jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1450128 - in /jackrabbit/oak/trunk: oak-core/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ oak-jcr/src/main/java/org/apache/jackrabbit/o...
Date Tue, 26 Feb 2013 10:59:17 GMT
Author: angela
Date: Tue Feb 26 10:59:17 2013
New Revision: 1450128

URL: http://svn.apache.org/r1450128
Log:
OAK-51 : Access Control Management (WIP)

Modified:
    jackrabbit/oak/trunk/oak-core/pom.xml
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java

Modified: jackrabbit/oak/trunk/oak-core/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/pom.xml?rev=1450128&r1=1450127&r2=1450128&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-core/pom.xml Tue Feb 26 10:59:17 2013
@@ -66,6 +66,7 @@
               org.apache.jackrabbit.oak.spi.state,
               org.apache.jackrabbit.oak.spi.security,
               org.apache.jackrabbit.oak.spi.security.authentication,
+              org.apache.jackrabbit.oak.spi.security.authorization,
               org.apache.jackrabbit.oak.spi.security.principal,
               org.apache.jackrabbit.oak.spi.security.privilege,
               org.apache.jackrabbit.oak.spi.security.user,

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java?rev=1450128&r1=1450127&r2=1450128&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
Tue Feb 26 10:59:17 2013
@@ -98,8 +98,7 @@ public class AccessControlConfigurationI
     //-----------------------------------------< AccessControlConfiguration >---
     @Override
     public AccessControlManager getAccessControlManager(Root root, NamePathMapper namePathMapper)
{
-        // TODO OAK-51
-        throw new UnsupportedOperationException("not yet implemented");
+        return new AccessControlManagerImpl(root, namePathMapper, securityProvider);
     }
 
     @Nonnull

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java?rev=1450128&r1=1450127&r2=1450128&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
Tue Feb 26 10:59:17 2013
@@ -33,6 +33,7 @@ import org.apache.jackrabbit.oak.api.Roo
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
 import org.apache.jackrabbit.util.Text;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -157,6 +158,10 @@ public class AccessControlAction extends
         if (securityProvider == null) {
             throw new IllegalStateException("Not initialized");
         }
+        if (isSystemUser(authorizable)) {
+            log.debug("System user: " + authorizable.getID() + "; omit ac setup");
+            return;
+        }
         String path = authorizable.getPath();
         AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root,
namePathMapper);
         JackrabbitAccessControlList acl = null;
@@ -191,6 +196,15 @@ public class AccessControlAction extends
         }
     }
 
+    private boolean isSystemUser(Authorizable authorizable) throws RepositoryException {
+        if (authorizable.isGroup()) {
+            return false;
+        }
+        ConfigurationParameters userConfig = securityProvider.getUserConfiguration().getConfigurationParameters();
+        String userId = authorizable.getID();
+        return UserUtility.getAdminId(userConfig).equals(userId) || UserUtility.getAnonymousId(userConfig).equals(userId);
+    }
+
     /**
      * Retrieve privileges for the specified privilege names.
      *

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java?rev=1450128&r1=1450127&r2=1450128&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
Tue Feb 26 10:59:17 2013
@@ -31,17 +31,17 @@ import javax.jcr.Workspace;
 import javax.jcr.lock.LockManager;
 import javax.jcr.nodetype.NodeTypeManager;
 import javax.jcr.observation.ObservationManager;
+import javax.jcr.security.AccessControlManager;
 import javax.jcr.version.VersionManager;
 
-import com.google.common.collect.Maps;
 import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.api.AuthInfo;
 import org.apache.jackrabbit.oak.api.CommitFailedException;
 import org.apache.jackrabbit.oak.api.ContentSession;
-import org.apache.jackrabbit.oak.api.QueryEngine;
 import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.QueryEngine;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.api.TreeLocation;
 import org.apache.jackrabbit.oak.commons.PathUtils;
@@ -54,11 +54,13 @@ import org.apache.jackrabbit.oak.plugins
 import org.apache.jackrabbit.oak.plugins.nodetype.DefinitionProvider;
 import org.apache.jackrabbit.oak.plugins.nodetype.EffectiveNodeTypeProvider;
 import org.apache.jackrabbit.oak.plugins.observation.ObservationManagerImpl;
-import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import com.google.common.collect.Maps;
+
 import static com.google.common.base.Preconditions.checkNotNull;
 
 public class SessionDelegate {
@@ -82,19 +84,19 @@ public class SessionDelegate {
     private PrincipalManager principalManager;
     private UserManager userManager;
     private PrivilegeManager privilegeManager;
+    private AccessControlManager accessControlManager;
     private boolean isAlive = true;
     private int sessionOpCount;
     private int revision;
 
-    SessionDelegate(
-            Repository repository, ScheduledExecutorService executor,
-            ContentSession contentSession, SecurityProvider securityProvider,
-            boolean autoRefresh) {
+    SessionDelegate(@Nonnull Repository repository, @Nonnull ScheduledExecutorService executor,
+                    @Nonnull ContentSession contentSession, @Nonnull SecurityProvider securityProvider,
+                    boolean autoRefresh) {
 
         this.repository = checkNotNull(repository);
         this.executor = executor;
         this.contentSession = checkNotNull(contentSession);
-        this.securityProvider = securityProvider;
+        this.securityProvider = checkNotNull(securityProvider);
         this.autoRefresh = autoRefresh;
 
         this.root = contentSession.getLatestRoot();
@@ -489,14 +491,17 @@ public class SessionDelegate {
         return root.getLocation(path);
     }
 
