jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1447237 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak: ./ core/ security/authentication/ security/authorization/ security/privilege/ security/user/ spi/commit/ spi/security/ spi/security/authentication/ spi/se...
Date Mon, 18 Feb 2013 13:04:37 GMT
Author: angela
Date: Mon Feb 18 13:04:37 2013
New Revision: 1447237

URL: http://svn.apache.org/r1447237
Log:
OAK-625 : Ability to pass workspace name to a CommitHook

moving init of security related commit hooks and validators to RootImpl to allow for run-time pluggability and multi-workspace setup.

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/CommitHookProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java?rev=1447237&r1=1447236&r2=1447237&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java Mon Feb 18 13:04:37 2013
@@ -33,11 +33,9 @@ import org.apache.jackrabbit.oak.plugins
 import org.apache.jackrabbit.oak.plugins.index.IndexHookManager;
 import org.apache.jackrabbit.oak.plugins.index.IndexHookProvider;
 import org.apache.jackrabbit.oak.spi.commit.CommitHook;
-import org.apache.jackrabbit.oak.spi.commit.CommitHookProvider;
 import org.apache.jackrabbit.oak.spi.commit.CompositeHook;
 import org.apache.jackrabbit.oak.spi.commit.CompositeValidatorProvider;
 import org.apache.jackrabbit.oak.spi.commit.ConflictHandler;
-import org.apache.jackrabbit.oak.spi.commit.EmptyHook;
 import org.apache.jackrabbit.oak.spi.commit.ValidatingHook;
 import org.apache.jackrabbit.oak.spi.commit.Validator;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
@@ -82,8 +80,6 @@ public class Oak {
 
     private List<ValidatorProvider> validatorProviders = newArrayList();
 
-    private List<CommitHookProvider> securityHookProviders = newArrayList();
-
     // TODO: review if we really want to have the OpenSecurityProvider as default.
     private SecurityProvider securityProvider = new OpenSecurityProvider();
 
@@ -177,24 +173,6 @@ public class Oak {
     }
 
     /**
-     * Adds all currently tracked security related hooks to the commit hook that
-     * is used to create the content repository.
-     */
-    private void withSecurityHooks() {
-        if (!securityHookProviders.isEmpty()) {
-            for (CommitHookProvider provider : securityHookProviders) {
-                // FIXME: hack to pass the workspace name into the commit hook
-                // FIXME: this needs to be re-factored once we add support for multiple workspaces support (OAK-118)
-                CommitHook hook = provider.getCommitHook(defaultWorkspaceName);
-                if (hook != EmptyHook.INSTANCE) {
-                    commitHooks.add(hook);
-                }
-            }
-            securityHookProviders = newArrayList();
-        }
-    }
-
-    /**
      * Associates the given validator provider with the repository to
      * be created.
      *
@@ -229,8 +207,6 @@ public class Oak {
     public Oak with(@Nonnull SecurityProvider securityProvider) {
         this.securityProvider = securityProvider;
         for (SecurityConfiguration sc : securityProvider.getSecurityConfigurations()) {
-            validatorProviders.addAll(sc.getValidatorProviders());
-            securityHookProviders.add(sc.getCommitHookProvider());
             initializers.add(sc.getRepositoryInitializer());
         }
         return this;
@@ -250,15 +226,11 @@ public class Oak {
     }
 
     public ContentRepository createContentRepository() {
-        IndexHookProvider indexHooks = CompositeIndexHookProvider
-                .compose(indexHookProviders);
-        OakInitializer.initialize(store,
-                new CompositeInitializer(initializers), indexHooks);
+        IndexHookProvider indexHooks = CompositeIndexHookProvider.compose(indexHookProviders);
+        OakInitializer.initialize(store, new CompositeInitializer(initializers), indexHooks);
 
         commitHooks.add(IndexHookManager.of(indexHooks));
-
         withValidatorHook();
-        withSecurityHooks();
 
         return new ContentRepositoryImpl(
                 store,

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java?rev=1447237&r1=1447236&r2=1447237&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java Mon Feb 18 13:04:37 2013
@@ -30,7 +30,6 @@ import org.apache.jackrabbit.oak.spi.que
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContext;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
 import org.apache.jackrabbit.oak.spi.state.NodeStore;
 
 /**
@@ -84,8 +83,7 @@ public class ContentRepositoryImpl imple
         LoginContext loginContext = lcProvider.getLoginContext(credentials, workspaceName);
         loginContext.login();
 
