jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1438041 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/use...
Date Thu, 24 Jan 2013 15:12:55 GMT
Author: angela
Date: Thu Jan 24 15:12:55 2013
New Revision: 1438041

URL: http://svn.apache.org/viewvc?rev=1438041&view=rev
Log:
OAK-51 : Access Control Management (WIP)
OAK-90 : Implement Principal Management (simplify config and replace principalprovider by
p-mgr where possible)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalImplTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlListTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACLTest.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java?rev=1438041&r1=1438040&r2=1438041&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
Thu Jan 24 15:12:55 2013
@@ -31,9 +31,11 @@ import javax.jcr.security.AccessControlE
 import javax.jcr.security.Privilege;
 
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
+import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlList;
 import org.apache.jackrabbit.oak.spi.security.authorization.ACE;
+import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlList;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -58,6 +60,11 @@ abstract class ACL extends AbstractAcces
         }
     }
 
+    abstract PrincipalManager getPrincipalManager();
+
+    abstract PrivilegeManager getPrivilegeManager();
+
+    //------------------------------------------< AbstractAccessControlList >---
     @Nonnull
     @Override
     public List<JackrabbitAccessControlEntry> getEntries() {
@@ -82,9 +89,15 @@ abstract class ACL extends AbstractAcces
         if (privileges == null || privileges.length == 0) {
             throw new AccessControlException("Privileges may not be null nor an empty array");
         }
-        // TODO: check again.
-        // NOTE: in contrast to jr2 any further validation and optimization of
-        // the entry list is delegated to the commit validator
+        for (Privilege p : privileges) {
+            getPrivilegeManager().getPrivilege(p.getName());
+        }
+
+        if (principal == null || !getPrincipalManager().hasPrincipal(principal.getName()))
{
+            String msg = "Unknown principal " + ((principal == null) ? "null" : principal.getName());
+            throw new AccessControlException(msg);
+        }
+
         Set<Restriction> rs;
         if (restrictions == null) {
             rs = Collections.emptySet();

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java?rev=1438041&r1=1438040&r2=1438041&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
Thu Jan 24 15:12:55 2013
@@ -32,6 +32,7 @@ import javax.jcr.security.AccessControlP
 import javax.jcr.security.Privilege;
 
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
@@ -39,7 +40,6 @@ import org.apache.jackrabbit.oak.plugins
 import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
-import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.xml.NodeInfo;
 import org.apache.jackrabbit.oak.spi.xml.PropInfo;
 import org.apache.jackrabbit.oak.spi.xml.ProtectedNodeImporter;
@@ -65,7 +65,7 @@ class AccessControlImporter implements P
 
     private NamePathMapper namePathMapper;
     private AccessControlManager acMgr;
-    private PrincipalProvider principalProvider;
+    private PrincipalManager principalManager;
     private ReadOnlyNodeTypeManager ntMgr;
 
     private boolean initialized = false;
@@ -93,7 +93,7 @@ class AccessControlImporter implements P
             } else {
                 acMgr = session.getAccessControlManager();
             }
-            principalProvider = securityProvider.getPrincipalConfiguration().getPrincipalProvider(root,
namePathMapper);
+            principalManager = securityProvider.getPrincipalConfiguration().getPrincipalManager(root,
namePathMapper);
             ntMgr = ReadOnlyNodeTypeManager.getInstance(root, namePathMapper);
             initialized = true;
         } catch (RepositoryException e) {
@@ -231,7 +231,7 @@ class AccessControlImporter implements P
 
         private void setPrincipal(TextValue txtValue) {
             String principalName = txtValue.getString();
-            principal = principalProvider.getPrincipal(principalName);
+            principal = principalManager.getPrincipal(principalName);
             // TODO: review handling of unknown principals
             if (principal == null) {
                 principal = new PrincipalImpl(principalName);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1438041&r1=1438040&r2=1438041&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
Thu Jan 24 15:12:55 2013
@@ -43,6 +43,7 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
 import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
 import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.commons.iterator.AccessControlPolicyIteratorAdapter;
 import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
 import org.apache.jackrabbit.oak.api.PropertyState;
@@ -64,7 +65,6 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.authorization.ImmutableACL;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
-import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.state.PropertyBuilder;
 import org.apache.jackrabbit.oak.util.NodeUtil;
 import org.apache.jackrabbit.util.ISO9075;
@@ -85,7 +85,7 @@ public class AccessControlManagerImpl im
     private final NamePathMapper namePathMapper;
 
