jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1430767 - /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/
Date Wed, 09 Jan 2013 10:24:07 GMT
Author: angela
Date: Wed Jan  9 10:24:06 2013
New Revision: 1430767

URL: http://svn.apache.org/viewvc?rev=1430767&view=rev
Log:
OAK-64 : Privilege Management (WIP)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/JcrAllCommitHook.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConstants.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeContext.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializer.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/JcrAllCommitHook.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/JcrAllCommitHook.java?rev=1430767&r1=1430766&r2=1430767&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/JcrAllCommitHook.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/JcrAllCommitHook.java
Wed Jan  9 10:24:06 2013
@@ -40,20 +40,17 @@ public class JcrAllCommitHook implements
     public NodeState processCommit(NodeState before, NodeState after) throws CommitFailedException
{
         NodeBuilder builder = after.builder();
         after.compareAgainstBaseState(before, new PrivilegeDiff(null, null, builder));
-
         return builder.getNodeState();
     }
 
-    private class PrivilegeDiff extends EmptyNodeStateDiff {
+    private final class PrivilegeDiff extends EmptyNodeStateDiff {
 
         private static final String ROOT_PATH = "";
 
-        private final PrivilegeDiff parentDiff;
         private final String path;
         private final NodeBuilder nodeBuilder;
 
         private PrivilegeDiff(PrivilegeDiff parentDiff, String nodeName, NodeBuilder nodeBuilder)
{
-            this.parentDiff = parentDiff;
             this.path = (nodeName == null) ? ROOT_PATH : parentDiff.path + '/' + nodeName;
             this.nodeBuilder = nodeBuilder;
         }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java?rev=1430767&r1=1430766&r2=1430767&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
Wed Jan  9 10:24:06 2013
@@ -73,6 +73,6 @@ public class PrivilegeConfigurationImpl 
     @Nonnull
     @Override
     public Context getContext() {
-        return PrivilegeContext.INSTANCE;
+        return PrivilegeContext.getInstance();
     }
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConstants.java?rev=1430767&r1=1430766&r2=1430767&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConstants.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConstants.java
Wed Jan  9 10:24:06 2013
@@ -16,10 +16,8 @@
  */
 package org.apache.jackrabbit.oak.security.privilege;
 
-import java.util.Map;
 import java.util.Set;
 
-import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 import org.apache.jackrabbit.JcrConstants;
 
@@ -120,42 +118,6 @@ public interface PrivilegeConstants {
     /** Internal (oak) name of the rep:removeProperties privilege */
     String REP_REMOVE_PROPERTIES = "rep:removeProperties";
 
-    /** The internal names of all built-in privileges that are not aggregates. */
-    String[] NON_AGGR_PRIVILEGES = new String[] {
-            REP_READ_NODES, REP_READ_PROPERTIES,
-            REP_ADD_PROPERTIES, REP_ALTER_PROPERTIES, REP_REMOVE_PROPERTIES,
-            JCR_ADD_CHILD_NODES, JCR_REMOVE_CHILD_NODES, JCR_REMOVE_NODE,
-            JCR_READ_ACCESS_CONTROL, JCR_MODIFY_ACCESS_CONTROL, JCR_NODE_TYPE_MANAGEMENT,
-            JCR_VERSION_MANAGEMENT, JCR_LOCK_MANAGEMENT, JCR_LIFECYCLE_MANAGEMENT,
-            JCR_RETENTION_MANAGEMENT, JCR_WORKSPACE_MANAGEMENT, JCR_NODE_TYPE_DEFINITION_MANAGEMENT,
-            JCR_NAMESPACE_MANAGEMENT, REP_PRIVILEGE_MANAGEMENT, REP_USER_MANAGEMENT};
-
-    /** The aggregation definition of the jcr:read privilege. */
-    String[] AGGR_JCR_READ = new String[] {
-            REP_READ_NODES, REP_READ_PROPERTIES
-    };
-
-    /** The aggregation definition of the jcr:modifyProperties privilege. */
-    String[] AGGR_JCR_MODIFY_PROPERTIES = new String[] {
-            REP_ADD_PROPERTIES, REP_ALTER_PROPERTIES, REP_REMOVE_PROPERTIES
-    };
-
-    /** The aggregation definition of the jcr:write privilege. */
-    String[] AGGR_JCR_WRITE = new String[] {
-            JCR_MODIFY_PROPERTIES, JCR_ADD_CHILD_NODES, JCR_REMOVE_CHILD_NODES, JCR_REMOVE_NODE
-    };
-
-    /** The aggregation definition of the rep:write privilege. */
-    String[] AGGR_REP_WRITE = new String[] {
-            JCR_WRITE, JCR_NODE_TYPE_MANAGEMENT
-    };
-
-    /** The internal names of all built-in privileges that are aggregates. */
-    Map<String, String[]> AGGREGATE_PRIVILEGES = ImmutableMap.of(JCR_READ, AGGR_JCR_READ,
-            JCR_MODIFY_PROPERTIES, AGGR_JCR_MODIFY_PROPERTIES,
-            JCR_WRITE, AGGR_JCR_WRITE,
-            REP_WRITE, AGGR_REP_WRITE);
-
     /**
      * The internal names of all property definitions that are associated with
      * the {@link #NT_REP_PRIVILEGE rep:Privilege} node type

