jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1430941 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak: security/user/ security/user/query/ spi/security/user/ spi/security/user/util/
Date Wed, 09 Jan 2013 16:34:04 GMT
Author: angela
Date: Wed Jan  9 16:34:04 2013
New Revision: 1430941

URL: http://svn.apache.org/viewvc?rev=1430941&view=rev
Log:
OAK-50 : Implement User Management (WIP)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizablePropertiesImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/Condition.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/QueryUtil.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ResultIterator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/AuthorizableNodeName.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/PasswordUtility.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java?rev=1430941&r1=1430940&r2=1430941&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java
Wed Jan  9 16:34:04 2013
@@ -16,6 +16,9 @@
  */
 package org.apache.jackrabbit.oak.security.user;
 
+import javax.annotation.CheckForNull;
+import javax.annotation.Nonnull;
+
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
@@ -24,6 +27,8 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+
 /**
  * Base class for {@link UserProvider} and {@link MembershipProvider}.
  */
@@ -34,11 +39,15 @@ abstract class AuthorizableBaseProvider 
     final IdentifierManager identifierManager;
 
     AuthorizableBaseProvider(Root root, ConfigurationParameters config) {
+        checkNotNull(root);
+        checkNotNull(config);
+
         this.root = root;
         this.config = config;
         this.identifierManager = new IdentifierManager(root);
     }
 
+    @CheckForNull
     Tree getByID(String authorizableId, AuthorizableType authorizableType) {
         Tree tree = identifierManager.getTree(getContentID(authorizableId));
         if (UserUtility.isType(tree, authorizableType)) {
@@ -48,6 +57,7 @@ abstract class AuthorizableBaseProvider 
         }
     }
 
+    @CheckForNull
     Tree getByPath(String authorizableOakPath) {
         Tree tree = root.getTree(authorizableOakPath);
         if (UserUtility.isType(tree, AuthorizableType.AUTHORIZABLE)) {
@@ -57,10 +67,12 @@ abstract class AuthorizableBaseProvider 
         }
     }
 
+    @Nonnull
     String getContentID(Tree authorizableTree) {
         return identifierManager.getIdentifier(authorizableTree);
     }
 
+    @Nonnull
     static String getContentID(String authorizableId) {
         return IdentifierManager.generateUUID(authorizableId.toLowerCase());
     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java?rev=1430941&r1=1430940&r2=1430941&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java
Wed Jan  9 16:34:04 2013
@@ -18,9 +18,7 @@ package org.apache.jackrabbit.oak.securi
 
 import java.util.Collections;
 import java.util.Iterator;
-import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
-import javax.jcr.Node;
 import javax.jcr.RepositoryException;
 import javax.jcr.Value;
 
@@ -28,6 +26,7 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.commons.iterator.RangeIteratorAdapter;
+import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
@@ -51,21 +50,24 @@ abstract class AuthorizableImpl implemen
     private final String principalName;
     private final UserManagerImpl userManager;
 
-    private Node node;
     private AuthorizableProperties properties;
     private int hashCode;
 
-    AuthorizableImpl(String id, Tree tree, UserManagerImpl userManager) throws RepositoryException
{
+    AuthorizableImpl(@Nonnull String id, @Nonnull Tree tree,
+                     @Nonnull UserManagerImpl userManager) throws RepositoryException {
         checkValidTree(tree);
+
         this.id = id;
-        if (tree.hasProperty(REP_PRINCIPAL_NAME)) {
-            principalName = tree.getProperty(REP_PRINCIPAL_NAME).getValue(STRING);
+        this.userManager = userManager;
+
+        PropertyState pNameProp = tree.getProperty(REP_PRINCIPAL_NAME);
+        if (pNameProp != null) {
+            principalName = pNameProp.getValue(STRING);
         } else {
             String msg = "Authorizable without principal name " + id;
             log.warn(msg);
             throw new RepositoryException(msg);
         }
-        this.userManager = userManager;
     }
 
     abstract void checkValidTree(Tree tree) throws RepositoryException;
@@ -185,11 +187,6 @@ abstract class AuthorizableImpl implemen
         return principalName;
     }
 
