jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1409886 - in /jackrabbit/oak/trunk/oak-core/src/main: java/org/apache/jackrabbit/oak/security/user/ java/org/apache/jackrabbit/oak/spi/security/user/util/ resources/org/apache/jackrabbit/oak/plugins/nodetype/
Date Thu, 15 Nov 2012 17:13:04 GMT
Author: angela
Date: Thu Nov 15 17:13:03 2012
New Revision: 1409886

URL: http://svn.apache.org/viewvc?rev=1409886&view=rev
Log:
OAK-50 : Implement User Management (WIP)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserQueryManager.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java
    jackrabbit/oak/trunk/oak-core/src/main/resources/org/apache/jackrabbit/oak/plugins/nodetype/builtin_nodetypes.cnd

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java?rev=1409886&r1=1409885&r2=1409886&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java
Thu Nov 15 17:13:03 2012
@@ -292,7 +292,7 @@ class UserProvider extends AuthorizableB
                 folder = colliding;
             } else {
                 String msg = "Failed to create authorizable with id '" + authorizableId +
"' : " +
-                        "Detected conflicting node of unexpected node type '" + colliding.getString(JcrConstants.JCR_PRIMARYTYPE,
null) + "'.";
+                        "Detected conflicting node of unexpected node type '" + colliding.getPrimaryNodeTypeName()
+ "'.";
                 log.error(msg);
                 throw new ConstraintViolationException(msg);
             }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserQueryManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserQueryManager.java?rev=1409886&r1=1409885&r2=1409886&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserQueryManager.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserQueryManager.java
Thu Nov 15 17:13:03 2012
@@ -34,6 +34,7 @@ import org.apache.jackrabbit.oak.securit
 import org.apache.jackrabbit.oak.security.user.query.XPathQueryEvaluator;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
+import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
 import org.apache.jackrabbit.util.ISO9075;
 import org.apache.jackrabbit.util.Text;
 import org.slf4j.Logger;
@@ -60,14 +61,9 @@ class UserQueryManager {
         this.userManager = userManager;
         this.root = root;
 
-        this.userRoot = userManager.getConfig().getConfigValue(UserConstants.PARAM_USER_PATH,
UserConstants.DEFAULT_USER_PATH);
-        this.groupRoot = userManager.getConfig().getConfigValue(UserConstants.PARAM_GROUP_PATH,
UserConstants.DEFAULT_GROUP_PATH);
-
-        String parent = userRoot;
-        while (!Text.isDescendant(parent, groupRoot)) {
-            parent = Text.getRelativeParent(parent, 1);
-        }
-        authorizableRoot = parent;
+        userRoot = UserUtility.getAuthorizableRootPath(userManager.getConfig(), AuthorizableType.USER);
+        groupRoot = UserUtility.getAuthorizableRootPath(userManager.getConfig(), AuthorizableType.GROUP);
+        authorizableRoot = UserUtility.getAuthorizableRootPath(userManager.getConfig(), AuthorizableType.AUTHORIZABLE);
     }
 
     @Nonnull

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java?rev=1409886&r1=1409885&r2=1409886&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
Thu Nov 15 17:13:03 2012
@@ -40,23 +40,25 @@ import org.apache.jackrabbit.util.Text;
  */
 class UserValidator extends DefaultValidator implements UserConstants {
 
-    private final UserValidatorProvider provider;
-
     private final NodeUtil parentBefore;
     private final NodeUtil parentAfter;
+    private final UserValidatorProvider provider;
+
+    private final AuthorizableType authorizableType;
 
     UserValidator(NodeUtil parentBefore, NodeUtil parentAfter, UserValidatorProvider provider)
{
         this.parentBefore = parentBefore;
         this.parentAfter = parentAfter;
-
         this.provider = provider;
+
+        authorizableType = UserUtility.getType(parentAfter);
     }
 
     //----------------------------------------------------------< Validator >---
 
     @Override
     public void propertyAdded(PropertyState after) throws CommitFailedException {
-        if (!isAuthorizable(parentAfter)) {
+        if (authorizableType == null) {
             return;
         }
 
@@ -74,7 +76,7 @@ class UserValidator extends DefaultValid
 
     @Override
     public void propertyChanged(PropertyState before, PropertyState after) throws CommitFailedException
{
-        if (!isAuthorizable(parentAfter)) {
+        if (authorizableType == null) {
             return;
         }
 
@@ -96,7 +98,7 @@ class UserValidator extends DefaultValid
 
     @Override
     public void propertyDeleted(PropertyState before) throws CommitFailedException {
-        if (!isAuthorizable(parentAfter)) {
+        if (authorizableType == null) {
             return;
         }
 
@@ -110,12 +112,8 @@ class UserValidator extends DefaultValid
     @Override
     public Validator childNodeAdded(String name, NodeState after) throws CommitFailedException
{
         NodeUtil node = parentAfter.getChild(name);
-        String authRoot = null;
-        if (node.hasPrimaryNodeTypeName(NT_REP_USER)) {
-            authRoot = provider.getConfig().getConfigValue(PARAM_USER_PATH, DEFAULT_USER_PATH);
-        } else if (node.hasPrimaryNodeTypeName(UserConstants.NT_REP_GROUP)) {
-            authRoot = provider.getConfig().getConfigValue(PARAM_GROUP_PATH, DEFAULT_GROUP_PATH);
-        }
+        AuthorizableType type = UserUtility.getType(node);
+        String authRoot = UserUtility.getAuthorizableRootPath(provider.getConfig(), type);
         if (authRoot != null) {
             assertHierarchy(node, authRoot);
             // assert rep:principalName is present (that should actually by covered
@@ -145,6 +143,24 @@ class UserValidator extends DefaultValid
 
