jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1450688 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java
Date Wed, 27 Feb 2013 09:32:45 GMT
Author: angela
Date: Wed Feb 27 09:32:45 2013
New Revision: 1450688

URL: http://svn.apache.org/r1450688
Log:
OAK-51 : Access Control Management (WIP)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1450688&r1=1450687&r2=1450688&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
Wed Feb 27 09:32:45 2013
@@ -109,35 +109,40 @@ public class AccessControlManagerImpl im
 
         Subject subject = Subject.getSubject(AccessController.getContext());
         Set<Principal> principals = (subject != null) ? subject.getPrincipals() : Collections.<Principal>emptySet();
+        // FIXME: keep permission provider up to date.
         permissionProvider = acConfig.getPermissionProvider(root, principals);
         restrictionProvider = acConfig.getRestrictionProvider(namePathMapper);
         ntMgr = ReadOnlyNodeTypeManager.getInstance(root, namePathMapper);
     }
 
     //-----------------------------------------------< AccessControlManager >---
+    @Nonnull
     @Override
-    public Privilege[] getSupportedPrivileges(String absPath) throws RepositoryException
{
+    public Privilege[] getSupportedPrivileges(@Nullable String absPath) throws RepositoryException
{
         checkValidPath(absPath);
         return privilegeManager.getRegisteredPrivileges();
     }
 
+    @Nonnull
     @Override
-    public Privilege privilegeFromName(String privilegeName) throws RepositoryException {
+    public Privilege privilegeFromName(@Nonnull String privilegeName) throws RepositoryException
{
         return privilegeManager.getPrivilege(privilegeName);
     }
 
     @Override
-    public boolean hasPrivileges(String absPath, Privilege[] privileges) throws RepositoryException
{
+    public boolean hasPrivileges(@Nullable String absPath, @Nonnull Privilege[] privileges)
throws RepositoryException {
         return hasPrivileges(absPath, privileges, permissionProvider);
     }
 
+    @Nonnull
     @Override
-    public Privilege[] getPrivileges(String absPath) throws RepositoryException {
+    public Privilege[] getPrivileges(@Nullable String absPath) throws RepositoryException
{
         return getPrivileges(absPath, permissionProvider);
     }
 
+    @Nonnull
     @Override
-    public AccessControlPolicy[] getPolicies(String absPath) throws RepositoryException {
+    public AccessControlPolicy[] getPolicies(@Nullable String absPath) throws RepositoryException
{
         String oakPath = getOakPath(absPath);
         Tree tree = getTree(oakPath);
         AccessControlPolicy policy = createACL(oakPath, tree, false);
@@ -148,8 +153,9 @@ public class AccessControlManagerImpl im
         }
     }
 
+    @Nonnull
     @Override
-    public AccessControlPolicy[] getEffectivePolicies(String absPath) throws RepositoryException
{
+    public AccessControlPolicy[] getEffectivePolicies(@Nullable String absPath) throws RepositoryException
{
         String oakPath = getOakPath(absPath);
         Tree tree = getTree(oakPath);
         List<AccessControlPolicy> effective = new ArrayList<AccessControlPolicy>();
@@ -171,8 +177,9 @@ public class AccessControlManagerImpl im
         return effective.toArray(new AccessControlPolicy[effective.size()]);
     }
 
+    @Nonnull
     @Override
-    public AccessControlPolicyIterator getApplicablePolicies(String absPath) throws RepositoryException
{
+    public AccessControlPolicyIterator getApplicablePolicies(@Nullable String absPath) throws
RepositoryException {
         String oakPath = getOakPath(absPath);
         Tree tree = getTree(oakPath);
 
@@ -202,7 +209,7 @@ public class AccessControlManagerImpl im
     }
 
     @Override
-    public void setPolicy(String absPath, AccessControlPolicy policy) throws RepositoryException
{
+    public void setPolicy(@Nullable String absPath, @Nonnull AccessControlPolicy policy)
throws RepositoryException {
         String oakPath = getOakPath(absPath);
         checkValidPolicy(oakPath, policy);
 
@@ -247,7 +254,7 @@ public class AccessControlManagerImpl im
     }
 
     @Override
-    public void removePolicy(String absPath, AccessControlPolicy policy) throws RepositoryException
{
+    public void removePolicy(@Nullable String absPath, @Nonnull AccessControlPolicy policy)
throws RepositoryException {
         String oakPath = getOakPath(absPath);
         checkValidPolicy(oakPath, policy);
 
