Author: angela Date: Thu Nov 1 15:01:37 2012 New Revision: 1404624 URL: http://svn.apache.org/viewvc?rev=1404624&view=rev Log: OAK-50, OAK-51, OAK-90, OAK-91: move common configuration parts to SecurityConfiguration interface. OAK-414 : Importing protected properties (work in progress: add configurable importers to the security configuration) Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java?rev=1404624&r1=1404623&r2=1404624&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java Thu Nov 1 15:01:37 2012 @@ -16,6 +16,8 @@ */ package org.apache.jackrabbit.oak.security; +import java.util.Collections; +import java.util.List; import javax.annotation.Nonnull; import javax.jcr.Session; import javax.security.auth.login.Configuration; @@ -30,8 +32,10 @@ import org.apache.jackrabbit.oak.securit import org.apache.jackrabbit.oak.security.principal.PrincipalProviderImpl; import org.apache.jackrabbit.oak.security.privilege.PrivilegeConfigurationImpl; import org.apache.jackrabbit.oak.security.user.UserConfigurationImpl; +import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; +import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider; import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider; @@ -41,6 +45,7 @@ import org.apache.jackrabbit.oak.spi.sec import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration; import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration; import org.apache.jackrabbit.oak.spi.state.NodeStore; +import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -108,19 +113,33 @@ public class SecurityProviderImpl implem @Nonnull @Override public PrincipalConfiguration getPrincipalConfiguration() { - return new PrincipalConfiguration() { - @Nonnull - @Override - public PrincipalManager getPrincipalManager(Session session, Root root, NamePathMapper namePathMapper) { - PrincipalProvider principalProvider = getPrincipalProvider(root, namePathMapper); - return new PrincipalManagerImpl(principalProvider); - } - - @Nonnull - @Override - public PrincipalProvider getPrincipalProvider(Root root, NamePathMapper namePathMapper) { - return new PrincipalProviderImpl(root, getUserConfiguration(), namePathMapper); - } - }; + return new PrincipalConfigurationImpl(); + } + + private class PrincipalConfigurationImpl extends SecurityConfiguration.Default implements PrincipalConfiguration { + @Nonnull + @Override + public PrincipalManager getPrincipalManager(Session session, Root root, NamePathMapper namePathMapper) { + PrincipalProvider principalProvider = getPrincipalProvider(root, namePathMapper); + return new PrincipalManagerImpl(principalProvider); + } + + @Nonnull + @Override + public PrincipalProvider getPrincipalProvider(Root root, NamePathMapper namePathMapper) { + return new PrincipalProviderImpl(root, getUserConfiguration(), namePathMapper); + } + + @Nonnull + @Override + public List getValidatorProviders() { + return Collections.emptyList(); + } + + @Nonnull + @Override + public List getProtectedItemImporters() { + return Collections.emptyList(); + } } } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java?rev=1404624&r1=1404623&r2=1404624&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java Thu Nov 1 15:01:37 2012 @@ -22,6 +22,7 @@ import java.util.List; import javax.security.auth.Subject; import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; +import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration; import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext; import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider; @@ -29,7 +30,7 @@ import org.apache.jackrabbit.oak.spi.sec * {@code AccessControlProviderImpl} is a default implementation and * creates {@link AccessControlContextImpl} for a given set of principals. */ -public class AccessControlProviderImpl implements AccessControlProvider { +public class AccessControlProviderImpl extends SecurityConfiguration.Default implements AccessControlProvider { @Override public AccessControlContext getAccessControlContext(Subject subject) { Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java?rev=1404624&r1=1404623&r2=1404624&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java Thu Nov 1 15:01:37 2012 @@ -26,6 +26,7 @@ import org.apache.jackrabbit.oak.api.Roo import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; +import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration; import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction; @@ -33,7 +34,7 @@ import org.apache.jackrabbit.oak.spi.sec /** * UserConfigurationImpl... TODO */ -public class UserConfigurationImpl implements UserConfiguration { +public class UserConfigurationImpl extends SecurityConfiguration.Default implements UserConfiguration { private final ConfigurationParameters config; private final SecurityProvider securityProvider; Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java?rev=1404624&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java (added) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java Thu Nov 1 15:01:37 2012 @@ -0,0 +1,74 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.spi.security; + +import java.util.Collections; +import java.util.List; +import javax.annotation.Nonnull; + +import org.apache.jackrabbit.oak.spi.commit.Observer; +import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; +import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter; + +/** + * PluginConfiguration... TODO + */ +public interface SecurityConfiguration { + + @Nonnull + ConfigurationParameters getConfigurationParameters(); + + @Nonnull + List getValidatorProviders(); + + @Nonnull + List getCommitObservers(); + + @Nonnull + List getProtectedItemImporters(); + + /** + * Default implementation that provides empty validators/parameters. + */ + public static class Default implements SecurityConfiguration { + + @Nonnull + @Override + public ConfigurationParameters getConfigurationParameters() { + return ConfigurationParameters.EMPTY; + } + + @Nonnull + @Override + public List getValidatorProviders() { + return Collections.emptyList(); + } + + @Nonnull + @Override + public List getCommitObservers() { + return Collections.emptyList(); + } + + @Nonnull + @Override + public List getProtectedItemImporters() { + return Collections.emptyList(); + } + } + +} \ No newline at end of file Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java?rev=1404624&r1=1404623&r2=1404624&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java Thu Nov 1 15:01:37 2012 @@ -16,17 +16,14 @@ */ package org.apache.jackrabbit.oak.spi.security.authorization; -import java.util.List; import javax.security.auth.Subject; -import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; +import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration; /** * {@code AccessControlContextProvider}... */ -public interface AccessControlProvider { +public interface AccessControlProvider extends SecurityConfiguration { public AccessControlContext getAccessControlContext(Subject subject); - - public List getValidatorProviders(); } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java?rev=1404624&r1=1404623&r2=1404624&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java Thu Nov 1 15:01:37 2012 @@ -16,17 +16,15 @@ */ package org.apache.jackrabbit.oak.spi.security.authorization; -import java.util.Collections; -import java.util.List; import javax.security.auth.Subject; -import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; +import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration; /** * This class implements an {@link AccessControlProvider} which grants * full access to any {@link Subject} passed to {@link #getAccessControlContext(Subject)}. */ -public class OpenAccessControlProvider +public class OpenAccessControlProvider extends SecurityConfiguration.Default implements AccessControlProvider { @Override @@ -38,9 +36,4 @@ public class OpenAccessControlProvider } }; } - - @Override - public List getValidatorProviders() { - return Collections.emptyList(); - } } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java?rev=1404624&r1=1404623&r2=1404624&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java Thu Nov 1 15:01:37 2012 @@ -22,11 +22,12 @@ import javax.jcr.Session; import org.apache.jackrabbit.api.security.principal.PrincipalManager; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration; /** * PrincipalConfig... TODO */ -public interface PrincipalConfiguration { +public interface PrincipalConfiguration extends SecurityConfiguration { @Nonnull public PrincipalManager getPrincipalManager(Session session, Root root, NamePathMapper namePathMapper); Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java?rev=1404624&r1=1404623&r2=1404624&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java Thu Nov 1 15:01:37 2012 @@ -23,20 +23,13 @@ import javax.jcr.Session; import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.namepath.NamePathMapper; -import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; -import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; +import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration; import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction; /** * UserContext... TODO */ -public interface UserConfiguration { - - @Nonnull - ConfigurationParameters getConfigurationParameters(); - - @Nonnull - List getValidatorProviders(); +public interface UserConfiguration extends SecurityConfiguration { @Nonnull List getAuthorizableActions();