-        AccessControlConfiguration acConfiguration = securityProvider.getAccessControlConfiguration();
-        return new ContentSessionImpl(loginContext, acConfiguration, workspaceName,
+        return new ContentSessionImpl(loginContext, securityProvider, workspaceName,
                 nodeStore, commitHook, indexProvider);
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java?rev=1447237&r1=1447236&r2=1447237&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java Mon Feb 18 13:04:37 2013
@@ -27,8 +27,8 @@ import org.apache.jackrabbit.oak.api.Con
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.spi.commit.CommitHook;
 import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContext;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
 import org.apache.jackrabbit.oak.spi.state.NodeStore;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -43,7 +43,7 @@ class ContentSessionImpl implements Cont
     private static final Logger log = LoggerFactory.getLogger(ContentSessionImpl.class);
 
     private final LoginContext loginContext;
-    private final AccessControlConfiguration accConfiguration;
+    private final SecurityProvider securityProvider;
     private final String workspaceName;
     private final NodeStore store;
     private final CommitHook hook;
@@ -52,10 +52,10 @@ class ContentSessionImpl implements Cont
     private volatile boolean live = true;
 
     public ContentSessionImpl(LoginContext loginContext,
-            AccessControlConfiguration accConfiguration, String workspaceName,
-            NodeStore store, CommitHook hook, QueryIndexProvider indexProvider) {
+                              SecurityProvider securityProvider, String workspaceName,
+                              NodeStore store, CommitHook hook, QueryIndexProvider indexProvider) {
         this.loginContext = loginContext;
-        this.accConfiguration = accConfiguration;
+        this.securityProvider = securityProvider;
         this.workspaceName = workspaceName;
         this.store = store;
         this.hook = hook;
@@ -90,7 +90,7 @@ class ContentSessionImpl implements Cont
         checkLive();
         RootImpl root = new RootImpl(
                 store, hook, workspaceName, loginContext.getSubject(),
-                accConfiguration, indexProvider) {
+                securityProvider, indexProvider) {
             @Override
             protected void checkLive() {
                 ContentSessionImpl.this.checkLive();

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java?rev=1447237&r1=1447236&r2=1447237&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java Mon Feb 18 13:04:37 2013
@@ -22,10 +22,13 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
+import java.util.ArrayList;
 import java.util.Collections;
+import java.util.List;
 import javax.annotation.Nonnull;
 import javax.security.auth.Subject;
 
+import org.apache.jackrabbit.oak.Oak;
 import org.apache.jackrabbit.oak.api.Blob;
 import org.apache.jackrabbit.oak.api.BlobFactory;
 import org.apache.jackrabbit.oak.api.CommitFailedException;
@@ -37,12 +40,14 @@ import org.apache.jackrabbit.oak.commons
 import org.apache.jackrabbit.oak.plugins.index.diffindex.UUIDDiffIndexProviderWrapper;
 import org.apache.jackrabbit.oak.query.QueryEngineImpl;
 import org.apache.jackrabbit.oak.spi.commit.CommitHook;
+import org.apache.jackrabbit.oak.spi.commit.CompositeHook;
 import org.apache.jackrabbit.oak.spi.commit.EmptyHook;
 import org.apache.jackrabbit.oak.spi.observation.ChangeExtractor;
 import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider;
 import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
-import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlConfiguration;
+import org.apache.jackrabbit.oak.spi.security.OpenSecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.PermissionProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
 import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
@@ -68,14 +73,16 @@ public class RootImpl implements Root {
      */
     private final NodeStore store;
 
+    private final String workspaceName;
+
     private final CommitHook hook;
 
     private final Subject subject;
 
     /**
-     * The access control context provider.
+     * The security provider.
      */
-    private final AccessControlConfiguration accConfiguration;
+    private final SecurityProvider securityProvider;
 