-    @CheckForNull
-    String getJcrName(String oakName) {
-        return userManager.getNamePathMapper().getJcrName(oakName);
-    }
-
     /**
      * @return The user manager associated with this authorizable.
      */
@@ -220,8 +217,8 @@ abstract class AuthorizableImpl implemen
     /**
      * Retrieve authorizable properties for property related operations.
      *
-     * @return
-     * @throws RepositoryException
+     * @return The authorizable properties for this user/group.
+     * @throws RepositoryException If an error occurs.
      */
     private AuthorizableProperties getAuthorizableProperties() throws RepositoryException
{
         if (properties == null) {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java?rev=1430941&r1=1430940&r2=1430941&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java
Wed Jan  9 16:34:04 2013
@@ -25,7 +25,6 @@ import com.google.common.base.Predicate;
 import com.google.common.base.Predicates;
 import com.google.common.collect.Iterators;
 import org.apache.jackrabbit.api.security.user.Authorizable;
-import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -33,15 +32,13 @@ import org.slf4j.LoggerFactory;
 /**
  * AuthorizableIterator...
  */
-class AuthorizableIterator implements Iterator {
+final class AuthorizableIterator implements Iterator {
 
     private static final Logger log = LoggerFactory.getLogger(AuthorizableIterator.class);
 
     private final Iterator<Authorizable> authorizables;
     private final long size;
 
-    private Authorizable next;
-
     static AuthorizableIterator create(Iterator<String> authorizableOakPaths,
                                        UserManagerImpl userManager,
                                        AuthorizableType authorizableType) {
@@ -50,13 +47,6 @@ class AuthorizableIterator implements It
         return new AuthorizableIterator(Iterators.filter(it, Predicates.notNull()), size);
     }
 
-    static AuthorizableIterator create(Iterator<Tree> authorizableTrees, UserManagerImpl
userManager) {
-        Iterator it = Iterators.transform(authorizableTrees, new TreeToAuthorizable(userManager));
-        long size = getSize(authorizableTrees);
-
-        return new AuthorizableIterator(Iterators.filter(it, Predicates.<Object>notNull()),
size);
-    }
-
     private AuthorizableIterator(Iterator<Authorizable> authorizables, long size) {
         this.authorizables = authorizables;
         this.size = size;
@@ -118,25 +108,6 @@ class AuthorizableIterator implements It
         }
     }
 
-    private static class TreeToAuthorizable implements Function<Tree, Authorizable>
{
-
-        private final UserManagerImpl userManager;
-
-        public TreeToAuthorizable(UserManagerImpl userManager) {
-            this.userManager = userManager;
-        }
-
-        @Override
-        public Authorizable apply(Tree authorizableTree) {
-            try {
-                return userManager.getAuthorizable(authorizableTree);
-            } catch (RepositoryException e) {
-                log.debug("Failed to access authorizable " + authorizableTree.getPath());
-                return null;
-            }
-        }
-    }
-
     private static class AuthorizableTypePredicate implements Predicate<Authorizable>
{
 
         private final AuthorizableType authorizableType;

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizablePropertiesImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizablePropertiesImpl.java?rev=1430941&r1=1430940&r2=1430941&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizablePropertiesImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizablePropertiesImpl.java
Wed Jan  9 16:34:04 2013
@@ -20,17 +20,16 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Iterator;
 import java.util.List;
+import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
 import javax.jcr.Value;
 import javax.jcr.nodetype.ConstraintViolationException;
-import javax.jcr.nodetype.NodeType;
 import javax.jcr.nodetype.PropertyDefinition;
 
 import org.apache.jackrabbit.JcrConstants;
 import org.apache.jackrabbit.oak.api.PropertyState;
-import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.api.TreeLocation;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
@@ -54,17 +53,15 @@ class AuthorizablePropertiesImpl impleme
 
     private static final Logger log = LoggerFactory.getLogger(AuthorizablePropertiesImpl.class);
 
