProvider(this));
         vps.add(new AccessControlValidatorProvider());
         return Collections.unmodifiableList(vps);
     }

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev URL

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java?rev=1407477&r1=1407476&r2=1407477&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
Fri Nov  9 14:56:57 2012
@@ -24,10 +24,11 @@ import org.apache.jackrabbit.oak.api.Pro
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.plugins.name.NamespaceConstants;
 import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
 import org.apache.jackrabbit.oak.spi.commit.Validator;
 import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
 import org.apache.jackrabbit.oak.spi.security.authorization.Permissions;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
 import org.apache.jackrabbit.oak.util.NodeUtil;
 import org.apache.jackrabbit.oak.version.VersionConstants;
@@ -118,9 +119,9 @@ class PermissionValidator implements Val
             permission = Permissions.VERSION_MANAGEMENT;
             // FIXME: path to check for permission must be adjusted to be
             //        the one of the versionable node instead of the target parent.
+        } else if (isAuthorizableProperty(parent, property)) {
+            permission = Permissions.USER_MANAGEMENT;
         } else {
-            // TODO: identify specific permission depending on type of protection
-            // - user/group property -> user management
             permission = defaultPermission;
         }
 
@@ -143,6 +144,8 @@ class PermissionValidator implements Val
             permission = Permissions.VERSION_MANAGEMENT;
             // FIXME: path to check for permission must be adjusted to be
             // //     the one of the versionable node instead of the target node.
+        } else if (isAuthorizable(node)) {
+            permission = Permissions.USER_MANAGEMENT;
         } else {
             // TODO: identify specific permission depending on additional types of protection
             // - user/group -> user management
@@ -201,6 +204,7 @@ class PermissionValidator implements Val
     }
 
     private static boolean isVersionProperty(NodeUtil parent, PropertyState property) {
+        // TODO: review again
         if (VersionConstants.VERSION_PROPERTY_NAMES.contains(property.getName())) {
             return true;
         } else {
@@ -208,6 +212,26 @@ class PermissionValidator implements Val
         }
     }
 
+    private static boolean isAuthorizable(NodeUtil parent) {
+        // TODO: review again: depends on configured user-mgt
+        String ntName = parent.getName(JcrConstants.JCR_PRIMARYTYPE);
+        return UserConstants.NT_REP_GROUP.equals(ntName) || UserConstants.NT_REP_USER.equals(ntName)
|| UserConstants.NT_REP_MEMBERS.equals(ntName);
+    }
+
+    private static boolean isAuthorizableProperty(NodeUtil parent, PropertyState property)
{
+        // TODO: review again: depends on configured user-mgt
+        String ntName = parent.getName(JcrConstants.JCR_PRIMARYTYPE);
+        if (UserConstants.NT_REP_USER.equals(ntName)) {
+            return UserConstants.USER_PROPERTY_NAMES.contains(property.getName());
+        } else if (UserConstants.NT_REP_GROUP.equals(ntName)) {
+            return UserConstants.GROUP_PROPERTY_NAMES.contains(property.getName());
+        } else if (UserConstants.NT_REP_MEMBERS.equals(ntName)) {
+            return true;
+        }
+
+        return false;
+    }
+
     private static boolean isLockProperty(String name) {
         return JcrConstants.JCR_LOCKISDEEP.equals(name) || JcrConstants.JCR_LOCKOWNER.equals(name);
     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java?rev=1407477&r1=1407476&r2=1407477&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java
Fri Nov  9 14:56:57 2012
@@ -24,6 +24,7 @@ import javax.security.auth.Subject;
 import org.apache.jackrabbit.oak.core.ReadOnlyTree;
 import org.apache.jackrabbit.oak.spi.commit.Validator;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
 import org.apache.jackrabbit.oak.util.NodeUtil;
@@ -33,6 +34,12 @@ import org.apache.jackrabbit.oak.util.No
  */
 public class PermissionValidatorProvider implements ValidatorProvider {
 
+    private final AccessControlConfiguration accessControlConfiguration;
+
+    PermissionValidatorProvider(AccessControlConfiguration accessControlConfiguration) {
+        this.accessControlConfiguration = accessControlConfiguration;
+    }
+
     @Nonnull
     @Override
     public Validator getRootValidator(NodeState before, NodeState after) {
@@ -42,9 +49,7 @@ public class PermissionValidatorProvider
             subject = new Subject();
         }
 
-        // FIXME: should use same provider as in ContentRepositoryImpl
-        AccessControlContext context = new AccessControlProviderImpl()
-                .getAccessControlContext(subject);
+        AccessControlContext context = accessControlConfiguration.getAccessControlContext(subject);
 
         NodeUtil rootBefore = new NodeUtil(new ReadOnlyTree(before));
         NodeUtil rootAfter = new NodeUtil(new ReadOnlyTree(after));

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java?rev=1407477&r1=1407476&r2=1407477&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
Fri Nov  9 14:56:57 2012
@@ -24,8 +24,8 @@ import org.apache.jackrabbit.oak.spi.que
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.OpenLoginContextProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlConfiguration;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
@@ -56,8 +56,8 @@ public class OpenSecurityProvider implem
 
