jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1466966 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/core/ oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/version/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/ oak-core...
Date Thu, 11 Apr 2013 17:01:04 GMT
Author: angela
Date: Thu Apr 11 17:00:54 2013
New Revision: 1466966

URL: http://svn.apache.org/r1466966
Log:
OAK-768 : Enhance Root API in order to provide information about the ContentSession  (-> cleanup)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableRoot.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/version/ReadWriteVersionManager.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AuthenticationConfiguration.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenAuthenticationConfiguration.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionContext.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java Thu Apr 11 17:00:54 2013
@@ -81,7 +81,7 @@ public class ContentRepositoryImpl imple
             throw new NoSuchWorkspaceException(workspaceName);
         }
 
-        LoginContextProvider lcProvider = securityProvider.getAuthenticationConfiguration().getLoginContextProvider(nodeStore, commitHook, indexProvider);
+        LoginContextProvider lcProvider = securityProvider.getAuthenticationConfiguration().getLoginContextProvider(this);
         LoginContext loginContext = lcProvider.getLoginContext(credentials, workspaceName);
         loginContext.login();
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableRoot.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableRoot.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableRoot.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ImmutableRoot.java Thu Apr 11 17:00:54 2013
@@ -18,12 +18,7 @@
  */
 package org.apache.jackrabbit.oak.core;
 
-import static com.google.common.base.Preconditions.checkArgument;
-import static org.apache.jackrabbit.oak.commons.PathUtils.elements;
-
-import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
 
 import org.apache.jackrabbit.oak.api.BlobFactory;
 import org.apache.jackrabbit.oak.api.ContentSession;
@@ -33,6 +28,9 @@ import org.apache.jackrabbit.oak.api.Tre
 import org.apache.jackrabbit.oak.commons.PathUtils;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
 
+import static com.google.common.base.Preconditions.checkArgument;
+import static org.apache.jackrabbit.oak.commons.PathUtils.elements;
+
 /**
  * Simple implementation of the Root interface that only supports simple read
  * operations (excluding query) based on the {@code NodeState} (or {@code ImmutableTree})
@@ -41,37 +39,18 @@ import org.apache.jackrabbit.oak.spi.sta
 public final class ImmutableRoot implements Root {
 
     private final ImmutableTree rootTree;
-    private final String workspaceName;
 
-    public ImmutableRoot(@Nonnull NodeState rootState, @Nullable String workspaceName) {
-        this(new ImmutableTree(rootState), workspaceName);
+    public ImmutableRoot(@Nonnull NodeState rootState) {
+        this(new ImmutableTree(rootState));
     }
 
     public ImmutableRoot(@Nonnull Root root, @Nonnull TreeTypeProvider typeProvider) {
-        this(ImmutableTree.createFromRoot(root, typeProvider), getWorkspaceName(root));
+        this(ImmutableTree.createFromRoot(root, typeProvider));
     }
 
-    public ImmutableRoot(@Nonnull ImmutableTree rootTree, @Nullable String workspaceName) {
+    public ImmutableRoot(@Nonnull ImmutableTree rootTree) {
         checkArgument(rootTree.isRoot());
         this.rootTree = rootTree;
-        this.workspaceName = workspaceName;
-    }
-
-    @CheckForNull
-    public String getWorkspaceName() {
-        return workspaceName;
-    }
-
-    // TODO: review if getWorkspaceName() may be part of Root API
-    @CheckForNull
-    public static String getWorkspaceName(Root root) {
-        if (root instanceof ImmutableRoot) {
-            return ((ImmutableRoot) root).getWorkspaceName();
-        } else if (root instanceof RootImpl) {
-            return ((RootImpl) root).getWorkspaceName();
-        } else {
-            return null;
-        }
     }
 
     //---------------------------------------------------------------< Root >---

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java Thu Apr 11 17:00:54 2013
@@ -18,19 +18,12 @@
  */
 package org.apache.jackrabbit.oak.core;
 
-import static com.google.common.base.Preconditions.checkArgument;
-import static com.google.common.base.Preconditions.checkNotNull;
-import static org.apache.jackrabbit.oak.commons.PathUtils.elements;
-import static org.apache.jackrabbit.oak.commons.PathUtils.getName;
-import static org.apache.jackrabbit.oak.commons.PathUtils.getParentPath;
-
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
-
 import javax.annotation.Nonnull;
 import javax.security.auth.Subject;
 
@@ -67,6 +60,12 @@ import org.apache.jackrabbit.oak.spi.sta
 import org.apache.jackrabbit.oak.spi.state.NodeStore;
 import org.apache.jackrabbit.oak.spi.state.NodeStoreBranch;
 
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+import static org.apache.jackrabbit.oak.commons.PathUtils.elements;
+import static org.apache.jackrabbit.oak.commons.PathUtils.getName;
+import static org.apache.jackrabbit.oak.commons.PathUtils.getParentPath;
+
 public class RootImpl implements Root {
 