-    private final UserProvider userProvider;
+    private final UserManagerImpl userManager;
     private final String id;
-    private final NamePathMapper namePathMapper;
     private final ReadOnlyNodeTypeManager nodeTypeManager;
 
-    AuthorizablePropertiesImpl(final Root root, UserProvider userProvider,
-                               String id, NamePathMapper namePathMapper) {
-        this.userProvider = userProvider;
+    AuthorizablePropertiesImpl(String id, UserManagerImpl userManager,
+                               ReadOnlyNodeTypeManager nodeTypeManager) {
+        this.userManager = userManager;
         this.id = id;
-        this.namePathMapper = namePathMapper;
-        this.nodeTypeManager = ReadOnlyNodeTypeManager.getInstance(root, NamePathMapper.DEFAULT);
+        this.nodeTypeManager = nodeTypeManager;
     }
 
     //---------------------------------------------< AuthorizableProperties >---
@@ -96,9 +93,7 @@ class AuthorizablePropertiesImpl impleme
     public boolean hasProperty(String relPath) throws RepositoryException {
         checkRelativePath(relPath);
 
-        Tree tree = getTree();
-        TreeLocation propertyLocation = getLocation(tree, relPath);
-        return propertyLocation.getProperty() != null && isAuthorizableProperty(tree,
propertyLocation, true);
+        return isAuthorizableProperty(getTree(), getLocation(getTree(), relPath), true);
     }
 
     /**
@@ -110,16 +105,14 @@ class AuthorizablePropertiesImpl impleme
 
         Tree tree = getTree();
         Value[] values = null;
-        TreeLocation propertyLocation = getLocation(tree, relPath);
-        PropertyState property = propertyLocation.getProperty();
+        PropertyState property = getAuthorizableProperty(tree, getLocation(tree, relPath),
true);
         if (property != null) {
-            if (isAuthorizableProperty(tree, propertyLocation, true)) {
-                if (property.isArray()) {
-                    List<Value> vs = ValueFactoryImpl.createValues(property, namePathMapper);
-                    values = vs.toArray(new Value[vs.size()]);
-                } else {
-                    values = new Value[]{ValueFactoryImpl.createValue(property, namePathMapper)};
-                }
+            NamePathMapper npMapper = userManager.getNamePathMapper();
+            if (property.isArray()) {
+                List<Value> vs = ValueFactoryImpl.createValues(property, npMapper);
+                values = vs.toArray(new Value[vs.size()]);
+            } else {
+                values = new Value[]{ValueFactoryImpl.createValue(property, npMapper)};
             }
         }
         return values;
@@ -143,11 +136,9 @@ class AuthorizablePropertiesImpl impleme
             // check if the property has already been created as multi valued
             // property before -> in this case remove in order to avoid
             // ValueFormatException.
-            if (parent.hasProperty(name)) {
-                PropertyState p = parent.getProperty(name);
-                if (p.isArray()) {
-                    parent.removeProperty(name);
-                }
+            PropertyState p = parent.getProperty(name);
+            if (p != null && p.isArray()) {
+                parent.removeProperty(name);
             }
             PropertyState propertyState = PropertyStates.createProperty(name, value);
             parent.setProperty(propertyState);
@@ -173,11 +164,9 @@ class AuthorizablePropertiesImpl impleme
             // check if the property has already been created as single valued
             // property before -> in this case remove in order to avoid
             // ValueFormatException.
-            if (parent.hasProperty(name)) {
-                PropertyState p = parent.getProperty(name);
-                if (!p.isArray()) {
-                    parent.removeProperty(name);
-                }
+            PropertyState p = parent.getProperty(name);
+            if (p != null && !p.isArray()) {
+                parent.removeProperty(name);
             }
             PropertyState propertyState = PropertyStates.createProperty(name, Arrays.asList(values));
             parent.setProperty(propertyState);
@@ -208,9 +197,9 @@ class AuthorizablePropertiesImpl impleme
     }
 