     private final PrivilegeManager privilegeManager;
-    private final PrincipalProvider principalProvider;
+    private final PrincipalManager principalManager;
     private final RestrictionProvider restrictionProvider;
     private final ReadOnlyNodeTypeManager ntMgr;
 
@@ -95,7 +95,7 @@ public class AccessControlManagerImpl im
         this.namePathMapper = namePathMapper;
 
         privilegeManager = securityProvider.getPrivilegeConfiguration().getPrivilegeManager(root,
namePathMapper);
-        principalProvider = securityProvider.getPrincipalConfiguration().getPrincipalProvider(root,
namePathMapper);
+        principalManager = securityProvider.getPrincipalConfiguration().getPrincipalManager(root,
namePathMapper);
         restrictionProvider = securityProvider.getAccessControlConfiguration().getRestrictionProvider(namePathMapper);
         ntMgr = ReadOnlyNodeTypeManager.getInstance(root, namePathMapper);
     }
@@ -489,7 +489,7 @@ public class AccessControlManagerImpl im
     @Nonnull
     private Principal getPrincipal(@Nonnull NodeUtil aceNode) {
         String principalName = checkNotNull(aceNode.getString(REP_PRINCIPAL_NAME, null));
-        Principal principal = principalProvider.getPrincipal(principalName);
+        Principal principal = principalManager.getPrincipal(principalName);
         if (principal == null) {
             log.debug("Unknown principal " + principalName);
             principal = new PrincipalImpl(principalName);
@@ -565,20 +565,32 @@ public class AccessControlManagerImpl im
         public RestrictionProvider getRestrictionProvider() {
             return restrictionProvider;
         }
+
+        @Override
+        PrincipalManager getPrincipalManager() {
+            return principalManager;
+        }
+
+        @Override
+        PrivilegeManager getPrivilegeManager() {
+            return privilegeManager;
+        }
     }
 
-    private class PrincipalACL extends ACL {
+    private class PrincipalACL extends NodeACL {
 
-        private final RestrictionProvider restrictionProvider;
-        private PrincipalACL(String oakPath, List<JackrabbitAccessControlEntry> entries,
RestrictionProvider restrictionProvider) {
-            super(oakPath, entries, namePathMapper);
-            this.restrictionProvider = restrictionProvider;
+        private final RestrictionProvider rProvider;
+
+        private PrincipalACL(String oakPath, List<JackrabbitAccessControlEntry> entries,
+                             RestrictionProvider restrictionProvider) {
+            super(oakPath, entries);
+            rProvider = restrictionProvider;
         }
 
         @Nonnull
         @Override
         public RestrictionProvider getRestrictionProvider() {
-            return restrictionProvider;
+            return rProvider;
         }
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImpl.java?rev=1438041&r1=1438040&r2=1438041&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImpl.java
Thu Jan 24 15:12:55 2013
@@ -17,7 +17,6 @@
 package org.apache.jackrabbit.oak.security.principal;
 
 import javax.annotation.Nonnull;
-import javax.jcr.Session;
 
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.oak.api.Root;
@@ -41,7 +40,7 @@ public class PrincipalConfigurationImpl 
 