     /**
      * Current branch this root operates on
@@ -102,20 +109,20 @@ public class RootImpl implements Root {
      * @param hook             the commit hook
      * @param workspaceName    name of the workspace
      * @param subject          the subject.
-     * @param accConfiguration the access control context provider.
+     * @param securityProvider the security configuration.
      * @param indexProvider    the query index provider.
      */
-    @SuppressWarnings("UnusedParameters")
     public RootImpl(NodeStore store,
                     CommitHook hook,
                     String workspaceName,
                     Subject subject,
-                    AccessControlConfiguration accConfiguration,
+                    SecurityProvider securityProvider,
                     QueryIndexProvider indexProvider) {
         this.store = checkNotNull(store);
+        this.workspaceName = checkNotNull(workspaceName);
         this.hook = checkNotNull(hook);
         this.subject = checkNotNull(subject);
-        this.accConfiguration = checkNotNull(accConfiguration);
+        this.securityProvider = checkNotNull(securityProvider);
         this.indexProvider = indexProvider;
         refresh();
     }
@@ -128,9 +135,11 @@ public class RootImpl implements Root {
     // TODO: review if this constructor really makes sense and cannot be replaced.
     public RootImpl(NodeStore store, QueryIndexProvider indexProvider) {
         this.store = checkNotNull(store);
+        // FIXME: define proper default or pass workspace name with the constructor
+        this.workspaceName = Oak.DEFAULT_WORKSPACE_NAME;
         this.hook = EmptyHook.INSTANCE;
         this.subject = new Subject(true, Collections.singleton(SystemPrincipal.INSTANCE), Collections.<Object>emptySet(), Collections.<Object>emptySet());
-        this.accConfiguration = new OpenAccessControlConfiguration();
+        this.securityProvider = new OpenSecurityProvider();
         this.indexProvider = indexProvider;
         refresh();
     }
@@ -144,7 +153,7 @@ public class RootImpl implements Root {
      */
     public Root getLatest() {
         checkLive();
-        RootImpl root = new RootImpl(store, hook, null, subject, accConfiguration, getIndexProvider()) {
+        RootImpl root = new RootImpl(store, hook, workspaceName, subject, securityProvider, getIndexProvider()) {
             @Override
             protected void checkLive() {
                 RootImpl.this.checkLive();
@@ -245,7 +254,7 @@ public class RootImpl implements Root {
             @Override
             public CommitFailedException run() {
                 try {
-                    branch.merge(hook);
+                    branch.merge(getCommitHook());
                     return null;
                 } catch (CommitFailedException e) {
                     return e;
@@ -258,6 +267,31 @@ public class RootImpl implements Root {
         refresh();
     }
 
+    /**
+     * Combine the globally defined commit hook(s) with the hooks and
+     * validators defined by the various security related configurations.
+     *
+     * @return A commit hook combining repository global commit hook(s) with
+     *         the pluggable hooks defined with the security modules.
+     */
+    private CommitHook getCommitHook() {
+        List<CommitHook> commitHooks = new ArrayList<CommitHook>();
+        commitHooks.add(hook);
+        List<CommitHook> securityHooks = new ArrayList<CommitHook>();
+        for (SecurityConfiguration sc : securityProvider.getSecurityConfigurations()) {
+            CommitHook validators = sc.getValidators().getCommitHook(workspaceName);
+            if (validators != EmptyHook.INSTANCE) {
+                commitHooks.add(validators);
+            }
+            CommitHook ch = sc.getSecurityHooks().getCommitHook(workspaceName);
+            if (ch != EmptyHook.INSTANCE) {
+                securityHooks.add(ch);
+            }
+        }
+        commitHooks.addAll(securityHooks);
+        return CompositeHook.compose(commitHooks);
+    }
+
     // TODO: find a better solution for passing in additional principals
     private Subject getCombinedSubject() {
         Subject accSubject = Subject.getSubject(AccessController.getContext());
@@ -359,7 +393,7 @@ public class RootImpl implements Root {
     }
 
     PermissionProvider getPermissionProvider() {
-        return accConfiguration.getPermissionProvider(this, subject.getPrincipals());
+        return securityProvider.getAccessControlConfiguration().getPermissionProvider(this, subject.getPrincipals());
     }
 
     //------------------------------------------------------------< private >---

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java?rev=1447237&r1=1447236&r2=1447237&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java Mon Feb 18 13:04:37 2013
@@ -30,19 +30,17 @@ import org.apache.jackrabbit.oak.spi.que
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.callback.CredentialsCallback;
 import org.apache.jackrabbit.oak.spi.security.authentication.callback.RepositoryCallback;
-import org.apache.jackrabbit.oak.spi.security.authentication.callback.SecurityProviderCallback;
 import org.apache.jackrabbit.oak.spi.state.NodeStore;
 
 /**
  * Default implementation of the {@link CallbackHandler} interface. It currently
  * supports the following {@code Callback} implementations:
- *
+ * <p/>
  * <ul>
- *     <li>{@link CredentialsCallback}</li>
- *     <li>{@link NameCallback}</li>
- *     <li>{@link PasswordCallback}</li>
- *     <li>{@link SecurityProviderCallback}</li>
- *     <li>{@link RepositoryCallback}</li>
+ * <li>{@link CredentialsCallback}</li>
+ * <li>{@link NameCallback}</li>
+ * <li>{@link PasswordCallback}</li>
+ * <li>{@link RepositoryCallback}</li>
  * </ul>
  */
 public class CallbackHandlerImpl implements CallbackHandler {
@@ -75,11 +73,10 @@ public class CallbackHandlerImpl impleme
                 ((NameCallback) callback).setName(getName());
             } else if (callback instanceof PasswordCallback) {
                 ((PasswordCallback) callback).setPassword(getPassword());
-            } else if (callback instanceof SecurityProviderCallback) {
-                ((SecurityProviderCallback) callback).setSecurityProvider(securityProvider);
             } else if (callback instanceof RepositoryCallback) {
                 RepositoryCallback repositoryCallback = (RepositoryCallback) callback;
                 repositoryCallback.setNodeStore(nodeStore);
+                repositoryCallback.setSecurityProvider(securityProvider);
                 repositoryCallback.setCommitHook(commitHook);
                 repositoryCallback.setIndexProvider(indexProvider);
                 repositoryCallback.setWorkspaceName(workspaceName);
@@ -91,7 +88,7 @@ public class CallbackHandlerImpl impleme
 