     //------------------------------------------------------------< private >---
-
+    @Nonnull
     private Tree getTree() {
-        return userProvider.getAuthorizable(id);
+        return userManager.getAuthorizableTree(id);
     }
 
     /**
@@ -223,36 +212,54 @@ class AuthorizablePropertiesImpl impleme
      * @param verifyAncestor If true the property is tested to be a descendant
      * of the node of this authorizable; otherwise it is expected that this
      * test has been executed by the caller.
-     * @return {@code true} if the given property is defined
+     * @return {@code true} if the given property is not protected and is defined
      * by the rep:authorizable node type or one of it's sub-node types;
      * {@code false} otherwise.
      * @throws RepositoryException If an error occurs.
      */
     private boolean isAuthorizableProperty(Tree authorizableTree, TreeLocation propertyLocation,
boolean verifyAncestor) throws RepositoryException {
+        return getAuthorizableProperty(authorizableTree, propertyLocation, verifyAncestor)
!= null;
+    }
+
+    /**
+     * Returns the valid authorizable property identified by the specified
+     * property location or {@code null} if that property does not exist or
+     * isn't a authorizable property because it is protected or outside of the
+     * scope of the {@code authorizableTree}.
+     *
+     * @param authorizableTree The tree of the target authorizable.
+     * @param propertyLocation Location to be tested.
+     * @param verifyAncestor If true the property is tested to be a descendant
+     * of the node of this authorizable; otherwise it is expected that this
+     * test has been executed by the caller.
+     * @return a valid authorizable property or {@code null} if no such property
+     * exists or fi the property is protected or not defined by the rep:authorizable
+     * node type or one of it's sub-node types.
+     * @throws RepositoryException If an error occurs.
+     */
+    @CheckForNull
+    private PropertyState getAuthorizableProperty(Tree authorizableTree, TreeLocation propertyLocation,
boolean verifyAncestor) throws RepositoryException {
+        if (propertyLocation == null || TreeLocation.NULL == propertyLocation) {
+            return null;
+        }
+
         String authorizablePath = authorizableTree.getPath();
-        String propPath = propertyLocation.getPath();
-        if (verifyAncestor && !Text.isDescendant(authorizablePath, propPath)) {
+        if (verifyAncestor && !Text.isDescendant(authorizablePath, propertyLocation.getPath()))
{
             log.debug("Attempt to access property outside of authorizable scope.");
-            return false;
+            return null;
         }
 
-        Tree parent = propertyLocation.getParent().getTree();
         PropertyState property = propertyLocation.getProperty();
         if (property != null) {
+            Tree parent = propertyLocation.getParent().getTree();
             PropertyDefinition def = nodeTypeManager.getDefinition(parent, property);
-            if (def.isProtected()) {
-                return false;
-            } else if (authorizablePath.equals(parent.getPath())) {
-                NodeType declaringNt = def.getDeclaringNodeType();
-                return declaringNt.isNodeType(UserConstants.NT_REP_AUTHORIZABLE);
-            } else {
-                // another non-protected property somewhere in the subtree of this
-                // authorizable node -> is a property that can be set using #setProperty.
-                return true;
-            }
-        }
-        // property does not exist.
-        return false;
+            if (def.isProtected() || (authorizablePath.equals(parent.getPath())
+                    && !def.getDeclaringNodeType().isNodeType(UserConstants.NT_REP_AUTHORIZABLE)))
{
+                return null;
+            } // else: non-protected property somewhere in the subtree of the user tree.
+        } // else: no such property.
+
+        return property;
     }
 