     @Nonnull
     @Override
-    public PrincipalManager getPrincipalManager(Session session, Root root, NamePathMapper
namePathMapper) {
+    public PrincipalManager getPrincipalManager(Root root, NamePathMapper namePathMapper)
{
         PrincipalProvider principalProvider = getPrincipalProvider(root, namePathMapper);
         return new PrincipalManagerImpl(principalProvider);
     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java?rev=1438041&r1=1438040&r2=1438041&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
Thu Jan 24 15:12:55 2013
@@ -24,6 +24,7 @@ import javax.jcr.RepositoryException;
 import javax.security.auth.Subject;
 
 import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.Impersonation;
 import org.apache.jackrabbit.api.security.user.User;
@@ -33,7 +34,6 @@ import org.apache.jackrabbit.oak.api.Typ
 import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalIteratorAdapter;
-import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -51,11 +51,11 @@ class ImpersonationImpl implements Imper
     private static final Logger log = LoggerFactory.getLogger(ImpersonationImpl.class);
 
     private final UserImpl user;
-    private final PrincipalProvider principalProvider;
+    private final PrincipalManager principalManager;
 
     ImpersonationImpl(UserImpl user) throws RepositoryException {
         this.user = user;
-        this.principalProvider = user.getUserManager().getPrincipalProvider();
+        this.principalManager = user.getUserManager().getPrincipalManager();
     }
 
     //------------------------------------------------------< Impersonation >---
@@ -70,7 +70,7 @@ class ImpersonationImpl implements Imper
         } else {
             Set<Principal> s = new HashSet<Principal>();
             for (final String pName : impersonators) {
-                Principal p = principalProvider.getPrincipal(pName);
+                Principal p = principalManager.getPrincipal(pName);
                 if (p == null) {
                     log.debug("Impersonator " + pName + " does not correspond to a known
Principal.");
                     p = new PrincipalImpl(pName);
@@ -88,7 +88,7 @@ class ImpersonationImpl implements Imper
     @Override
     public boolean grantImpersonation(Principal principal) throws RepositoryException {
         String principalName = principal.getName();
-        Principal p = principalProvider.getPrincipal(principalName);
+        Principal p = principalManager.getPrincipal(principalName);
         if (p == null) {
             log.debug("Cannot grant impersonation to an unknown principal.");
             return false;

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java?rev=1438041&r1=1438040&r2=1438041&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java
Thu Jan 24 15:12:55 2013
@@ -34,6 +34,7 @@ import javax.jcr.nodetype.PropertyDefini
 
 import org.apache.jackrabbit.api.JackrabbitSession;
 import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.api.security.user.Impersonation;
@@ -47,7 +48,6 @@ import org.apache.jackrabbit.oak.namepat
 import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
 import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
-import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.xml.NodeInfo;
 import org.apache.jackrabbit.oak.spi.xml.PropInfo;
@@ -390,8 +390,8 @@ public class UserImporter implements Pro
     }
 
     @Nonnull
-    private PrincipalProvider getPrincipalProvider() throws RepositoryException {
-        return userManager.getPrincipalProvider();
+    private PrincipalManager getPrincipalManager() throws RepositoryException {
+        return userManager.getPrincipalManager();
     }
 
     private void checkInitialized() {
@@ -586,7 +586,7 @@ public class UserImporter implements Pro
                 if (!imp.grantImpersonation(new PrincipalImpl(principalName))) {
                     handleFailure("Failed to grant impersonation for " + principalName +
" on " + a);
                     if (importBehavior == ImportBehavior.BESTEFFORT &&
-                            getPrincipalProvider().getPrincipal(principalName) == null) {
+                            getPrincipalManager().getPrincipal(principalName) == null) {
                         log.info("ImportBehavior.BESTEFFORT: Remember non-existing impersonator
for special processing.");
                         nonExisting.add(principalName);
                     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?rev=1438041&r1=1438040&r2=1438041&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
Thu Jan 24 15:12:55 2013
@@ -27,6 +27,7 @@ import javax.annotation.Nullable;
 import javax.jcr.RepositoryException;
 import javax.jcr.UnsupportedRepositoryOperationException;
 
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
 import org.apache.jackrabbit.api.security.user.Group;
@@ -42,7 +43,6 @@ import org.apache.jackrabbit.oak.securit
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
-import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
@@ -310,8 +310,8 @@ public class UserManagerImpl implements 
     }
 
     @Nonnull
-    PrincipalProvider getPrincipalProvider() throws RepositoryException {
-        return securityProvider.getPrincipalConfiguration().getPrincipalProvider(root, namePathMapper);
+    PrincipalManager getPrincipalManager() throws RepositoryException {
+        return securityProvider.getPrincipalConfiguration().getPrincipalManager(root, namePathMapper);
     }
 