     //------------------------------------------------------------< private >---
 
-    private String getName(){
+    private String getName() {
         if (credentials instanceof SimpleCredentials) {
             return ((SimpleCredentials) credentials).getUserID();
         } else {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java?rev=1447237&r1=1447236&r2=1447237&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java Mon Feb 18 13:04:37 2013
@@ -17,7 +17,6 @@
 package org.apache.jackrabbit.oak.security.authorization;
 
 import java.security.Principal;
-import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 import java.util.Set;
@@ -31,7 +30,7 @@ import org.apache.jackrabbit.oak.securit
 import org.apache.jackrabbit.oak.spi.commit.CommitHook;
 import org.apache.jackrabbit.oak.spi.commit.CommitHookProvider;
 import org.apache.jackrabbit.oak.spi.commit.CompositeHook;
-import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+import org.apache.jackrabbit.oak.spi.commit.ValidatingHook;
 import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
 import org.apache.jackrabbit.oak.spi.security.Context;
 import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
@@ -67,7 +66,7 @@ public class AccessControlConfigurationI
 
     @Nonnull
     @Override
-    public CommitHookProvider getCommitHookProvider() {
+    public CommitHookProvider getSecurityHooks() {
         return new CommitHookProvider() {
             @Override
             public CommitHook getCommitHook(String workspaceName) {
@@ -77,11 +76,14 @@ public class AccessControlConfigurationI
     }
 
     @Override
-    public List<ValidatorProvider> getValidatorProviders() {
-        List<ValidatorProvider> vps = new ArrayList<ValidatorProvider>();
-        vps.add(new PermissionValidatorProvider(securityProvider));
-        vps.add(new AccessControlValidatorProvider(securityProvider));
-        return Collections.unmodifiableList(vps);
+    public CommitHookProvider getValidators() {
+        return new CommitHookProvider() {
+            @Nonnull
+            @Override
+            public CommitHook getCommitHook(@Nonnull final String workspaceName) {
+                return new ValidatingHook(new PermissionValidatorProvider(securityProvider, workspaceName), new AccessControlValidatorProvider(securityProvider));
+            }
+        };
     }
 
     @Nonnull

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java?rev=1447237&r1=1447236&r2=1447237&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java Mon Feb 18 13:04:37 2013
@@ -38,12 +38,14 @@ import org.apache.jackrabbit.oak.spi.sta
 class PermissionValidatorProvider implements ValidatorProvider {
 
     private final SecurityProvider securityProvider;
+    private final String workspaceName;
 
     private Context acCtx;
     private Context userCtx;
 
-    PermissionValidatorProvider(SecurityProvider securityProvider) {
+    PermissionValidatorProvider(SecurityProvider securityProvider, String workspaceName) {
         this.securityProvider = securityProvider;
+        this.workspaceName = workspaceName;
     }
 
     //--------------------------------------------------< ValidatorProvider >---

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java?rev=1447237&r1=1447236&r2=1447237&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java Mon Feb 18 13:04:37 2013
@@ -16,8 +16,6 @@
  */
 package org.apache.jackrabbit.oak.security.privilege;
 
-import java.util.Collections;
-import java.util.List;
 import javax.annotation.Nonnull;
 
 import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
@@ -25,7 +23,7 @@ import org.apache.jackrabbit.oak.api.Roo
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.commit.CommitHook;
 import org.apache.jackrabbit.oak.spi.commit.CommitHookProvider;
-import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+import org.apache.jackrabbit.oak.spi.commit.ValidatingHook;
 import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
 import org.apache.jackrabbit.oak.spi.security.Context;
 import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
@@ -52,7 +50,7 @@ public class PrivilegeConfigurationImpl 
 
     @Nonnull
     @Override
-    public CommitHookProvider getCommitHookProvider() {
+    public CommitHookProvider getSecurityHooks() {
         return new CommitHookProvider() {
             @Override
             public CommitHook getCommitHook(String workspaceName) {
@@ -63,9 +61,14 @@ public class PrivilegeConfigurationImpl 
 