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeContext.java?rev=1430767&r1=1430766&r2=1430767&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeContext.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeContext.java
Wed Jan  9 10:24:06 2013
@@ -26,10 +26,13 @@ import org.apache.jackrabbit.oak.util.No
  */
 class PrivilegeContext implements Context {
 
-    static final Context INSTANCE = new PrivilegeContext();
+    private static final Context INSTANCE = new PrivilegeContext();
 
     private PrivilegeContext() {}
 
+    static Context getInstance() {
+        return INSTANCE;
+    }
     //------------------------------------------------------------< Context >---
     @Override
     public boolean definesProperty(Tree parent, PropertyState property) {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java?rev=1430767&r1=1430766&r2=1430767&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
Wed Jan  9 10:24:06 2013
@@ -66,7 +66,7 @@ class PrivilegeDefinitionWriter implemen
             if (t instanceof RepositoryException) {
                 throw (RepositoryException) t;
             } else {
-                throw new RepositoryException(e.getMessage());
+                throw new RepositoryException(e);
             }
         }
     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializer.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializer.java?rev=1430767&r1=1430766&r2=1430767&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializer.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeInitializer.java
Wed Jan  9 10:24:06 2013
@@ -21,6 +21,7 @@ import java.util.LinkedHashMap;
 import java.util.Map;
 import javax.jcr.RepositoryException;
 
+import com.google.common.collect.ImmutableMap;
 import org.apache.jackrabbit.JcrConstants;
 import org.apache.jackrabbit.oak.api.CommitFailedException;
 import org.apache.jackrabbit.oak.api.Type;
@@ -42,11 +43,26 @@ import org.slf4j.LoggerFactory;
  */
 class PrivilegeInitializer implements RepositoryInitializer, PrivilegeConstants {
 
-    /**
-     * logger instance
-     */
     private static final Logger log = LoggerFactory.getLogger(PrivilegeInitializer.class);
 
+    /** The internal names of all built-in privileges that are not aggregates. */
+    private static final String[] NON_AGGR_PRIVILEGES = new String[] {
+            REP_READ_NODES, REP_READ_PROPERTIES,
+            REP_ADD_PROPERTIES, REP_ALTER_PROPERTIES, REP_REMOVE_PROPERTIES,
+            JCR_ADD_CHILD_NODES, JCR_REMOVE_CHILD_NODES, JCR_REMOVE_NODE,
+            JCR_READ_ACCESS_CONTROL, JCR_MODIFY_ACCESS_CONTROL, JCR_NODE_TYPE_MANAGEMENT,
+            JCR_VERSION_MANAGEMENT, JCR_LOCK_MANAGEMENT, JCR_LIFECYCLE_MANAGEMENT,
+            JCR_RETENTION_MANAGEMENT, JCR_WORKSPACE_MANAGEMENT, JCR_NODE_TYPE_DEFINITION_MANAGEMENT,
+            JCR_NAMESPACE_MANAGEMENT, REP_PRIVILEGE_MANAGEMENT, REP_USER_MANAGEMENT};
+
+    /** The internal names and aggregation definition of all built-in privileges
+        that are aggregates (except for jcr:all). */
+    private static final Map<String, String[]> AGGREGATE_PRIVILEGES = ImmutableMap.of(
+            JCR_READ, new String[] {REP_READ_NODES, REP_READ_PROPERTIES},
+            JCR_MODIFY_PROPERTIES, new String[] {REP_ADD_PROPERTIES, REP_ALTER_PROPERTIES,
REP_REMOVE_PROPERTIES},
+            JCR_WRITE, new String[] {JCR_MODIFY_PROPERTIES, JCR_ADD_CHILD_NODES, JCR_REMOVE_CHILD_NODES,
JCR_REMOVE_NODE},
+            REP_WRITE, new String[] {JCR_WRITE, JCR_NODE_TYPE_MANAGEMENT});
+
     @Override
     public void initialize(NodeStore store) {
         NodeStoreBranch branch = store.branch();