     /**
@@ -156,24 +155,6 @@ public class RootImpl implements Root {
     }
 
     /**
-     * Oak level variant of {@link org.apache.jackrabbit.oak.api.ContentSession#getLatestRoot()}
-     * to be used when no {@code ContentSession} is available.
-     *
-     * @return A new Root instance.
-     * @see org.apache.jackrabbit.oak.api.ContentSession#getLatestRoot()
-     */
-    public Root getLatest() {
-        checkLive();
-        RootImpl root = new RootImpl(store, hook, workspaceName, subject, securityProvider, indexProvider) {
-            @Override
-            protected void checkLive() {
-                RootImpl.this.checkLive();
-            }
-        };
-        return root;
-    }
-
-    /**
      * Called whenever a method on this instance or on any {@code Tree} instance
      * obtained from this {@code Root} is called. This default implementation
      * does nothing. Sub classes may override this method and throw an exception
@@ -328,7 +309,7 @@ public class RootImpl implements Root {
     @Override
     public boolean hasPendingChanges() {
         checkLive();
-        return !getSecureBase().equals(getSecureRootState());
+        return !getSecureBase().equals(getRootState());
     }
 
     @Nonnull
@@ -416,11 +397,6 @@ public class RootImpl implements Root {
         }
     }
 
-    @Nonnull
-    String getWorkspaceName() {
-        return workspaceName;
-    }
-
     //------------------------------------------------------------< private >---
 
     /**

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/version/ReadWriteVersionManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/version/ReadWriteVersionManager.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/version/ReadWriteVersionManager.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/version/ReadWriteVersionManager.java Thu Apr 11 17:00:54 2013
@@ -19,7 +19,6 @@
 package org.apache.jackrabbit.oak.plugins.version;
 
 import java.util.Collections;
-import java.util.GregorianCalendar;
 import java.util.Iterator;
 import javax.annotation.Nonnull;
 
@@ -33,7 +32,6 @@ import org.apache.jackrabbit.oak.core.Im
 import org.apache.jackrabbit.oak.core.ImmutableTree;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
-import org.apache.jackrabbit.oak.plugins.value.Conversions;
 import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
 import org.apache.jackrabbit.oak.util.TODO;
 
@@ -83,7 +81,7 @@ class ReadWriteVersionManager extends Re
     @Nonnull
     @Override
     protected Root getWorkspaceRoot() {
-        return new ImmutableRoot(workspaceRoot.getNodeState(), null);
+        return new ImmutableRoot(workspaceRoot.getNodeState());
     }
 
     @Nonnull

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java Thu Apr 11 17:00:54 2013
@@ -19,18 +19,16 @@ package org.apache.jackrabbit.oak.securi
 import javax.annotation.Nonnull;
 import javax.security.auth.login.Configuration;
 
+import org.apache.jackrabbit.oak.api.ContentRepository;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil;
 import org.apache.jackrabbit.oak.security.authentication.token.TokenProviderImpl;
-import org.apache.jackrabbit.oak.spi.commit.CommitHook;
-import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
-import org.apache.jackrabbit.oak.spi.state.NodeStore;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -55,7 +53,7 @@ public class AuthenticationConfiguration
 
     @Nonnull
     @Override
-    public LoginContextProvider getLoginContextProvider(NodeStore nodeStore, CommitHook commitHook, QueryIndexProvider indexProvider) {
+    public LoginContextProvider getLoginContextProvider(ContentRepository contentRepository) {
         String appName = config.getConfigValue(PARAM_APP_NAME, DEFAULT_APP_NAME);
         Configuration loginConfig = null;
         try {
@@ -73,7 +71,7 @@ public class AuthenticationConfiguration
             // TODO: review if having a default is desirable or if login should fail without valid login configuration.
             loginConfig = ConfigurationUtil.getDefaultConfiguration(config);
         }
-        return new LoginContextProviderImpl(appName, loginConfig, nodeStore, commitHook, indexProvider, securityProvider);
+        return new LoginContextProviderImpl(appName, loginConfig, contentRepository, securityProvider);
     }
 
     @Nonnull

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java Thu Apr 11 17:00:54 2013
@@ -25,12 +25,10 @@ import javax.security.auth.callback.Name
 import javax.security.auth.callback.PasswordCallback;
 import javax.security.auth.callback.UnsupportedCallbackException;
 
-import org.apache.jackrabbit.oak.spi.commit.CommitHook;
-import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
+import org.apache.jackrabbit.oak.api.ContentRepository;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.callback.CredentialsCallback;
 import org.apache.jackrabbit.oak.spi.security.authentication.callback.RepositoryCallback;
-import org.apache.jackrabbit.oak.spi.state.NodeStore;
 