     //------------------------------------------------------------< private >---
 
+    private boolean isAdminUser(NodeUtil userNode) {
+        if (isUser(userNode)) {
+            String id = UserProvider.getAuthorizableId(userNode.getTree());
+            return id != null && UserUtility.getAdminId(provider.getConfig()).equals(id);
+        } else {
+            return false;
+        }
+    }
+
+    private boolean isValidUUID(String uuid) {
+        String id = UserProvider.getAuthorizableId(parentAfter.getTree());
+        return uuid.equals(UserProvider.getContentID(id));
+    }
+
+    private static boolean isUser(NodeUtil node) {
+        return node.hasPrimaryNodeTypeName(NT_REP_USER);
+    }
+
     /**
      * Make sure user and group nodes are located underneath the configured path
      * and that path consists of rep:authorizableFolder nodes.
@@ -153,12 +169,11 @@ class UserValidator extends DefaultValid
      * @param pathConstraint
      * @throws CommitFailedException
      */
-    private void assertHierarchy(NodeUtil userNode, String pathConstraint) throws CommitFailedException
{
+    private static void assertHierarchy(NodeUtil userNode, String pathConstraint) throws
CommitFailedException {
         if (!Text.isDescendant(pathConstraint, userNode.getTree().getPath())) {
             String msg = "Attempt to create user/group outside of configured scope " + pathConstraint;
             fail(msg);
         }
-
         NodeUtil parent = userNode.getParent();
         while (!parent.getTree().isRoot()) {
             if (!parent.hasPrimaryNodeTypeName(NT_REP_AUTHORIZABLE_FOLDER)) {
@@ -169,28 +184,6 @@ class UserValidator extends DefaultValid
         }
     }
 
-
-    // FIXME: copied from UserProvider#isAdminUser
-    private boolean isAdminUser(NodeUtil userNode) {
-        String id = (userNode.getString(REP_AUTHORIZABLE_ID, Text.unescapeIllegalJcrChars(userNode.getName())));
-        return isUser(userNode) && UserUtility.getAdminId(provider.getConfig()).equals(id);
-    }
-
-    private boolean isValidUUID(String uuid) {
-        String id = UserProvider.getAuthorizableId(parentAfter.getTree());
-        return uuid.equals(UserProvider.getContentID(id));
-    }
-
-    private static boolean isAuthorizable(NodeUtil node) {
-        return UserUtility.isType(node.getTree(), AuthorizableType.AUTHORIZABLE);
-    }
-
-    private static boolean isUser(NodeUtil node) {
-        return UserUtility.isType(node.getTree(), AuthorizableType.USER);
-    }
-
-
-
     private static void fail(String msg) throws CommitFailedException {
         Exception e = new ConstraintViolationException(msg);
         throw new CommitFailedException(e);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java?rev=1409886&r1=1409885&r2=1409886&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java
Thu Nov 15 17:13:03 2012
@@ -25,6 +25,7 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.util.NodeUtil;
+import org.apache.jackrabbit.util.Text;
 
 import static org.apache.jackrabbit.oak.api.Type.STRING;
 
@@ -71,4 +72,26 @@ public final class UserUtility implement
         }
         return null;
     }
+
+    @CheckForNull
+    public static String getAuthorizableRootPath(ConfigurationParameters parameters, AuthorizableType
type) {
+        String path = null;
+        if (type != null) {
+            switch (type) {
+                case USER:
+                    path = parameters.getConfigValue(UserConstants.PARAM_USER_PATH, UserConstants.DEFAULT_USER_PATH);
+                    break;
+                case GROUP:
+                    path = parameters.getConfigValue(UserConstants.PARAM_GROUP_PATH, UserConstants.DEFAULT_GROUP_PATH);
+                    break;
+                default:
+                    path = parameters.getConfigValue(UserConstants.PARAM_USER_PATH, UserConstants.DEFAULT_USER_PATH);
+                    String groupRoot = parameters.getConfigValue(UserConstants.PARAM_GROUP_PATH,
UserConstants.DEFAULT_GROUP_PATH);
+                    while (!Text.isDescendant(path, groupRoot)) {
+                        path = Text.getRelativeParent(path, 1);
+                    }
+            }
+        }
+        return path;
+    }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/resources/org/apache/jackrabbit/oak/plugins/nodetype/builtin_nodetypes.cnd
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/resources/org/apache/jackrabbit/oak/plugins/nodetype/builtin_nodetypes.cnd?rev=1409886&r1=1409885&r2=1409886&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/resources/org/apache/jackrabbit/oak/plugins/nodetype/builtin_nodetypes.cnd
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/resources/org/apache/jackrabbit/oak/plugins/nodetype/builtin_nodetypes.cnd
Thu Nov 15 17:13:03 2012
@@ -620,7 +620,7 @@
   - rep:disabled (STRING) protected
 
 [rep:Group] > rep:Authorizable
-  + rep:members (rep:Members) = rep:Members multiple protected VERSION
+  + rep:members (rep:Members) = rep:Members multiple protected VERSION /* FIXME: SNS definition
*/
   - rep:members (WEAKREFERENCE) protected multiple < 'rep:Authorizable'
 
 [rep:AuthorizableFolder] > nt:hierarchyNode
@@ -629,8 +629,9 @@
 
 [rep:Members]
   orderable
-  + * (rep:Members) = rep:Members protected multiple
-  - * (WEAKREFERENCE) protected < 'rep:Authorizable'
+  + * (rep:Members) = rep:Members protected multiple /* FIXME: SNS definition */
+  - * (WEAKREFERENCE) protected < 'rep:Authorizable' /* Deprecated since OAK */
+  - rep:members (WEAKREFERENCE) protected multiple < 'rep:Authorizable'
 
 // -----------------------------------------------------------------------------
 // Privilege Management



Mime
View raw message