     @Nonnull
     @Override
-    public List<ValidatorProvider> getValidatorProviders() {
-        ValidatorProvider vp = new PrivilegeValidatorProvider();
-        return Collections.singletonList(vp);
+    public CommitHookProvider getValidators() {
+        return new CommitHookProvider() {
+            @Nonnull
+            @Override
+            public CommitHook getCommitHook(@Nonnull String workspaceName) {
+                return new ValidatingHook(new PrivilegeValidatorProvider());
+            }
+        };
     }
 
     @Nonnull

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java?rev=1447237&r1=1447236&r2=1447237&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java Mon Feb 18 13:04:37 2013
@@ -23,7 +23,9 @@ import javax.annotation.Nonnull;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+import org.apache.jackrabbit.oak.spi.commit.CommitHook;
+import org.apache.jackrabbit.oak.spi.commit.CommitHookProvider;
+import org.apache.jackrabbit.oak.spi.commit.ValidatingHook;
 import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.Context;
@@ -65,9 +67,14 @@ public class UserConfigurationImpl exten
 
     @Nonnull
     @Override
-    public List<ValidatorProvider> getValidatorProviders() {
-        ValidatorProvider vp = new UserValidatorProvider(getConfigurationParameters());
-        return Collections.singletonList(vp);
+    public CommitHookProvider getValidators() {
+        return new CommitHookProvider() {
+            @Nonnull
+            @Override
+            public CommitHook getCommitHook(@Nonnull String workspaceName) {
+                return new ValidatingHook(new UserValidatorProvider(getConfigurationParameters()));
+            }
+        };
     }
 
     @Nonnull

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/CommitHookProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/CommitHookProvider.java?rev=1447237&r1=1447236&r2=1447237&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/CommitHookProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/CommitHookProvider.java Mon Feb 18 13:04:37 2013
@@ -20,7 +20,7 @@ import javax.annotation.Nonnull;
 
 /**
  * {@code CommitHookProvider} TODO
- *
+ * <p/>
  * FIXME: needs re-evaluation and review once we add support for multiple workspaces (OAK-118)
  */
 public interface CommitHookProvider {
@@ -33,7 +33,7 @@ public interface CommitHookProvider {
      * @return A CommitHook instance.
      */
     @Nonnull
-    CommitHook getCommitHook(String workspaceName);
+    CommitHook getCommitHook(@Nonnull String workspaceName);
 
     /**
      * Default implementation that returns an {@code EmptyHook}.

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java?rev=1447237&r1=1447236&r2=1447237&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java Mon Feb 18 13:04:37 2013
@@ -16,10 +16,10 @@
  */
 package org.apache.jackrabbit.oak.spi.security;
 
-import java.util.Collections;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
+import com.google.common.collect.ImmutableList;
 import org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authentication.OpenAuthenticationConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
@@ -42,7 +42,7 @@ public class OpenSecurityProvider implem
     @Nonnull
     @Override
     public Iterable<SecurityConfiguration> getSecurityConfigurations() {
-        return Collections.<SecurityConfiguration>singletonList(getAccessControlConfiguration());
+        return ImmutableList.of(getAccessControlConfiguration(), getAuthenticationConfiguration());
     }
 
     @Nonnull

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java?rev=1447237&r1=1447236&r2=1447237&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java Mon Feb 18 13:04:37 2013
@@ -23,7 +23,6 @@ import javax.annotation.Nonnull;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.spi.commit.CommitHookProvider;
-import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
 import org.apache.jackrabbit.oak.spi.lifecycle.CompositeInitializer;
 import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
 import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
@@ -40,10 +39,10 @@ public interface SecurityConfiguration {
     RepositoryInitializer getRepositoryInitializer();
 
     @Nonnull
-    CommitHookProvider getCommitHookProvider();
+    CommitHookProvider getSecurityHooks();
 
     @Nonnull
-    List<ValidatorProvider> getValidatorProviders();
+    CommitHookProvider getValidators();
 
     @Nonnull
     List<ProtectedItemImporter> getProtectedItemImporters();
@@ -70,14 +69,14 @@ public interface SecurityConfiguration {
 
         @Nonnull
         @Override
-        public CommitHookProvider getCommitHookProvider() {
+        public CommitHookProvider getSecurityHooks() {
             return new CommitHookProvider.Empty();
         }
 
         @Nonnull
         @Override
-        public List<ValidatorProvider> getValidatorProviders() {
-            return Collections.emptyList();
+        public CommitHookProvider getValidators() {
+            return new CommitHookProvider.Empty();
         }
 
