jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1416413 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak: ./ security/privilege/ spi/state/
Date Mon, 03 Dec 2012 10:20:02 GMT
Author: angela
Date: Mon Dec  3 10:20:01 2012
New Revision: 1416413

URL: http://svn.apache.org/viewvc?rev=1416413&view=rev
Log:
OAK-485 : Store jcr:all in the content and update upon privilege registration

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/JcrAllCommitHook.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/state/EmptyNodeStateDiff.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializer.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java?rev=1416413&r1=1416412&r2=1416413&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java Mon Dec
 3 10:20:01 2012
@@ -77,6 +77,8 @@ public class Oak {
 
     private List<ValidatorProvider> validatorProviders = newArrayList();
 
+    private List<CommitHook> securityHooks = newArrayList();
+
     // TODO: review if we really want to have the OpenSecurityProvider as default.
     private SecurityProvider securityProvider = new OpenSecurityProvider();
 
@@ -152,6 +154,17 @@ public class Oak {
     }
 
     /**
+     * Adds all currently tracked security related hooks to the commit hook that
+     * is used to create the content repository.
+     */
+    private void withSecurityHooks() {
+        if (!securityHooks.isEmpty()) {
+            commitHooks.addAll(securityHooks);
+            securityHooks = newArrayList();
+        }
+    }
+
+    /**
      * Associates the given validator provider with the repository to
      * be created.
      *
@@ -185,8 +198,8 @@ public class Oak {
     public Oak with(@Nonnull SecurityProvider securityProvider) {
         this.securityProvider = securityProvider;
         for (SecurityConfiguration sc : securityProvider.getSecurityConfigurations()) {
-            commitHooks.addAll(sc.getCommitHooks());
             validatorProviders.addAll(sc.getValidatorProviders());
+            securityHooks.addAll(sc.getCommitHooks());
             initializers.add(sc.getRepositoryInitializer());
         }
         return this;
@@ -215,6 +228,7 @@ public class Oak {
         commitHooks.add(IndexHookManager.of(indexHooks));
 
         withValidatorHook();
+        withSecurityHooks();
         store.setHook(CompositeHook.compose(commitHooks));
 
         return new ContentRepositoryImpl(

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/JcrAllCommitHook.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/JcrAllCommitHook.java?rev=1416413&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/JcrAllCommitHook.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/JcrAllCommitHook.java
Mon Dec  3 10:20:01 2012
@@ -0,0 +1,89 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.privilege;
+
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.oak.api.CommitFailedException;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Type;
+import org.apache.jackrabbit.oak.plugins.memory.MemoryPropertyBuilder;
+import org.apache.jackrabbit.oak.spi.commit.CommitHook;
+import org.apache.jackrabbit.oak.spi.state.EmptyNodeStateDiff;
+import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
+import org.apache.jackrabbit.oak.spi.state.NodeState;
+import org.apache.jackrabbit.oak.spi.state.PropertyBuilder;
+import org.apache.jackrabbit.util.Text;
+
+/**
+ * JcrAllCommitHook is responsible for updating the jcr:all privilege definition
+ * upon successful registration of a new privilege.
+ */
+public class JcrAllCommitHook implements CommitHook, PrivilegeConstants {
+
+    @Nonnull
+    @Override
+    public NodeState processCommit(NodeState before, NodeState after) throws CommitFailedException
{
+        NodeBuilder builder = after.builder();
+        after.compareAgainstBaseState(before, new PrivilegeDiff(null, null, builder));
+
+        return builder.getNodeState();
+    }
+
+    private class PrivilegeDiff extends EmptyNodeStateDiff {
+
+        private static final String ROOT_PATH = "";
+
+        private final PrivilegeDiff parentDiff;
+        private final String path;
+        private final NodeBuilder nodeBuilder;
+
+        private PrivilegeDiff(PrivilegeDiff parentDiff, String nodeName, NodeBuilder nodeBuilder)
{
+            this.parentDiff = parentDiff;
+            this.path = (nodeName == null) ? ROOT_PATH : parentDiff.path + '/' + nodeName;
+            this.nodeBuilder = nodeBuilder;
+        }
+
+        @Override
+        public void childNodeAdded(String name, NodeState after) {
+            if (PRIVILEGES_PATH.equals(path) && !JCR_ALL.equals(name)) {
+                // a new privilege was registered -> update the jcr:all privilege
+                NodeBuilder jcrAll = nodeBuilder.child(JCR_ALL);
+                PropertyState aggregates = jcrAll.getProperty(REP_AGGREGATES);
+
+                // FIXME: remove usage of MemoryPropertyBuilder (OAK-372)
+                PropertyBuilder<String> propertyBuilder;
+                if (aggregates == null) {
+                    propertyBuilder = MemoryPropertyBuilder.array(Type.NAME, REP_AGGREGATES);
+                } else {
+                    propertyBuilder = MemoryPropertyBuilder.copy(Type.NAME, aggregates);
+                }
+                if (!propertyBuilder.hasValue(name)) {
+                    propertyBuilder.addValue(name);
+                    jcrAll.setProperty(propertyBuilder.getPropertyState());
+                }
+            }
+        }
+
+        @Override
+        public void childNodeChanged(String name, NodeState before, NodeState after) {
+            if (ROOT_PATH.equals(path) || Text.isDescendant(path, PRIVILEGES_PATH)) {
+                after.compareAgainstBaseState(before, new PrivilegeDiff(this, name, nodeBuilder.child(name)));
+            }
+        }
+    }
+}