 /**
  * Default implementation of the {@link CallbackHandler} interface. It currently
@@ -47,19 +45,15 @@ public class CallbackHandlerImpl impleme
 
     private final Credentials credentials;
     private final String workspaceName;
-    private final NodeStore nodeStore;
-    private final CommitHook commitHook;
-    private final QueryIndexProvider indexProvider;
+    private final ContentRepository contentRepository;
     private final SecurityProvider securityProvider;
 
     public CallbackHandlerImpl(Credentials credentials, String workspaceName,
-                               NodeStore nodeStore, CommitHook commitHook, QueryIndexProvider indexProvider,
+                               ContentRepository contentRepository,
                                SecurityProvider securityProvider) {
         this.credentials = credentials;
         this.workspaceName = workspaceName;
-        this.nodeStore = nodeStore;
-        this.commitHook = commitHook;
-        this.indexProvider = indexProvider;
+        this.contentRepository = contentRepository;
         this.securityProvider = securityProvider;
     }
 
@@ -75,10 +69,8 @@ public class CallbackHandlerImpl impleme
                 ((PasswordCallback) callback).setPassword(getPassword());
             } else if (callback instanceof RepositoryCallback) {
                 RepositoryCallback repositoryCallback = (RepositoryCallback) callback;
-                repositoryCallback.setNodeStore(nodeStore);
+                repositoryCallback.setContentRepository(contentRepository);
                 repositoryCallback.setSecurityProvider(securityProvider);
-                repositoryCallback.setCommitHook(commitHook);
-                repositoryCallback.setIndexProvider(indexProvider);
                 repositoryCallback.setWorkspaceName(workspaceName);
             } else {
                 throw new UnsupportedCallbackException(callback);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java Thu Apr 11 17:00:54 2013
@@ -25,14 +25,12 @@ import javax.security.auth.callback.Call
 import javax.security.auth.login.Configuration;
 import javax.security.auth.login.LoginException;
 
-import org.apache.jackrabbit.oak.spi.commit.CommitHook;
-import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
+import org.apache.jackrabbit.oak.api.ContentRepository;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.JaasLoginContext;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContext;
 import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.PreAuthContext;
-import org.apache.jackrabbit.oak.spi.state.NodeStore;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -45,19 +43,15 @@ public class LoginContextProviderImpl im
 
     private final String appName;
     private final Configuration configuration;
-    private final NodeStore nodeStore;
-    private final CommitHook commitHook;
-    private final QueryIndexProvider indexProvider;
+    private final ContentRepository contentRepository;
     private final SecurityProvider securityProvider;
 
     public LoginContextProviderImpl(String appName, Configuration configuration,
-                                    NodeStore nodeStore, CommitHook commitHook, QueryIndexProvider indexProvider,
+                                    ContentRepository contentRepository,
                                     SecurityProvider securityProvider) {
         this.appName = appName;
         this.configuration = configuration;
-        this.nodeStore = nodeStore;
-        this.commitHook = commitHook;
-        this.indexProvider = indexProvider;
+        this.contentRepository = contentRepository;
         this.securityProvider = securityProvider;
     }
 
@@ -92,6 +86,6 @@ public class LoginContextProviderImpl im
 
     @Nonnull
     private CallbackHandler getCallbackHandler(Credentials credentials, String workspaceName) {
-        return new CallbackHandlerImpl(credentials, workspaceName, nodeStore, commitHook, indexProvider, securityProvider);
+        return new CallbackHandlerImpl(credentials, workspaceName, contentRepository, securityProvider);
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java Thu Apr 11 17:00:54 2013
@@ -158,10 +158,6 @@ public final class TokenLoginModule exte
             return true;
         }
 
-        // the login attempt on this module did not succeed: clear state
-        // and check if another successful login asks for a new token to be created.
-        clearState();
-
         if (tokenProvider != null && sharedState.containsKey(SHARED_KEY_CREDENTIALS)) {
             Credentials shared = getSharedCredentials();
             if (shared != null && tokenProvider.doCreateToken(shared)) {
@@ -180,6 +176,10 @@ public final class TokenLoginModule exte
                 }
             }
         }
+        // the login attempt on this module did not succeed: clear state
+        // and check if another successful login asks for a new token to be created.
+        clearState();
+
         return false;
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java Thu Apr 11 17:00:54 2013
@@ -79,8 +79,8 @@ public class AccessControlConfigurationI
     public List<ValidatorProvider> getValidators(String workspaceName) {
         return ImmutableList.of(
                 new PermissionStoreValidatorProvider(),
-                new PermissionValidatorProvider(securityProvider, workspaceName),
-                new AccessControlValidatorProvider(securityProvider, workspaceName));
+                new PermissionValidatorProvider(securityProvider),
+                new AccessControlValidatorProvider(securityProvider));
     }
 