         @Nonnull

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java?rev=1447237&r1=1447236&r2=1447237&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java Mon Feb 18 13:04:37 2013
@@ -39,7 +39,6 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.authentication.callback.CredentialsCallback;
 import org.apache.jackrabbit.oak.spi.security.authentication.callback.PrincipalProviderCallback;
 import org.apache.jackrabbit.oak.spi.security.authentication.callback.RepositoryCallback;
-import org.apache.jackrabbit.oak.spi.security.authentication.callback.SecurityProviderCallback;
 import org.apache.jackrabbit.oak.spi.security.authentication.callback.UserManagerCallback;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
 import org.slf4j.Logger;
@@ -49,84 +48,84 @@ import org.slf4j.LoggerFactory;
  * Abstract implementation of the {@link LoginModule} interface that can act
  * as base class for login modules that aim to authenticate subjects against
  * information stored in the content repository.
- *
+ * <p/>
  * <h2>LoginModule Methods</h2>
  * This base class provides a simple implementation for the following methods
  * of the {@code LoginModule} interface:
- *
+ * <p/>
  * <ul>
- *     <li>{@link LoginModule#initialize(Subject, CallbackHandler, Map, Map) Initialize}:
- *     Initialization of this abstract module sets the following protected instance
- *     fields:
- *     <ul>
- *         <li>subject: The subject to be authenticated,</li>
- *         <li>callbackHandler: The callback handler passed to the login module,</li>
- *         <li>shareState: The map used to share state information with other login modules,</li>
- *         <li>options: The configuration options of this login module as specified
- *         in the {@link javax.security.auth.login.Configuration}.</li>
- *     </ul>
- *     </li>
- *     <li>{@link LoginModule#logout() Logout}:
- *     If the authenticated subject is not empty this logout implementation
- *     attempts to clear both principals and public credentials and returns
- *     {@code true}.</li>
- *     <li>{@link LoginModule#abort() Abort}: Clears the state of this login
- *     module by setting all private instance variables created in phase 1 or 2
- *     to {@code null}. Subclasses are in charge of releasing their own state
- *     information by either overriding {@link #clearState()}.</li>
+ * <li>{@link LoginModule#initialize(Subject, CallbackHandler, Map, Map) Initialize}:
+ * Initialization of this abstract module sets the following protected instance
+ * fields:
+ * <ul>
+ * <li>subject: The subject to be authenticated,</li>
+ * <li>callbackHandler: The callback handler passed to the login module,</li>
+ * <li>shareState: The map used to share state information with other login modules,</li>
+ * <li>options: The configuration options of this login module as specified
+ * in the {@link javax.security.auth.login.Configuration}.</li>
+ * </ul>
+ * </li>
+ * <li>{@link LoginModule#logout() Logout}:
+ * If the authenticated subject is not empty this logout implementation
+ * attempts to clear both principals and public credentials and returns
+ * {@code true}.</li>
+ * <li>{@link LoginModule#abort() Abort}: Clears the state of this login
+ * module by setting all private instance variables created in phase 1 or 2
+ * to {@code null}. Subclasses are in charge of releasing their own state
+ * information by either overriding {@link #clearState()}.</li>
  * </ul>
- *
+ * <p/>
  * <h2>Utility Methods</h2>
  * The following methods are provided in addition:
- *
+ * <p/>
  * <ul>
- *     <li>{@link #clearState()}: Clears all private state information that has
- *     be created during login. This method in called in {@link #abort()} and
- *     subclasses are expected to override this method.</li>
- *
- *     <li>{@link #getSupportedCredentials()}: Abstract method used by
- *     {@link #getCredentials()} that reveals which credential implementations
- *     are supported by the {@code LoginModule}.</li>
- *
- *     <li>{@link #getCredentials()}: Tries to retrieve valid (supported)
- *     Credentials in the following order:
- *     <ol>
- *     <li>using a {@link CredentialsCallback},</li>
- *     <li>looking for a {@link #SHARED_KEY_CREDENTIALS} entry in the shared
- *     state (see also {@link #getSharedCredentials()} and finally by</li>
- *     <li>searching for valid credentials in the subject.</li>
- *     </ol></li>
- *
- *     <li>{@link #getSharedCredentials()}: This method returns credentials
- *     passed to the login module with the share state. The key to share credentials
- *     with a another module extending from this base class is
- *     {@link #SHARED_KEY_CREDENTIALS}. Note, that this method does not verify
- *     if the credentials provided by the shared state are
- *     {@link #getSupportedCredentials() supported}.</li>
- *
- *     <li>{@link #getSharedLoginName()}: If the shared state contains an entry
- *     for {@link #SHARED_KEY_LOGIN_NAME} this method returns the value as login name.</li>
- *
- *     <li>{@link #getSecurityProvider()}: Returns the configured security
- *     provider or {@code null}.</li>
- *
- *     <li>{@link #getRoot()}: Provides access to the latest state of the
- *     repository in order to retrieve user or principal information required to
- *     authenticate the subject as well as to write back information during
- *     {@link #commit()}.</li>
- *
- *     <li>{@link #getUserManager()}: Returns an instance of the configured
- *     {@link UserManager} or {@code null}.</li>
- *
- *     <li>{@link #getPrincipalProvider()}: Returns an instance of the configured
- *     principal provider or {@code null}.</li>
- *
- *     <li>{@link #getPrincipals(String)}: Utility that returns all principals
- *     associated with a given user id. This method might be be called after
- *     successful authentication in order to be able to populate the subject
- *     during {@link #commit()}. The implementation is a shortcut for calling
- *     {@link PrincipalProvider#getPrincipals(String) getPrincipals(String userId}
- *     on the provider exposed by {@link #getPrincipalProvider()}</li>
+ * <li>{@link #clearState()}: Clears all private state information that has
+ * be created during login. This method in called in {@link #abort()} and
+ * subclasses are expected to override this method.</li>
+ * <p/>
+ * <li>{@link #getSupportedCredentials()}: Abstract method used by
+ * {@link #getCredentials()} that reveals which credential implementations
+ * are supported by the {@code LoginModule}.</li>
+ * <p/>
+ * <li>{@link #getCredentials()}: Tries to retrieve valid (supported)
+ * Credentials in the following order:
+ * <ol>
+ * <li>using a {@link CredentialsCallback},</li>
+ * <li>looking for a {@link #SHARED_KEY_CREDENTIALS} entry in the shared
+ * state (see also {@link #getSharedCredentials()} and finally by</li>
+ * <li>searching for valid credentials in the subject.</li>
+ * </ol></li>
+ * <p/>
+ * <li>{@link #getSharedCredentials()}: This method returns credentials
+ * passed to the login module with the share state. The key to share credentials
+ * with a another module extending from this base class is
+ * {@link #SHARED_KEY_CREDENTIALS}. Note, that this method does not verify
+ * if the credentials provided by the shared state are
+ * {@link #getSupportedCredentials() supported}.</li>
+ * <p/>
+ * <li>{@link #getSharedLoginName()}: If the shared state contains an entry
+ * for {@link #SHARED_KEY_LOGIN_NAME} this method returns the value as login name.</li>
+ * <p/>
+ * <li>{@link #getSecurityProvider()}: Returns the configured security
+ * provider or {@code null}.</li>
+ * <p/>
+ * <li>{@link #getRoot()}: Provides access to the latest state of the
+ * repository in order to retrieve user or principal information required to
+ * authenticate the subject as well as to write back information during
+ * {@link #commit()}.</li>
+ * <p/>
+ * <li>{@link #getUserManager()}: Returns an instance of the configured
+ * {@link UserManager} or {@code null}.</li>
+ * <p/>
+ * <li>{@link #getPrincipalProvider()}: Returns an instance of the configured
+ * principal provider or {@code null}.</li>
+ * <p/>
+ * <li>{@link #getPrincipals(String)}: Utility that returns all principals
+ * associated with a given user id. This method might be be called after
+ * successful authentication in order to be able to populate the subject
+ * during {@link #commit()}. The implementation is a shortcut for calling
+ * {@link PrincipalProvider#getPrincipals(String) getPrincipals(String userId}
+ * on the provider exposed by {@link #getPrincipalProvider()}</li>
  * </ul>
  */
 public abstract class AbstractLoginModule implements LoginModule {
@@ -186,6 +185,7 @@ public abstract class AbstractLoginModul
     }
 