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java?rev=1416413&r1=1416412&r2=1416413&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
Mon Dec  3 10:20:01 2012
@@ -24,6 +24,7 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.commit.CommitHook;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
 import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
 import org.apache.jackrabbit.oak.spi.security.Context;
@@ -56,6 +57,12 @@ public class PrivilegeConfigurationImpl 
 
     @Nonnull
     @Override
+    public List<CommitHook> getCommitHooks() {
+        return Collections.<CommitHook>singletonList(new JcrAllCommitHook());
+    }
+
+    @Nonnull
+    @Override
     public List<ValidatorProvider> getValidatorProviders() {
         ValidatorProvider vp = new PrivilegeValidatorProvider();
         return Collections.singletonList(vp);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java?rev=1416413&r1=1416412&r2=1416413&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
Mon Dec  3 10:20:01 2012
@@ -52,6 +52,9 @@ class PrivilegeDefinitionWriter implemen
 
             NodeUtil privilegesNode = new NodeUtil(privilegesTree);
             for (PrivilegeDefinition definition : definitions) {
+                if (privilegesNode.hasChild(definition.getName())) {
+                    throw new RepositoryException("Privilege definition with name '"+definition.getName()+"'
already exists.");
+                }
                 writePrivilegeNode(privilegesNode, definition);
             }
 
@@ -68,12 +71,8 @@ class PrivilegeDefinitionWriter implemen
         }
     }
 
-    private static void writePrivilegeNode(NodeUtil privilegesNode, PrivilegeDefinition definition)
throws RepositoryException {
+    private static void writePrivilegeNode(NodeUtil privilegesNode, PrivilegeDefinition definition)
{
         String name = definition.getName();
-        if (privilegesNode.hasChild(definition.getName())) {
-            throw new RepositoryException("Privilege definition with name '"+name+"' already
exists.");
-        }
-
         NodeUtil privNode = privilegesNode.addChild(name, NT_REP_PRIVILEGE);
         if (definition.isAbstract()) {
             privNode.setBoolean(REP_IS_ABSTRACT, true);
@@ -84,4 +83,4 @@ class PrivilegeDefinitionWriter implemen
             privNode.setNames(REP_AGGREGATES, names);
         }
     }
-}
\ No newline at end of file
+}

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializer.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializer.java?rev=1416413&r1=1416412&r2=1416413&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializer.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializer.java
Mon Dec  3 10:20:01 2012
@@ -16,8 +16,9 @@
  */
 package org.apache.jackrabbit.oak.security.privilege;
 
-import java.util.HashSet;
-import java.util.Set;
+import java.util.Collection;
+import java.util.LinkedHashMap;
+import java.util.Map;
 import javax.jcr.RepositoryException;
 
 import org.apache.jackrabbit.JcrConstants;
@@ -76,16 +77,18 @@ class PrivilegeInitializer implements Re
         }
     }
 