     private void checkProtectedProperty(Tree parent, String propertyName, boolean isArray,
int type) throws RepositoryException {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java?rev=1430941&r1=1430940&r2=1430941&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java
Wed Jan  9 16:34:04 2013
@@ -148,7 +148,7 @@ class GroupImpl extends AuthorizableImpl
     private Iterator<Authorizable> getMembers(boolean includeInherited) throws RepositoryException
{
         UserManagerImpl userMgr = getUserManager();
         if (isEveryone()) {
-            String propName = getJcrName(REP_PRINCIPAL_NAME);
+            String propName = getUserManager().getNamePathMapper().getJcrName((REP_PRINCIPAL_NAME));
             return userMgr.findAuthorizables(propName, null, UserManager.SEARCH_TYPE_AUTHORIZABLE);
         } else {
             Iterator oakPaths = getMembershipProvider().getMembers(getTree(), AuthorizableType.AUTHORIZABLE,
includeInherited);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProvider.java?rev=1430941&r1=1430940&r2=1430941&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProvider.java
Wed Jan  9 16:34:04 2013
@@ -22,7 +22,6 @@ import java.util.Iterator;
 import java.util.Set;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
-import javax.jcr.PropertyType;
 
 import com.google.common.base.Function;
 import com.google.common.base.Predicate;
@@ -56,7 +55,7 @@ import static org.apache.jackrabbit.oak.
  * characteristics:
  * <ul>
  *     <li>Multivalued property {@link #REP_MEMBERS}</li>
- *     <li>Property type: {@link PropertyType#WEAKREFERENCE}</li>
+ *     <li>Property type: {@link javax.jcr.PropertyType#WEAKREFERENCE}</li>
  *     <li>Used if the config option {@link org.apache.jackrabbit.oak.spi.security.user.UserConstants#PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE}
is missing or &lt;4</li>
  * </ul>
  *
@@ -66,7 +65,7 @@ import static org.apache.jackrabbit.oak.
  *
  * <ul>
  *     <li>Membership information stored underneath a {@link #REP_MEMBERS} node hierarchy</li>
- *     <li>Individual member information is stored each in a {@link PropertyType#WEAKREFERENCE}
+ *     <li>Individual member information is stored each in a {@link javax.jcr.PropertyType#WEAKREFERENCE}
  *     property</li>
  *     <li>Node hierarchy is split based on the {@link org.apache.jackrabbit.oak.spi.security.user.UserConstants#PARAM_GROUP_MEMBERSHIP_SPLIT_SIZE}
  *     configuration parameter.</li>

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?rev=1430941&r1=1430940&r2=1430941&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
Wed Jan  9 16:34:04 2013
@@ -35,6 +35,7 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
 import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
@@ -273,7 +274,7 @@ public class UserManagerImpl implements 
     }
 
     //--------------------------------------------------------------------------
-    @CheckForNull
+    @Nonnull
     Tree getAuthorizableTree(String id) {
         Tree tree = userProvider.getAuthorizable(id);
         if (tree == null) {
@@ -292,7 +293,7 @@ public class UserManagerImpl implements 
 
     @Nonnull
     AuthorizableProperties getAuthorizableProperties(String id) throws RepositoryException
{
-        return new AuthorizablePropertiesImpl(root, userProvider, id, namePathMapper);
+        return new AuthorizablePropertiesImpl(id, this, ReadOnlyNodeTypeManager.getInstance(root,
NamePathMapper.DEFAULT));
     }
 
     @Nonnull
@@ -334,11 +335,11 @@ public class UserManagerImpl implements 
         }
     }
 