     @Nonnull

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java?rev=1438041&r1=1438040&r2=1438041&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java
Thu Jan 24 15:12:55 2013
@@ -17,7 +17,6 @@
 package org.apache.jackrabbit.oak.spi.security.principal;
 
 import javax.annotation.Nonnull;
-import javax.jcr.Session;
 
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.oak.api.Root;
@@ -30,7 +29,7 @@ import org.apache.jackrabbit.oak.spi.sec
 public interface PrincipalConfiguration extends SecurityConfiguration {
 
     @Nonnull
-    PrincipalManager getPrincipalManager(Session session, Root root, NamePathMapper namePathMapper);
+    PrincipalManager getPrincipalManager(Root root, NamePathMapper namePathMapper);
 
     @Nonnull
     PrincipalProvider getPrincipalProvider(Root root, NamePathMapper namePathMapper);

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java?rev=1438041&r1=1438040&r2=1438041&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
Thu Jan 24 15:12:55 2013
@@ -20,7 +20,6 @@ import java.security.Principal;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
-import javax.annotation.Nonnull;
 import javax.jcr.Value;
 import javax.jcr.security.AccessControlEntry;
 import javax.jcr.security.AccessControlException;
@@ -28,6 +27,8 @@ import javax.jcr.security.Privilege;
 
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
 import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
@@ -37,8 +38,8 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlListTest;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.junit.Before;
-import org.junit.Ignore;
 import org.junit.Test;
 
 import static org.junit.Assert.assertEquals;
@@ -54,6 +55,9 @@ import static org.junit.Assert.fail;
  */
 public class ACLTest extends AbstractAccessControlListTest{
 
+    private PrivilegeManager privilegeManager;
+    private PrincipalManager principalManager;
+
     private AbstractAccessControlList emptyAcl;
     private Principal testPrincipal;
     private Privilege[] testPrivileges;
@@ -63,29 +67,34 @@ public class ACLTest extends AbstractAcc
     public void before() throws Exception {
         super.before();
 
+        privilegeManager = getPrivilegeManager();
+        principalManager = getSecurityProvider().getPrincipalConfiguration().getPrincipalManager(root,
getNamePathMapper());
+
         emptyAcl = createEmptyACL();
-        testPrincipal = getTestPrincipal("testUser");
+        testPrincipal = getTestPrincipal();
         testPrivileges = privilegesFromNames(PrivilegeConstants.JCR_ADD_CHILD_NODES, PrivilegeConstants.JCR_LOCK_MANAGEMENT);
     }
 
-    private Principal getTestPrincipal(String name) {
-        return new PrincipalImpl(name);
-    }
-
     @Override
     protected AbstractAccessControlList createACL(String jcrPath, List<JackrabbitAccessControlEntry>
entries, NamePathMapper namePathMapper) {
         String path = (jcrPath == null) ? null : namePathMapper.getOakPathKeepIndex(jcrPath);
         final RestrictionProvider rp = getRestrictionProvider();
         return new ACL(path, entries, namePathMapper) {
-            @Nonnull
             @Override
             public RestrictionProvider getRestrictionProvider() {
                 return rp;
             }
+            @Override
+            PrincipalManager getPrincipalManager() {
+                return principalManager;
+            }
+            @Override
+            PrivilegeManager getPrivilegeManager() {
+                return privilegeManager;
+            }
         };
     }
 
-    @Ignore // TODO: principal not yet validated
     @Test
     public void testAddInvalidEntry() throws Exception {
         Principal unknownPrincipal = new PrincipalImpl("unknown");
@@ -113,7 +122,6 @@ public class ACLTest extends AbstractAcc
         }
     }
 