     @Nonnull
@@ -91,8 +91,8 @@ public class AccessControlConfigurationI
 
     //-----------------------------------------< AccessControlConfiguration >---
     @Override
-    public AccessControlManager getAccessControlManager(Root root, NamePathMapper namePathMapper, PermissionProvider permissionProvider) {
-        return new AccessControlManagerImpl(root, namePathMapper, securityProvider, permissionProvider);
+    public AccessControlManager getAccessControlManager(Root root, NamePathMapper namePathMapper) {
+        return new AccessControlManagerImpl(root, namePathMapper, securityProvider);
     }
 
     @Nonnull

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java Thu Apr 11 17:00:54 2013
@@ -91,7 +91,7 @@ class AccessControlImporter implements P
             this.namePathMapper = namePathMapper;
             AccessControlConfiguration config = securityProvider.getAccessControlConfiguration();
             if (isWorkspaceImport) {
-                acMgr = config.getAccessControlManager(root, namePathMapper, null);
+                acMgr = config.getAccessControlManager(root, namePathMapper);
             } else {
                 acMgr = session.getAccessControlManager();
             }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java Thu Apr 11 17:00:54 2013
@@ -100,11 +100,9 @@ public class AccessControlManagerImpl im
     private PermissionProvider permissionProvider;
 
     public AccessControlManagerImpl(@Nonnull Root root, @Nonnull NamePathMapper namePathMapper,
-                                    @Nonnull SecurityProvider securityProvider,
-                                    @Nullable PermissionProvider permissionProvider) {
+                                    @Nonnull SecurityProvider securityProvider) {
         this.root = root;
         this.namePathMapper = namePathMapper;
-        this.permissionProvider = permissionProvider;
 
         privilegeManager = securityProvider.getPrivilegeConfiguration().getPrivilegeManager(root, namePathMapper);
         principalManager = securityProvider.getPrincipalConfiguration().getPrincipalManager(root, namePathMapper);
@@ -130,13 +128,13 @@ public class AccessControlManagerImpl im
 
     @Override
     public boolean hasPrivileges(@Nullable String absPath, @Nonnull Privilege[] privileges) throws RepositoryException {
-        return hasPrivileges(absPath, privileges, permissionProvider);
+        return hasPrivileges(absPath, privileges, getPermissionProvider());
     }
 
     @Nonnull
     @Override
     public Privilege[] getPrivileges(@Nullable String absPath) throws RepositoryException {
-        return getPrivileges(absPath, permissionProvider);
+        return getPrivileges(absPath, getPermissionProvider());
     }
 
     @Nonnull
@@ -351,7 +349,7 @@ public class AccessControlManagerImpl im
             throw new PathNotFoundException("No tree at " + oakPath);
         }
         if (permissions != Permissions.NO_PERMISSION) {
-            if (permissionProvider != null && !permissionProvider.isGranted(tree, null, permissions)) {
+            if (!getPermissionProvider().isGranted(tree, null, permissions)) {
                 throw new AccessDeniedException("Access denied at " + tree);
             }
             // check if the tree is access controlled
@@ -513,6 +511,16 @@ public class AccessControlManagerImpl im
     }
 
     @Nonnull
+    private PermissionProvider getPermissionProvider() {
+        if (permissionProvider == null) {
+            permissionProvider = acConfig.getPermissionProvider(root, root.getContentSession().getAuthInfo().getPrincipals());
+        } else {
+            permissionProvider.refresh();
+        }
+        return permissionProvider;
+    }
+
+    @Nonnull
     private Set<Privilege> getPrivileges(@Nonnull Tree aceTree) throws RepositoryException {
         String[] privNames = checkNotNull(TreeUtil.getStrings(aceTree, REP_PRIVILEGES));
         Set<Privilege> privileges = new HashSet<Privilege>(privNames.length);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java Thu Apr 11 17:00:54 2013
@@ -50,12 +50,9 @@ class AccessControlValidatorProvider ext
     private static final Logger log = LoggerFactory.getLogger(AccessControlValidatorProvider.class);
 
     private final SecurityProvider securityProvider;
-    private final String workspaceName;
 
-    AccessControlValidatorProvider(@Nonnull SecurityProvider securityProvider,
-                                   @Nonnull String workspaceName) {
+    AccessControlValidatorProvider(@Nonnull SecurityProvider securityProvider) {
         this.securityProvider = securityProvider;
-        this.workspaceName = workspaceName;
     }
 