+    @CheckForNull
+    AccessControlManager getAccessControlManager() throws RepositoryException {
+        if (accessControlManager == null) {
+            accessControlManager = securityProvider.getAccessControlConfiguration().getAccessControlManager(root,
getNamePathMapper());
+        }
+        return accessControlManager;
+    }
     @Nonnull
     PrincipalManager getPrincipalManager() throws RepositoryException {
         if (principalManager == null) {
-            if (securityProvider != null) {
-                principalManager = securityProvider.getPrincipalConfiguration().getPrincipalManager(root,
getNamePathMapper());
-            } else {
-                throw new UnsupportedRepositoryOperationException("Principal management not
supported.");
-            }
+            principalManager = securityProvider.getPrincipalConfiguration().getPrincipalManager(root,
getNamePathMapper());
         }
         return principalManager;
     }
@@ -504,11 +509,7 @@ public class SessionDelegate {
     @Nonnull
     UserManager getUserManager() throws UnsupportedRepositoryOperationException {
         if (userManager == null) {
-            if (securityProvider != null) {
-                userManager = securityProvider.getUserConfiguration().getUserManager(root,
getNamePathMapper());
-            } else {
-                throw new UnsupportedRepositoryOperationException("User management not supported.");
-            }
+            userManager = securityProvider.getUserConfiguration().getUserManager(root, getNamePathMapper());
         }
         return userManager;
     }
@@ -516,11 +517,7 @@ public class SessionDelegate {
     @Nonnull
     PrivilegeManager getPrivilegeManager() throws UnsupportedRepositoryOperationException
{
         if (privilegeManager == null) {
-            if (securityProvider != null) {
-                privilegeManager = securityProvider.getPrivilegeConfiguration().getPrivilegeManager(root,
getNamePathMapper());
-            } else {
-                throw new UnsupportedRepositoryOperationException("Privilege management not
supported.");
-            }
+            privilegeManager = securityProvider.getPrivilegeConfiguration().getPrivilegeManager(root,
getNamePathMapper());
         }
         return privilegeManager;
     }

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java?rev=1450128&r1=1450127&r2=1450128&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java
Tue Feb 26 10:59:17 2013
@@ -21,7 +21,6 @@ import java.util.HashSet;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
-
 import javax.annotation.Nonnull;
 import javax.jcr.AccessDeniedException;
 import javax.jcr.Credentials;
@@ -40,15 +39,11 @@ import javax.jcr.Workspace;
 import javax.jcr.retention.RetentionManager;
 import javax.jcr.security.AccessControlException;
 import javax.jcr.security.AccessControlManager;
-import javax.jcr.security.AccessControlPolicy;
-import javax.jcr.security.AccessControlPolicyIterator;
-import javax.jcr.security.Privilege;
 
 import org.apache.jackrabbit.api.JackrabbitSession;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.commons.AbstractSession;
-import org.apache.jackrabbit.commons.iterator.AccessControlPolicyIteratorAdapter;
 import org.apache.jackrabbit.oak.api.TreeLocation;
 import org.apache.jackrabbit.oak.commons.PathUtils;
 import org.apache.jackrabbit.oak.jcr.xml.XmlImportHandler;
@@ -384,55 +379,8 @@ public class SessionImpl extends Abstrac
 
     @Override
     @Nonnull
-    public AccessControlManager getAccessControlManager()
-            throws RepositoryException {
-        return TODO.unimplemented().returnValue(new AccessControlManager() {
-            @Override
-            public void setPolicy(String absPath, AccessControlPolicy policy) throws AccessControlException
{
-                throw new AccessControlException(policy.toString());
-            }
-
-            @Override
-            public void removePolicy(String absPath, AccessControlPolicy policy) throws AccessControlException
{
-                throw new AccessControlException(policy.toString());
-            }
-
-            @Override
-            public Privilege privilegeFromName(String privilegeName)
-                    throws AccessControlException, RepositoryException {
-                return dlg.getPrivilegeManager().getPrivilege(privilegeName);
-            }
-
-            @Override
-            public boolean hasPrivileges(String absPath, Privilege[] privileges) {
-                return true;
-            }
-
-            @Override
-            public Privilege[] getSupportedPrivileges(String absPath) {
-                return new Privilege[0];
-            }
-
-            @Override
-            public Privilege[] getPrivileges(String absPath) {
-                return new Privilege[0];
-            }
-
-            @Override
-            public AccessControlPolicy[] getPolicies(String absPath) {
-                return new AccessControlPolicy[0];
-            }
-
-            @Override
-            public AccessControlPolicy[] getEffectivePolicies(String absPath) {
-                return new AccessControlPolicy[0];
-            }
-
-            @Override
-            public AccessControlPolicyIterator getApplicablePolicies(String absPath) {
-                return AccessControlPolicyIteratorAdapter.EMPTY;
-            }
-        });
+    public AccessControlManager getAccessControlManager() throws RepositoryException {
+        return dlg.getAccessControlManager();
     }
 
     /**



Mime
View raw message