     @Nonnull
     @Override
-    public AccessControlProvider getAccessControlProvider() {
-        return new OpenAccessControlProvider();
+    public AccessControlConfiguration getAccessControlProvider() {
+        return new OpenAccessControlConfiguration();
     }
 
     @Nonnull
@@ -77,4 +77,4 @@ public class OpenSecurityProvider implem
     public PrincipalConfiguration getPrincipalConfiguration() {
         throw new UnsupportedOperationException();
     }
-}
\ No newline at end of file
+}

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java?rev=1407477&r1=1407476&r2=1407477&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
Fri Nov  9 14:56:57 2012
@@ -22,7 +22,7 @@ import org.apache.jackrabbit.oak.api.Roo
 import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
@@ -44,7 +44,7 @@ public interface SecurityProvider {
     TokenProvider getTokenProvider(Root root);
 
     @Nonnull
-    AccessControlProvider getAccessControlProvider();
+    AccessControlConfiguration getAccessControlProvider();
 
     @Nonnull
     PrivilegeConfiguration getPrivilegeConfiguration();

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java?rev=1407477&r1=1407476&r2=1407477&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java
Fri Nov  9 14:56:57 2012
@@ -24,8 +24,8 @@ import javax.security.auth.callback.Call
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.core.RootImpl;
 import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlConfiguration;
 import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
 import org.apache.jackrabbit.oak.spi.state.NodeStore;
 
@@ -49,8 +49,8 @@ public class RepositoryCallback implemen
     public Root getRoot() {
         if (nodeStore != null) {
             Subject subject = new Subject(true, Collections.singleton(SystemPrincipal.INSTANCE),
Collections.<Object>emptySet(), Collections.<Object>emptySet());
-            AccessControlProvider acProvider = new OpenAccessControlProvider();
-            return new RootImpl(nodeStore, workspaceName, subject, acProvider, indexProvider);
+            AccessControlConfiguration acConfiguration = new OpenAccessControlConfiguration();
+            return new RootImpl(nodeStore, workspaceName, subject, acConfiguration, indexProvider);
         }
         return null;
     }
@@ -66,4 +66,4 @@ public class RepositoryCallback implemen
     public void setWorkspaceName(String workspaceName) {
         this.workspaceName = workspaceName;
     }
-}
\ No newline at end of file
+}

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java
(from r1407386, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java&r1=1407386&r2=1407477&rev=1407477&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java
Fri Nov  9 14:56:57 2012
@@ -16,14 +16,19 @@
  */
 package org.apache.jackrabbit.oak.spi.security.authorization;
 
+import javax.jcr.security.AccessControlManager;
 import javax.security.auth.Subject;
 
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
 
 /**
  * {@code AccessControlContextProvider}...
  */
-public interface AccessControlProvider extends SecurityConfiguration {
+public interface AccessControlConfiguration extends SecurityConfiguration {
+
+    public AccessControlManager getAccessControlManager(Root root, NamePathMapper namePathMapper);
 
     public AccessControlContext getAccessControlContext(Subject subject);
 }

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev URL

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java
(from r1407386, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java&r1=1407386&r2=1407477&rev=1407477&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java
Fri Nov  9 14:56:57 2012
@@ -16,16 +16,24 @@
  */
 package org.apache.jackrabbit.oak.spi.security.authorization;
 
+import javax.jcr.security.AccessControlManager;
 import javax.security.auth.Subject;
 
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
 
 /**
- * This class implements an {@link AccessControlProvider} which grants
+ * This class implements an {@link AccessControlConfiguration} which grants
  * full access to any {@link Subject} passed to {@link #getAccessControlContext(Subject)}.
  */
-public class OpenAccessControlProvider extends SecurityConfiguration.Default
-        implements AccessControlProvider {
+public class OpenAccessControlConfiguration extends SecurityConfiguration.Default
+        implements AccessControlConfiguration {
+
+    @Override
+    public AccessControlManager getAccessControlManager(Root root, NamePathMapper namePathMapper)
{
+        throw new UnsupportedOperationException();
+    }
 
     @Override
     public AccessControlContext getAccessControlContext(Subject subject) {

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision Rev URL

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java?rev=1407477&r1=1407476&r2=1407477&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java
Fri Nov  9 14:56:57 2012
@@ -16,6 +16,10 @@
  */
 package org.apache.jackrabbit.oak.spi.security.user;
 
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+
 /**
  * UserConstants...
  */
@@ -34,6 +38,20 @@ public interface UserConstants {
     String REP_MEMBERS = "rep:members";
     String REP_IMPERSONATORS = "rep:impersonators";
 
+    Collection<String> GROUP_PROPERTY_NAMES = Collections.unmodifiableList(Arrays.asList(
+            REP_PRINCIPAL_NAME,
+            REP_AUTHORIZABLE_ID,
+            REP_MEMBERS
+    ));
+
+    Collection<String> USER_PROPERTY_NAMES = Collections.unmodifiableList(Arrays.asList(
+            REP_PRINCIPAL_NAME,
+            REP_AUTHORIZABLE_ID,
+            REP_PASSWORD,
+            REP_DISABLED,
+            REP_IMPERSONATORS
+    ));
+
     /**
      * Configuration option defining the ID of the administrator user.
      */



Mime
View raw message