     //--------------------------------------------------< ValidatorProvider >---
@@ -75,7 +72,7 @@ class AccessControlValidatorProvider ext
     }
 
     private Map<String, Privilege> getPrivileges(NodeState beforeRoot, PrivilegeConfiguration config) {
-        Root root = new ImmutableRoot(beforeRoot, workspaceName);
+        Root root = new ImmutableRoot(beforeRoot);
         PrivilegeManager pMgr = config.getPrivilegeManager(root, NamePathMapper.DEFAULT);
         ImmutableMap.Builder privileges = ImmutableMap.builder();
         try {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java Thu Apr 11 17:00:54 2013
@@ -78,7 +78,7 @@ public class PermissionHook implements P
 
         permissionRoot = getPermissionRoot(rootAfter);
         ntMgr = ReadOnlyNodeTypeManager.getInstance(before);
-        bitsProvider = new PrivilegeBitsProvider(new ImmutableRoot(before, workspaceName));
+        bitsProvider = new PrivilegeBitsProvider(new ImmutableRoot(before));
 
         after.compareAgainstBaseState(before, new Diff(new BeforeNode(before), new AfterNode(rootAfter)));
         return rootAfter.getNodeState();

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java Thu Apr 11 17:00:54 2013
@@ -72,7 +72,7 @@ public class PermissionProviderImpl impl
     public PermissionProviderImpl(@Nonnull Root root, @Nonnull Set<Principal> principals,
                                   @Nonnull SecurityProvider securityProvider) {
         this.root = root;
-        this.workspaceName = checkNotNull(ImmutableRoot.getWorkspaceName(root));
+        this.workspaceName = root.getContentSession().getWorkspaceName();
         acConfig = securityProvider.getAccessControlConfiguration();
         if (principals.contains(SystemPrincipal.INSTANCE) || isAdmin(principals)) {
             compiledPermissions = AllPermissions.getInstance();

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java Thu Apr 11 17:00:54 2013
@@ -17,20 +17,15 @@
 package org.apache.jackrabbit.oak.security.authorization.permission;
 
 import java.security.AccessController;
-import java.security.Principal;
-import java.util.Collections;
-import java.util.Set;
 import javax.annotation.Nonnull;
 import javax.security.auth.Subject;
 
-import org.apache.jackrabbit.oak.core.ImmutableRoot;
 import org.apache.jackrabbit.oak.core.ImmutableTree;
 import org.apache.jackrabbit.oak.core.TreeTypeProviderImpl;
 import org.apache.jackrabbit.oak.spi.commit.Validator;
 import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
 import org.apache.jackrabbit.oak.spi.security.Context;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
 
@@ -40,21 +35,19 @@ import org.apache.jackrabbit.oak.spi.sta
 public class PermissionValidatorProvider extends ValidatorProvider {
 
     private final SecurityProvider securityProvider;
-    private final String workspaceName;
 
     private Context acCtx;
     private Context userCtx;
 
-    public PermissionValidatorProvider(SecurityProvider securityProvider, String workspaceName) {
+    public PermissionValidatorProvider(SecurityProvider securityProvider) {
         this.securityProvider = securityProvider;
-        this.workspaceName = workspaceName;
     }
 
     //--------------------------------------------------< ValidatorProvider >---
     @Nonnull
     @Override
     public Validator getRootValidator(NodeState before, NodeState after) {
-        PermissionProvider pp = getPermissionProvider(before);
+        PermissionProvider pp = getPermissionProvider();
         return new PermissionValidator(createTree(before), createTree(after), pp, this);
     }
 
@@ -78,12 +71,10 @@ public class PermissionValidatorProvider
         return new ImmutableTree(root, new TreeTypeProviderImpl(getAccessControlContext()));
     }
 
-    private PermissionProvider getPermissionProvider(NodeState before) {
+    private PermissionProvider getPermissionProvider() {
         Subject subject = Subject.getSubject(AccessController.getContext());
         if (subject == null || subject.getPublicCredentials(PermissionProvider.class).isEmpty()) {
-            Set<Principal> principals = (subject != null) ? subject.getPrincipals() : Collections.<Principal>emptySet();
-            AccessControlConfiguration acConfig = securityProvider.getAccessControlConfiguration();
-            return acConfig.getPermissionProvider(new ImmutableRoot(createTree(before), workspaceName), principals);
+            throw new IllegalStateException("Unable to validate permissions; no permission provider associated with the commit call.");
         } else {
             return subject.getPublicCredentials(PermissionProvider.class).iterator().next();
         }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java Thu Apr 11 17:00:54 2013
@@ -59,7 +59,7 @@ public class PrivilegeConfigurationImpl 
     @Nonnull
     @Override
     public List<? extends ValidatorProvider> getValidators(String workspaceName) {
-        return Collections.singletonList(new PrivilegeValidatorProvider(workspaceName));
+        return Collections.singletonList(new PrivilegeValidatorProvider());
     }
 
     @Nonnull

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeManagerImpl.java Thu Apr 11 17:00:54 2013
@@ -25,13 +25,11 @@ import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.jcr.InvalidItemStateException;
 import javax.jcr.RepositoryException;
-import javax.jcr.UnsupportedRepositoryOperationException;
 import javax.jcr.security.AccessControlException;
 import javax.jcr.security.Privilege;
 
 import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
 import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.core.RootImpl;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
 import org.slf4j.Logger;
@@ -92,12 +90,8 @@ public class PrivilegeManagerImpl implem
 