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java?rev=1430767&r1=1430766&r2=1430767&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
Wed Jan  9 10:24:06 2013
@@ -45,13 +45,10 @@ import org.slf4j.LoggerFactory;
  */
 public class PrivilegeManagerImpl implements PrivilegeManager {
 
-    /**
-     * logger instance
-     */
     private static final Logger log = LoggerFactory.getLogger(PrivilegeManagerImpl.class);
 
-    final Root root;
-    final NamePathMapper namePathMapper;
+    private final Root root;
+    private final NamePathMapper namePathMapper;
 
     public PrivilegeManagerImpl(Root root, NamePathMapper namePathMapper) {
         this.root = root;
@@ -156,7 +153,7 @@ public class PrivilegeManagerImpl implem
     /**
      * Privilege implementation based on a {@link org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition}.
      */
-    private class PrivilegeImpl implements Privilege {
+    private final class PrivilegeImpl implements Privilege {
 
         private final PrivilegeDefinition definition;
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java?rev=1430767&r1=1430766&r2=1430767&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeMigrator.java
Wed Jan  9 10:24:06 2013
@@ -101,7 +101,7 @@ public class PrivilegeMigrator {
         for (PrivilegeDefinition def : PrivilegeXmlHandler.readDefinitions(src, nsRegistry))
{
             String privName = def.getName();
             if (definitions.containsKey(privName)) {
-                throw new RepositoryException("Duplicate entry for custom privilege with
name " + privName.toString());
+                throw new RepositoryException("Duplicate entry for custom privilege with
name " + privName);
             }
             definitions.put(privName, def);
         }
@@ -125,9 +125,6 @@ public class PrivilegeMigrator {
      */
     private static class PrivilegeXmlHandler {
 
-        private static final String TEXT_XML = "text/xml";
-        private static final String APPLICATION_XML = "application/xml";
-
         private static final String XML_PRIVILEGES = "privileges";
         private static final String XML_PRIVILEGE = "privilege";
         private static final String XML_CONTAINS = "contains";
@@ -137,8 +134,6 @@ public class PrivilegeMigrator {
 
         private static final String ATTR_XMLNS = "xmlns:";
 
-        private static DocumentBuilderFactory DOCUMENT_BUILDER_FACTORY = createFactory();
-
         private static DocumentBuilderFactory createFactory() {
             DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
             factory.setNamespaceAware(true);
@@ -219,7 +214,7 @@ public class PrivilegeMigrator {
          * @throws ParserConfigurationException
          */
         private static DocumentBuilder createDocumentBuilder() throws ParserConfigurationException
{
-            DocumentBuilder builder = DOCUMENT_BUILDER_FACTORY.newDocumentBuilder();
+            DocumentBuilder builder = createFactory().newDocumentBuilder();
             builder.setErrorHandler(new DefaultHandler());
             return builder;
         }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java?rev=1430767&r1=1430766&r2=1430767&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
Wed Jan  9 10:24:06 2013
@@ -42,7 +42,7 @@ class PrivilegeValidator implements Priv
     private final Map<String, PrivilegeDefinition> definitions;
     private final PrivilegeDefinitionReaderImpl reader;
 
-    PrivilegeValidator(NodeState before, NodeState after) {
+    PrivilegeValidator(NodeState before) {
         NodeState privRootState = getPrivilegesRoot(before);
         if (privRootState != null) {
             Tree privilegesBefore = new ReadOnlyTree(privRootState);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java?rev=1430767&r1=1430766&r2=1430767&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java
Wed Jan  9 10:24:06 2013
@@ -36,6 +36,6 @@ class PrivilegeValidatorProvider impleme
     @Nonnull
     @Override
     public Validator getRootValidator(NodeState before, NodeState after) {
-        return new SubtreeValidator(new PrivilegeValidator(before, after), JCR_SYSTEM, REP_PRIVILEGES);
+        return new SubtreeValidator(new PrivilegeValidator(before), JCR_SYSTEM, REP_PRIVILEGES);
     }
 }
\ No newline at end of file



Mime
View raw message