     //--------------------------------------------------------------------------
+
     /**
      * Clear state information that has been created during {@link #login()}.
      */
@@ -203,11 +203,11 @@ public abstract class AbstractLoginModul
     /**
      * Tries to retrieve valid (supported) Credentials:
      * <ol>
-     *     <li>using a {@link CredentialsCallback},</li>
-     *     <li>looking for a {@link #SHARED_KEY_CREDENTIALS} entry in the
-     *     shared state (see also {@link #getSharedCredentials()} and finally by</li>
-     *     <li>searching for valid credentials in the subject.</li>
-     *  </ol>
+     * <li>using a {@link CredentialsCallback},</li>
+     * <li>looking for a {@link #SHARED_KEY_CREDENTIALS} entry in the
+     * shared state (see also {@link #getSharedCredentials()} and finally by</li>
+     * <li>searching for valid credentials in the subject.</li>
+     * </ol>
      *
      * @return Valid (supported) credentials or {@code null}.
      */
@@ -291,15 +291,15 @@ public abstract class AbstractLoginModul
      * SecurityProviderCallback this method returns {@code null}.
      *
      * @return The {@code SecurityProvider} associated with this
-     * {@code LoginModule} or {@code null}.
+     *         {@code LoginModule} or {@code null}.
      */
     @CheckForNull
     protected SecurityProvider getSecurityProvider() {
         if (securityProvider == null && callbackHandler != null) {
-            SecurityProviderCallback scb = new SecurityProviderCallback();
+            RepositoryCallback rcb = new RepositoryCallback();
             try {
-                callbackHandler.handle(new Callback[] {scb});
-                securityProvider = scb.getSecurityProvider();
+                callbackHandler.handle(new Callback[]{rcb});
+                securityProvider = rcb.getSecurityProvider();
             } catch (UnsupportedCallbackException e) {
                 log.debug(e.getMessage());
             } catch (IOException e) {
@@ -316,14 +316,14 @@ public abstract class AbstractLoginModul
      * this method returns {@code null}.
      *
      * @return The {@code Root} associated with this {@code LoginModule} or
-     * {@code null}.
+     *         {@code null}.
      */
     @CheckForNull
     protected Root getRoot() {
         if (root == null && callbackHandler != null) {
             RepositoryCallback rcb = new RepositoryCallback();
             try {
-                callbackHandler.handle(new Callback[] {rcb});
+                callbackHandler.handle(new Callback[]{rcb});
                 root = rcb.getRoot();
             } catch (UnsupportedCallbackException e) {
                 log.debug(e.getMessage());
@@ -353,7 +353,7 @@ public abstract class AbstractLoginModul
         if (userManager == null && callbackHandler != null) {
             try {
                 UserManagerCallback userCallBack = new UserManagerCallback();
-                callbackHandler.handle(new Callback[] {userCallBack});
+                callbackHandler.handle(new Callback[]{userCallBack});
                 userManager = userCallBack.getUserManager();
             } catch (IOException e) {
                 log.debug(e.getMessage());
@@ -384,7 +384,7 @@ public abstract class AbstractLoginModul
         if (principalProvider == null && callbackHandler != null) {
             try {
                 PrincipalProviderCallback principalCallBack = new PrincipalProviderCallback();
-                callbackHandler.handle(new Callback[] {principalCallBack});
+                callbackHandler.handle(new Callback[]{principalCallBack});
                 principalProvider = principalCallBack.getPrincipalProvider();
             } catch (IOException e) {
                 log.debug(e.getMessage());