     //------------------------------------------------------------< private >---
     @Nonnull
-    private Root getWriteRoot() throws UnsupportedRepositoryOperationException {
-        if (root instanceof RootImpl) {
-            return ((RootImpl) root).getLatest();
-        } else {
-            throw new UnsupportedRepositoryOperationException("Privilege registration not supported");
-        }
+    private Root getWriteRoot() {
+        return root.getContentSession().getLatestRoot();
     }
 
     @Nonnull

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java Thu Apr 11 17:00:54 2013
@@ -35,12 +35,6 @@ import static org.apache.jackrabbit.oak.
  */
 class PrivilegeValidatorProvider extends ValidatorProvider {
 
-    private final String workspaceName;
-
-    PrivilegeValidatorProvider(String workspaceName) {
-        this.workspaceName = workspaceName;
-    }
-
     @Nonnull
     @Override
     public Validator getRootValidator(NodeState before, NodeState after) {
@@ -49,6 +43,6 @@ class PrivilegeValidatorProvider extends
     }
 
     private Root createRoot(NodeState nodeState) {
-        return new ImmutableRoot(nodeState, workspaceName);
+        return new ImmutableRoot(nodeState);
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java Thu Apr 11 17:00:54 2013
@@ -33,6 +33,7 @@ import org.apache.jackrabbit.oak.spi.com
 import org.apache.jackrabbit.oak.spi.commit.EmptyHook;
 import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
 import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
+import org.apache.jackrabbit.oak.spi.security.OpenSecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
@@ -95,7 +96,8 @@ public class UserInitializer implements 
         } catch (CommitFailedException e) {
             throw new RuntimeException(e);
         }
-        Root root = new RootImpl(store, commitHook, workspaceName, SystemSubject.INSTANCE, securityProvider, indexProvider);
+        // TODO reconsider
+        Root root = new RootImpl(store, commitHook, workspaceName, SystemSubject.INSTANCE, new OpenSecurityProvider(), indexProvider);
 
         UserConfiguration userConfiguration = securityProvider.getUserConfiguration();
         UserManager userManager = userConfiguration.getUserManager(root, NamePathMapper.DEFAULT);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java Thu Apr 11 17:00:54 2013
@@ -18,12 +18,15 @@ package org.apache.jackrabbit.oak.spi.se
 
 import java.io.IOException;
 import java.security.Principal;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.util.Collections;
 import java.util.Map;
 import java.util.Set;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.jcr.Credentials;
+import javax.jcr.NoSuchWorkspaceException;
 import javax.security.auth.Subject;
 import javax.security.auth.callback.Callback;
 import javax.security.auth.callback.CallbackHandler;
@@ -32,8 +35,11 @@ import javax.security.auth.login.LoginEx
 import javax.security.auth.spi.LoginModule;
 
 import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.api.ContentRepository;
+import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.security.authentication.SystemSubject;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.callback.CredentialsCallback;
@@ -153,6 +159,8 @@ public abstract class AbstractLoginModul
     protected ConfigurationParameters options;
 
     private SecurityProvider securityProvider;
+
+    private ContentSession systemSession;
     private Root root;
 
     //--------------------------------------------------------< LoginModule >---
@@ -192,6 +200,13 @@ public abstract class AbstractLoginModul
     protected void clearState() {
         securityProvider = null;
         root = null;
+        if (systemSession != null) {
+            try {
+                systemSession.close();
+            } catch (IOException e) {
+                log.debug(e.getMessage());
+            }
+        }
     }
 
     /**
@@ -321,14 +336,24 @@ public abstract class AbstractLoginModul
     @CheckForNull
     protected Root getRoot() {
         if (root == null && callbackHandler != null) {
-            RepositoryCallback rcb = new RepositoryCallback();
             try {
+                final RepositoryCallback rcb = new RepositoryCallback();
                 callbackHandler.handle(new Callback[]{rcb});
-                root = rcb.getRoot();
+
+                final ContentRepository repository = rcb.getContentRepository();
+                systemSession = Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction<ContentSession>() {
+                    @Override
+                    public ContentSession run() throws LoginException, NoSuchWorkspaceException {
+                        return repository.login(null, rcb.getWorkspaceName());
+                    }
+                });
+                root = systemSession.getLatestRoot();
             } catch (UnsupportedCallbackException e) {
                 log.debug(e.getMessage());
             } catch (IOException e) {
                 log.debug(e.getMessage());
+            } catch (PrivilegedActionException e){
+                log.debug(e.getMessage());
             }
         }
         return root;

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AuthenticationConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AuthenticationConfiguration.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AuthenticationConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AuthenticationConfiguration.java Thu Apr 11 17:00:54 2013
@@ -18,12 +18,10 @@ package org.apache.jackrabbit.oak.spi.se
 
 import javax.annotation.Nonnull;
 