-    private void checkValidID(String ID) throws RepositoryException {
-        if (ID == null || ID.length() == 0) {
-            throw new IllegalArgumentException("Invalid ID " + ID);
-        } else if (getAuthorizable(ID) != null) {
-            throw new AuthorizableExistsException("Authorizable with ID " + ID + " already
exists");
+    private void checkValidID(String id) throws RepositoryException {
+        if (id == null || id.length() == 0) {
+            throw new IllegalArgumentException("Invalid ID " + id);
+        } else if (getAuthorizable(id) != null) {
+            throw new AuthorizableExistsException("Authorizable with ID " + id + " already
exists");
         }
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java?rev=1430941&r1=1430940&r2=1430941&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java
Wed Jan  9 16:34:04 2013
@@ -158,9 +158,6 @@ import static org.apache.jackrabbit.oak.
  */
 class UserProvider extends AuthorizableBaseProvider {
 
-    /**
-     * logger instance
-     */
     private static final Logger log = LoggerFactory.getLogger(UserProvider.class);
 
     private static final String DELIMITER = "/";
@@ -174,7 +171,6 @@ class UserProvider extends AuthorizableB
         super(root, config);
 
         defaultDepth = config.getConfigValue(PARAM_DEFAULT_DEPTH, DEFAULT_DEPTH);
-
         groupPath = config.getConfigValue(PARAM_GROUP_PATH, DEFAULT_GROUP_PATH);
         userPath = config.getConfigValue(PARAM_USER_PATH, DEFAULT_USER_PATH);
     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/Condition.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/Condition.java?rev=1430941&r1=1430940&r2=1430941&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/Condition.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/Condition.java
Wed Jan  9 16:34:04 2013
@@ -28,8 +28,7 @@ interface Condition {
     void accept(ConditionVisitor visitor) throws RepositoryException;
 
     //-----------------------------------------------------< Node Condition >---
-
-    static class Node implements Condition {
+    class Node implements Condition {
 
         private final String pattern;
 
@@ -47,8 +46,7 @@ interface Condition {
     }
 
     //-------------------------------------------------< Property Condition >---
-
-    static class Property implements Condition {
+    class Property implements Condition {
 
         private final String relPath;
         private final RelationOp op;
@@ -98,8 +96,7 @@ interface Condition {
     }
 
     //-------------------------------------------------< Contains Condition >---
-
-    static class Contains implements Condition {
+    class Contains implements Condition {
 
         private final String relPath;
         private final String searchExpr;
@@ -123,8 +120,7 @@ interface Condition {
     }
 
     //--------------------------------------------< Impersonation Condition >---
-
-    static class Impersonation implements Condition {
+    class Impersonation implements Condition {
 
         private final String name;
 
@@ -142,8 +138,7 @@ interface Condition {
     }
 
     //------------------------------------------------------< Not Condition >---
-
-    static class Not implements Condition {
+    class Not implements Condition {
 
         private final Condition condition;
 
@@ -161,8 +156,7 @@ interface Condition {
     }
 
     //-------------------------------------------------< Compound Condition >---
-
-    abstract static class Compound implements Condition, Iterable<Condition> {
+    abstract class Compound implements Condition, Iterable<Condition> {
 
         private final List<Condition> conditions = new ArrayList<Condition>();
 
@@ -177,8 +171,7 @@ interface Condition {
     }
 
     //------------------------------------------------------< And Condition >---
-
-    static class And extends Compound {
+    class And extends Compound {
 
         public And(Condition condition1, Condition condition2) {
             super(condition1, condition2);
@@ -190,8 +183,7 @@ interface Condition {
     }
 