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java?rev=1447237&r1=1447236&r2=1447237&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java Mon Feb 18 13:04:37 2013
@@ -25,8 +25,7 @@ import org.apache.jackrabbit.oak.api.Roo
 import org.apache.jackrabbit.oak.core.RootImpl;
 import org.apache.jackrabbit.oak.spi.commit.CommitHook;
 import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
-import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlConfiguration;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
 import org.apache.jackrabbit.oak.spi.state.NodeStore;
 
@@ -40,9 +39,11 @@ public class RepositoryCallback implemen
 
     private NodeStore nodeStore;
     private CommitHook commitHook;
+    private SecurityProvider securityProvider;
     private QueryIndexProvider indexProvider;
     private String workspaceName;
 
+    @CheckForNull
     public String getWorkspaceName() {
         return workspaceName;
     }
@@ -51,12 +52,16 @@ public class RepositoryCallback implemen
     public Root getRoot() {
         if (nodeStore != null) {
             Subject subject = new Subject(true, Collections.singleton(SystemPrincipal.INSTANCE), Collections.<Object>emptySet(), Collections.<Object>emptySet());
-            AccessControlConfiguration acConfiguration = new OpenAccessControlConfiguration();
-            return new RootImpl(nodeStore, commitHook, workspaceName, subject, acConfiguration, indexProvider);
+            return new RootImpl(nodeStore, commitHook, workspaceName, subject, securityProvider, indexProvider);
         }
         return null;
     }
 
+    @CheckForNull
+    public SecurityProvider getSecurityProvider() {
+        return securityProvider;
+    }
+
     public void setNodeStore(NodeStore nodeStore) {
         this.nodeStore = nodeStore;
     }
@@ -65,6 +70,10 @@ public class RepositoryCallback implemen
         this.commitHook = commitHook;
     }
 
+    public void setSecurityProvider(SecurityProvider securityProvider) {
+        this.securityProvider = securityProvider;
+    }
+
     public void setIndexProvider(QueryIndexProvider indexProvider) {
         this.indexProvider = indexProvider;
     }



Mime
View raw message