+import org.apache.jackrabbit.oak.api.ContentRepository;
 import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.spi.commit.CommitHook;
-import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
 import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
-import org.apache.jackrabbit.oak.spi.state.NodeStore;
 
 /**
  * AuthenticationConfiguration... TODO
@@ -35,7 +33,7 @@ public interface AuthenticationConfigura
 
     // TODO review again
     @Nonnull
-    LoginContextProvider getLoginContextProvider(NodeStore nodeStore, CommitHook commitHook, QueryIndexProvider indexProvider);
+    LoginContextProvider getLoginContextProvider(ContentRepository contentRepository);
 
     @Nonnull
     TokenProvider getTokenProvider(Root root);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenAuthenticationConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenAuthenticationConfiguration.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenAuthenticationConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenAuthenticationConfiguration.java Thu Apr 11 17:00:54 2013
@@ -20,12 +20,10 @@ import javax.annotation.Nonnull;
 import javax.jcr.Credentials;
 import javax.security.auth.Subject;
 
+import org.apache.jackrabbit.oak.api.ContentRepository;
 import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.spi.commit.CommitHook;
-import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
 import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
-import org.apache.jackrabbit.oak.spi.state.NodeStore;
 
 /**
  * This implementation of the authentication configuration provides login
@@ -36,7 +34,7 @@ public class OpenAuthenticationConfigura
 
     @Nonnull
     @Override
-    public LoginContextProvider getLoginContextProvider(NodeStore nodeStore, CommitHook commitHook, QueryIndexProvider indexProvider) {
+    public LoginContextProvider getLoginContextProvider(ContentRepository contentRepository) {
         return new LoginContextProvider() {
             @Nonnull
             @Override

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/RepositoryCallback.java Thu Apr 11 17:00:54 2013
@@ -19,26 +19,19 @@ package org.apache.jackrabbit.oak.spi.se
 import javax.annotation.CheckForNull;
 import javax.security.auth.callback.Callback;
 
-import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.core.RootImpl;
-import org.apache.jackrabbit.oak.security.authentication.SystemSubject;
-import org.apache.jackrabbit.oak.spi.commit.CommitHook;
-import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
+import org.apache.jackrabbit.oak.api.ContentRepository;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
-import org.apache.jackrabbit.oak.spi.state.NodeStore;
 
 /**
  * Callback implementation used to access the repository. It allows to set and
- * get the {@code NodeStore} and the name of the workspace for which the login
- * applies. In addition it provides access to a {@link Root} object based on
- * the given node store and workspace name.
+ * get the {@code ContentRepository} and the name of the workspace for which
+ * the login applies. In addition it provides access to a {@link SecurityProvider}
+ * associated with the content repository.
  */
 public class RepositoryCallback implements Callback {
 
-    private NodeStore nodeStore;
-    private CommitHook commitHook;
+    private ContentRepository contentRepository;
     private SecurityProvider securityProvider;
-    private QueryIndexProvider indexProvider;
     private String workspaceName;
 
     @CheckForNull
@@ -46,37 +39,25 @@ public class RepositoryCallback implemen
         return workspaceName;
     }
 
-    @CheckForNull
-    public Root getRoot() {
-        if (nodeStore != null) {
-            return new RootImpl(nodeStore, commitHook, workspaceName, SystemSubject.INSTANCE, securityProvider, indexProvider);
-        }
-        return null;
+    public void setWorkspaceName(String workspaceName) {
+        this.workspaceName = workspaceName;
     }
 
     @CheckForNull
-    public SecurityProvider getSecurityProvider() {
-        return securityProvider;
+    public ContentRepository getContentRepository() {
+        return contentRepository;
     }
 
-    public void setNodeStore(NodeStore nodeStore) {
-        this.nodeStore = nodeStore;
+    public void setContentRepository(ContentRepository contentRepository) {
+        this.contentRepository = contentRepository;
     }
 
-    public void setCommitHook(CommitHook commitHook) {
-        this.commitHook = commitHook;
+    @CheckForNull
+    public SecurityProvider getSecurityProvider() {
+        return securityProvider;
     }
 
     public void setSecurityProvider(SecurityProvider securityProvider) {
         this.securityProvider = securityProvider;
     }
-
-    public void setIndexProvider(QueryIndexProvider indexProvider) {
-        this.indexProvider = indexProvider;
-    }
-
-    public void setWorkspaceName(String workspaceName) {
-        this.workspaceName = workspaceName;
-    }
-
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java Thu Apr 11 17:00:54 2013
@@ -19,7 +19,6 @@ package org.apache.jackrabbit.oak.spi.se
 import java.security.Principal;
 import java.util.Set;
 import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
 import javax.jcr.security.AccessControlManager;
 
 import org.apache.jackrabbit.oak.api.Root;
@@ -35,8 +34,7 @@ public interface AccessControlConfigurat
 