-    Set<PrivilegeDefinition> getBuiltInDefinitions() {
-        Set<PrivilegeDefinition> definitions = new HashSet<PrivilegeDefinition>();
+    private Collection<PrivilegeDefinition> getBuiltInDefinitions() {
+        Map<String, PrivilegeDefinition> definitions = new LinkedHashMap<String,
PrivilegeDefinition>();
         for (String privilegeName : NON_AGGR_PRIVILEGES) {
             PrivilegeDefinition def = new PrivilegeDefinitionImpl(privilegeName, false);
-            definitions.add(def);
+            definitions.put(privilegeName, def);
         }
         for (String privilegeName : AGGREGATE_PRIVILEGES.keySet()) {
             PrivilegeDefinition def = new PrivilegeDefinitionImpl(privilegeName, false, AGGREGATE_PRIVILEGES.get(privilegeName));
-            definitions.add(def);
+            definitions.put(privilegeName, def);
         }
-        return definitions;
+        PrivilegeDefinition all = new PrivilegeDefinitionImpl(JCR_ALL, false, definitions.keySet());
+        definitions.put(JCR_ALL, all);
+        return definitions.values();
     }
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java?rev=1416413&r1=1416412&r2=1416413&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
Mon Dec  3 10:20:01 2012
@@ -42,8 +42,6 @@ import org.slf4j.LoggerFactory;
 /**
  * {@code PrivilegeManager} implementation reading from and storing privileges
  * into the repository.
- *
- * TODO: review if jcr:all should be present in the content as well (updated in the privilege
commit validator)
  */
 public class PrivilegeManagerImpl implements PrivilegeManager {
 
@@ -141,17 +139,12 @@ public class PrivilegeManagerImpl implem
     @Nonnull
     private PrivilegeDefinition[] getPrivilegeDefinitions() {
         Map<String, PrivilegeDefinition> definitions = getReader().readDefinitions();
-        definitions.put(PrivilegeConstants.JCR_ALL, getJcrAllDefinition(definitions));
         return definitions.values().toArray(new PrivilegeDefinition[definitions.size()]);
     }
 
     @CheckForNull
     private PrivilegeDefinition getPrivilegeDefinition(String oakName) {
-        if (PrivilegeConstants.JCR_ALL.equals(oakName)) {
-            return getJcrAllDefinition(getReader().readDefinitions());
-        } else {
-            return getReader().readDefinition(oakName);
-        }
+        return getReader().readDefinition(oakName);
     }
 
     @Nonnull
@@ -159,11 +152,6 @@ public class PrivilegeManagerImpl implem
         return new PrivilegeDefinitionReaderImpl(root);
     }
 
-    @Nonnull
-    private static PrivilegeDefinition getJcrAllDefinition(Map<String, PrivilegeDefinition>
definitions) {
-        return new PrivilegeDefinitionImpl(PrivilegeConstants.JCR_ALL, false, definitions.keySet());
-    }
-
     //--------------------------------------------------------------------------
     /**
      * Privilege implementation based on a {@link org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition}.
@@ -247,4 +235,4 @@ public class PrivilegeManagerImpl implem
             return definition.getName();
         }
     }
-}
\ No newline at end of file
+}

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/state/EmptyNodeStateDiff.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/state/EmptyNodeStateDiff.java?rev=1416413&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/state/EmptyNodeStateDiff.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/state/EmptyNodeStateDiff.java
Mon Dec  3 10:20:01 2012
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.state;
+
+import org.apache.jackrabbit.oak.api.PropertyState;
+
+/**
+ * Empty implementation of the {@code NodeStateDiff} interface.
+ */
+public class EmptyNodeStateDiff implements NodeStateDiff {
+
+    @Override
+    public void propertyAdded(PropertyState after) {
+
+    }
+
+    @Override
+    public void propertyChanged(PropertyState before, PropertyState after) {
+        // nothing to do
+    }
+
+    @Override
+    public void propertyDeleted(PropertyState before) {
+        // nothing to do
+    }
+
+    @Override
+    public void childNodeAdded(String name, NodeState after) {
+        // nothing to do
+    }
+
+    @Override
+    public void childNodeChanged(String name, NodeState before, NodeState after) {
+        // nothing to do
+    }
+
+    @Override
+    public void childNodeDeleted(String name, NodeState before) {
+        // nothing to do
+    }
+}



Mime
View raw message