-    @Ignore // TODO: privileges not yet validated upon addACE
     @Test
     public void testAddEntryWithInvalidPrivilege() throws Exception {
         try {
@@ -208,7 +216,7 @@ public class ACLTest extends AbstractAcc
         AbstractAccessControlList acl = createEmptyACL();
         acl.addAccessControlEntry(testPrincipal, read);
         acl.addEntry(testPrincipal, write, false);
-        acl.addAccessControlEntry(getTestPrincipal("p2"), write);
+        acl.addAccessControlEntry(EveryonePrincipal.getInstance(), write);
 
         List<JackrabbitAccessControlEntry> entries = acl.getEntries();
         assertEquals(3, entries.size());
@@ -228,7 +236,7 @@ public class ACLTest extends AbstractAcc
         AbstractAccessControlList acl = createEmptyACL();
         acl.addAccessControlEntry(testPrincipal, read);
         acl.addEntry(testPrincipal, write, false);
-        acl.addAccessControlEntry(getTestPrincipal("p2"), write);
+        acl.addAccessControlEntry(EveryonePrincipal.getInstance(), write);
 
         AccessControlEntry[] entries = acl.getAccessControlEntries();
 
@@ -256,7 +264,7 @@ public class ACLTest extends AbstractAcc
         Privilege[] write = privilegesFromNames(PrivilegeConstants.JCR_WRITE);
 
         emptyAcl.addAccessControlEntry(testPrincipal, read);
-        emptyAcl.addAccessControlEntry(getTestPrincipal("p2"), write);
+        emptyAcl.addAccessControlEntry(EveryonePrincipal.getInstance(), write);
 
         AccessControlEntry invalid = new ACE(testPrincipal, write, false, Collections.<Restriction>emptySet());
         try {

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalImplTest.java?rev=1438041&r1=1438040&r2=1438041&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalImplTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalImplTest.java
Thu Jan 24 15:12:55 2013
@@ -71,9 +71,11 @@ public class PrincipalImplTest {
         }
     }
 
+    //--------------------------------------------------------------------------
+
     private class TestPrincipal extends PrincipalImpl {
 
-        public TestPrincipal(String name) {
+        private TestPrincipal(String name) {
             super(name);
         }
     }

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlListTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlListTest.java?rev=1438041&r1=1438040&r2=1438041&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlListTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlListTest.java
Thu Jan 24 15:12:55 2013
@@ -16,6 +16,7 @@
  */
 package org.apache.jackrabbit.oak.spi.security.authorization;
 
+import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -56,6 +57,11 @@ public abstract class AbstractAccessCont
         return testPath;
     }
 
+    protected Principal getTestPrincipal() {
+        // TODO: add proper implementation
+        return new PrincipalImpl("admin");
+    }
+
     protected AbstractAccessControlList createEmptyACL() {
         return createACL(getTestPath(), Collections.<JackrabbitAccessControlEntry>emptyList(),
namePathMapper);
     }

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACLTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACLTest.java?rev=1438041&r1=1438040&r2=1438041&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACLTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/ImmutableACLTest.java
Thu Jan 24 15:12:55 2013
@@ -28,7 +28,6 @@ import javax.jcr.security.Privilege;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.security.principal.PrincipalImpl;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
@@ -53,7 +52,7 @@ public class ImmutableACLTest extends Ab
     public void before() throws Exception {
         super.before();
 
-        testPrincipal = new PrincipalImpl("testPrincipal");
+        testPrincipal = getTestPrincipal();
         testPrivileges = privilegesFromNames(PrivilegeConstants.JCR_READ, PrivilegeConstants.JCR_ADD_CHILD_NODES);
     }
 

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java?rev=1438041&r1=1438040&r2=1438041&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
Thu Jan 24 15:12:55 2013
@@ -500,7 +500,7 @@ public class SessionDelegate {
     PrincipalManager getPrincipalManager() throws RepositoryException {
         if (principalManager == null) {
             if (securityProvider != null) {
-                principalManager = securityProvider.getPrincipalConfiguration().getPrincipalManager(session,
root, getNamePathMapper());
+                principalManager = securityProvider.getPrincipalConfiguration().getPrincipalManager(root,
getNamePathMapper());
             } else {
                 throw new UnsupportedRepositoryOperationException("Principal management not
supported.");
             }



Mime
View raw message