@@ -266,8 +273,9 @@ public class AccessControlManagerImpl im
     }
 
     //-------------------------------------< JackrabbitAccessControlManager >---
+    @Nonnull
     @Override
-    public JackrabbitAccessControlPolicy[] getApplicablePolicies(Principal principal) throws
RepositoryException {
+    public JackrabbitAccessControlPolicy[] getApplicablePolicies(@Nonnull Principal principal)
throws RepositoryException {
         Result aceResult = searchAces(Collections.<Principal>singleton(principal));
         if (aceResult.getSize() > 0) {
             return new JackrabbitAccessControlPolicy[0];
@@ -276,8 +284,9 @@ public class AccessControlManagerImpl im
         }
     }
 
+    @Nonnull
     @Override
-    public JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws RepositoryException
{
+    public JackrabbitAccessControlPolicy[] getPolicies(@Nonnull Principal principal) throws
RepositoryException {
         Result aceResult = searchAces(Collections.<Principal>singleton(principal));
         if (aceResult.getSize() > 0) {
             return new JackrabbitAccessControlPolicy[]{createPrincipalACL(principal, aceResult)};
@@ -286,8 +295,9 @@ public class AccessControlManagerImpl im
         }
     }
 
+    @Nonnull
     @Override
-    public AccessControlPolicy[] getEffectivePolicies(Set<Principal> principals) throws
RepositoryException {
+    public AccessControlPolicy[] getEffectivePolicies(@Nonnull Set<Principal> principals)
throws RepositoryException {
         Result aceResult = searchAces(principals);
         List<AccessControlPolicy> effective = new ArrayList<AccessControlPolicy>();
         for (ResultRow row : aceResult.getRows()) {
@@ -310,20 +320,20 @@ public class AccessControlManagerImpl im
     }
 
     @Override
-    public boolean hasPrivileges(String absPath, Set<Principal> principals, Privilege[]
privileges) throws RepositoryException {
+    public boolean hasPrivileges(@Nullable String absPath, @Nonnull Set<Principal>
principals, @Nonnull Privilege[] privileges) throws RepositoryException {
         PermissionProvider provider = acConfig.getPermissionProvider(root, principals);
         return hasPrivileges(absPath, privileges, provider);
     }
 
     @Override
-    public Privilege[] getPrivileges(String absPath, Set<Principal> principals) throws
RepositoryException {
+    public Privilege[] getPrivileges(@Nullable String absPath, @Nonnull Set<Principal>
principals) throws RepositoryException {
         PermissionProvider provider = acConfig.getPermissionProvider(root, principals);
         return getPrivileges(absPath, provider);
     }
 
     //------------------------------------------------------------< private >---
     @CheckForNull
-    private String getOakPath(String jcrPath) throws RepositoryException {
+    private String getOakPath(@Nullable String jcrPath) throws RepositoryException {
         if (jcrPath == null) {
             return null;
         } else {
@@ -359,7 +369,7 @@ public class AccessControlManagerImpl im
         getTree(getOakPath(jcrPath));
     }
 
-    private static void checkValidPolicy(@Nullable String oakPath, @Nullable AccessControlPolicy
policy) throws AccessControlException {
+    private static void checkValidPolicy(@Nullable String oakPath, @Nonnull AccessControlPolicy
policy) throws AccessControlException {
         if (policy instanceof ACL) {
             String path = ((ACL) policy).getOakPath();
             if ((path == null && oakPath != null) || (path != null && !path.equals(oakPath)))
{
@@ -370,11 +380,11 @@ public class AccessControlManagerImpl im
         }
     }
 
-    private boolean isAccessControlled(@Nonnull Tree tree, @Nonnull String nodeTypeName)
throws RepositoryException {
+    private boolean isAccessControlled(@Nonnull Tree tree, @Nonnull String nodeTypeName)
{
         return ntMgr.isNodeType(tree, nodeTypeName);
     }
 
-    private boolean isACE(@Nonnull Tree tree) throws RepositoryException {
+    private boolean isACE(@Nonnull Tree tree) {
         return ntMgr.isNodeType(tree, NT_REP_ACE);
     }
 