     @Nonnull
     AccessControlManager getAccessControlManager(@Nonnull Root root,
-                                                 @Nonnull NamePathMapper namePathMapper,
-                                                 @Nullable PermissionProvider permissionProvider);
+                                                 @Nonnull NamePathMapper namePathMapper);
 
     @Nonnull
     RestrictionProvider getRestrictionProvider(@Nonnull NamePathMapper namePathMapper);

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java Thu Apr 11 17:00:54 2013
@@ -36,7 +36,7 @@ public class OpenAccessControlConfigurat
         implements AccessControlConfiguration {
 
     @Override
-    public AccessControlManager getAccessControlManager(Root root, NamePathMapper namePathMapper, PermissionProvider permissionProvider) {
+    public AccessControlManager getAccessControlManager(Root root, NamePathMapper namePathMapper) {
         throw new UnsupportedOperationException();
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java Thu Apr 11 17:00:54 2013
@@ -163,7 +163,7 @@ public class AccessControlAction extends
             return;
         }
         String path = authorizable.getPath();
-        AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root, namePathMapper, null);
+        AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root, namePathMapper);
         JackrabbitAccessControlList acl = null;
         for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path); it.hasNext();) {
             AccessControlPolicy plc = it.nextAccessControlPolicy();

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java Thu Apr 11 17:00:54 2013
@@ -38,7 +38,6 @@ import org.apache.jackrabbit.oak.securit
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil;
-import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
 import org.junit.After;
@@ -113,8 +112,7 @@ public abstract class AbstractSecurityTe
     }
     
     protected JackrabbitAccessControlManager getAccessControlManager(Root root) {
-        PermissionProvider pp = null; // TODO
-        AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root, NamePathMapper.DEFAULT, pp);
+        AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root, NamePathMapper.DEFAULT);
         if (acMgr instanceof JackrabbitAccessControlManager) {
             return (JackrabbitAccessControlManager) acMgr;
         } else {

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplTest.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplTest.java Thu Apr 11 17:00:54 2013
@@ -403,28 +403,6 @@ public class RootImplTest extends OakBas
         checkEqual(root1.getTree("/"), (root2.getTree("/")));
     }
 
-    @Test
-    public void testGetLatest() throws Exception {
-        RootImpl root = (RootImpl) session.getLatestRoot();
-        Root root2 = root.getLatest();
-        assertNotSame(root, root2);
-
-        session.close();
-        try {
-            root.getLatest();
-            fail();
-        } catch (IllegalStateException e) {
-            // success
-        }
-
-        try {
-            ((RootImpl) root2).checkLive();
-            fail();
-        } catch (IllegalStateException e) {
-            // success
-        }
-    }
-
     private static void checkEqual(Tree tree1, Tree tree2) {
         assertEquals(tree1.getChildrenCount(), tree2.getChildrenCount());
         assertEquals(tree1.getPropertyCount(), tree2.getPropertyCount());

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java Thu Apr 11 17:00:54 2013
@@ -52,7 +52,6 @@ import org.apache.jackrabbit.oak.securit
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeBitsProvider;
 import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
-import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.util.NodeUtil;
@@ -120,8 +119,7 @@ public class AccessControlManagerImplTes
     }
 
     private AccessControlManagerImpl getAccessControlManager(NamePathMapper npMapper) {
-        PermissionProvider pp = getSecurityProvider().getAccessControlConfiguration().getPermissionProvider(root, adminSession.getAuthInfo().getPrincipals());
-        return new AccessControlManagerImpl(root, npMapper, getSecurityProvider(), pp);
+        return new AccessControlManagerImpl(root, npMapper, getSecurityProvider());
     }
 
     private NamePathMapper getLocalNamePathMapper() {

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionContext.java?rev=1466966&r1=1466965&r2=1466966&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionContext.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionContext.java Thu Apr 11 17:00:54 2013
@@ -16,12 +16,9 @@
  */
 package org.apache.jackrabbit.oak.jcr;
 
-import static com.google.common.base.Preconditions.checkNotNull;
-
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
-
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.jcr.PathNotFoundException;
@@ -53,6 +50,8 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
 import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+
 /**
  * Instances of this class are passed to all JCR implementation classes
  * (e.g. {@code SessionImpl}, {@code NodeImpl}, etc.) and provide access to
@@ -171,7 +170,7 @@ public abstract class SessionContext imp
     public AccessControlManager getAccessControlManager() throws RepositoryException {
         if (accessControlManager == null) {
             SecurityProvider securityProvider = repository.getSecurityProvider();
-            accessControlManager = securityProvider.getAccessControlConfiguration().getAccessControlManager(delegate.getRoot(), namePathMapper, getPermissionProvider());
+            accessControlManager = securityProvider.getAccessControlConfiguration().getAccessControlManager(delegate.getRoot(), namePathMapper);
         }
         return accessControlManager;
     }



Mime
View raw message