     //-------------------------------------------------------< Or Condition >---
-
-    static class Or extends Compound {
+    class Or extends Compound {
 
         public Or(Condition condition1, Condition condition2) {
             super(condition1, condition2);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/QueryUtil.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/QueryUtil.java?rev=1430941&r1=1430940&r2=1430941&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/QueryUtil.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/QueryUtil.java
Wed Jan  9 16:34:04 2013
@@ -26,7 +26,7 @@ import org.apache.jackrabbit.oak.spi.sec
 /**
  * QueryUtil... TODO
  */
-public class QueryUtil {
+public final class QueryUtil {
 
     private QueryUtil() {}
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ResultIterator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ResultIterator.java?rev=1430941&r1=1430940&r2=1430941&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ResultIterator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/ResultIterator.java
Wed Jan  9 16:34:04 2013
@@ -27,10 +27,10 @@ import java.util.NoSuchElementException;
  *
  * TODO move to query-commons ?
  */
-public class ResultIterator<T> implements Iterator<T> {
+public final class ResultIterator<T> implements Iterator<T> {
 
-    public final static int OFFSET_NONE = 0;
-    public final static int MAX_ALL = -1;
+    public static final int OFFSET_NONE = 0;
+    public static final int MAX_ALL = -1;
 
     private final Iterator<T> iterator;
     private final long offset;

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java?rev=1430941&r1=1430940&r2=1430941&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java
Wed Jan  9 16:34:04 2013
@@ -70,11 +70,6 @@ public class XPathQueryEvaluator impleme
             return Iterators.emptyIterator();
         }
 
-        statement.append(QueryUtil.getSearchRoot(builder.getSelectorType(), config))
-                .append("//element(*,")
-                .append(QueryUtil.getNodeTypeName(builder.getSelectorType()))
-                .append(')');
-
         Value bound = builder.getBound();
         Condition condition = builder.getCondition();
         String sortCol = builder.getSortProperty();
@@ -92,6 +87,10 @@ public class XPathQueryEvaluator impleme
             }
         }
 
+        String searchRoot = QueryUtil.getSearchRoot(builder.getSelectorType(), config);
+        String ntName = QueryUtil.getNodeTypeName(builder.getSelectorType());
+        statement.append(searchRoot).append("//element(*,").append(ntName).append(')');
+
         if (condition != null) {
             statement.append('[');
             condition.accept(this);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/AuthorizableNodeName.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/AuthorizableNodeName.java?rev=1430941&r1=1430940&r2=1430941&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/AuthorizableNodeName.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/AuthorizableNodeName.java
Wed Jan  9 16:34:04 2013
@@ -29,7 +29,7 @@ public interface AuthorizableNodeName {
      *
      * @see AuthorizableNodeName.Default
      */
-    public AuthorizableNodeName DEFAULT = new Default();
+    AuthorizableNodeName DEFAULT = new Default();
 
     /**
      * Generates a node name from the specified {@code authorizableId}.
@@ -45,7 +45,7 @@ public interface AuthorizableNodeName {
      * {@link org.apache.jackrabbit.util.Text#escapeIllegalJcrChars(String) escaping}
      * any illegal JCR chars.
      */
-    public static final class Default implements AuthorizableNodeName {
+    final class Default implements AuthorizableNodeName {
 
         @Override
         public String generateNodeName(String authorizableId) {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/PasswordUtility.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/PasswordUtility.java?rev=1430941&r1=1430940&r2=1430941&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/PasswordUtility.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/PasswordUtility.java
Wed Jan  9 16:34:04 2013
@@ -31,7 +31,7 @@ import org.slf4j.LoggerFactory;
 /**
  * Utility to generate and compare password hashes.
  */
-public class PasswordUtility {
+public final class PasswordUtility {
 
     private static final Logger log = LoggerFactory.getLogger(PasswordUtility.class);
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java?rev=1430941&r1=1430940&r2=1430941&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java
Wed Jan  9 16:34:04 2013
@@ -34,6 +34,8 @@ import static org.apache.jackrabbit.oak.
  */
 public final class UserUtility implements UserConstants {
 
+    private UserUtility() {}
+
     @Nonnull
     public static String getAdminId(ConfigurationParameters parameters) {
         return parameters.getConfigValue(PARAM_ADMIN_ID, DEFAULT_ADMIN_ID);



Mime
View raw message