@@ -382,10 +392,9 @@ public class AccessControlManagerImpl im
      * @param oakPath the Oak path as specified with the ac mgr call.
      * @param tree    the access controlled node.
      * @return the new acl tree.
-     * @throws RepositoryException if an error occurs
      */
     @Nonnull
-    private NodeUtil createAclNode(@Nullable String oakPath, @Nonnull Tree tree) throws RepositoryException
{
+    private NodeUtil createAclNode(@Nullable String oakPath, @Nonnull Tree tree) {
         String mixinName = getMixinName(oakPath);
 
         if (!isAccessControlled(tree, mixinName)) {
@@ -458,8 +467,9 @@ public class AccessControlManagerImpl im
     }
 
     @Nonnull
-    private JackrabbitAccessControlEntry createACE(String oakPath, Tree aceTree,
-                                                   RestrictionProvider restrictionProvider)
throws RepositoryException {
+    private JackrabbitAccessControlEntry createACE(@Nullable String oakPath,
+                                                   @Nonnull Tree aceTree,
+                                                   @Nonnull RestrictionProvider restrictionProvider)
throws RepositoryException {
         boolean isAllow = NT_REP_GRANT_ACE.equals(TreeUtil.getPrimaryTypeName(aceTree));
         Set<Restriction> restrictions = restrictionProvider.readRestrictions(oakPath,
aceTree);
         return new ACE(getPrincipal(aceTree), getPrivileges(aceTree), isAllow, restrictions);
@@ -519,7 +529,7 @@ public class AccessControlManagerImpl im
     }
 
     @Nonnull
-    private Privilege[] getPrivileges(String absPath, PermissionProvider provider) throws
RepositoryException {
+    private Privilege[] getPrivileges(@Nullable String absPath, @Nonnull PermissionProvider
provider) throws RepositoryException {
         // TODO
         String oakPath = getOakPath(absPath);
         Tree tree = getTree(oakPath);
@@ -535,7 +545,8 @@ public class AccessControlManagerImpl im
         }
     }
 
-    private boolean hasPrivileges(String absPath, Privilege[] privileges, PermissionProvider
provider) throws RepositoryException {
+    private boolean hasPrivileges(@Nullable String absPath, @Nonnull Privilege[] privileges,
+                                  @Nonnull PermissionProvider provider) throws RepositoryException
{
         // TODO
         String oakPath = getOakPath(absPath);
         Tree tree = getTree(oakPath);
@@ -547,7 +558,7 @@ public class AccessControlManagerImpl im
     }
 
     @CheckForNull
-    private NodeUtil getAclNode(@Nullable String oakPath, @Nonnull Tree accessControlledTree)
throws RepositoryException {
+    private NodeUtil getAclNode(@Nullable String oakPath, @Nonnull Tree accessControlledTree)
{
         if (isAccessControlled(accessControlledTree, getMixinName(oakPath))) {
             Tree policyTree = accessControlledTree.getChild(getAclName(oakPath));
             if (policyTree != null) {

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java?rev=1450688&r1=1450687&r2=1450688&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java
Wed Feb 27 09:32:45 2013
@@ -17,6 +17,7 @@
 package org.apache.jackrabbit.oak.spi.security.authorization;
 
 import javax.jcr.NamespaceRegistry;
+import javax.jcr.security.AccessControlManager;
 import javax.jcr.security.Privilege;
 
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
@@ -26,7 +27,6 @@ import org.apache.jackrabbit.oak.api.Roo
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.plugins.name.ReadWriteNamespaceRegistry;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlManagerImpl;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
 
 /**
@@ -65,9 +65,12 @@ public abstract class AbstractAccessCont
     }
 
     protected JackrabbitAccessControlManager getAccessControlManager(Root root) {
-        // TODO
-        //acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root,
NamePathMapper.DEFAULT);
-        return new AccessControlManagerImpl(root, getNamePathMapper(), getSecurityProvider());
+        AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root,
NamePathMapper.DEFAULT);
+        if (acMgr instanceof JackrabbitAccessControlManager) {
+            return (JackrabbitAccessControlManager) acMgr;
+        } else {
+            throw new UnsupportedOperationException("Expected JackrabbitAccessControlManager
found " + acMgr.getClass());
+        }
     }
 
     protected RestrictionProvider getRestrictionProvider() {



Mime
View raw message