jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1481803 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authentication/ main/java/org/apache/jackrabbit/oak/security/authorization/ main/java/org/apache/jackrabbit/oak/security/authorization/restrictio...
Date Mon, 13 May 2013 11:55:31 GMT
Author: angela
Date: Mon May 13 11:55:30 2013
New Revision: 1481803

URL: http://svn.apache.org/r1481803
Log:
OAK-51 : Access Control Management (javadoc, tests)
OAK-50 : User Mgt (javadoc)

Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/SystemSubject.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPattern.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/NodeTypePattern.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeBits.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionPattern.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/InvalidTestPrincipal.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/SystemSubject.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/SystemSubject.java?rev=1481803&r1=1481802&r2=1481803&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/SystemSubject.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/SystemSubject.java
Mon May 13 11:55:30 2013
@@ -22,12 +22,17 @@ import javax.security.auth.Subject;
 import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
 
 /**
- * SystemSubject... TODO
+ * Internal utility providing access to a system internal subject instance.
  */
 public final class SystemSubject {
 
     public static final Subject INSTANCE = createSystemSubject();
 
+    /**
+     * Private constructor
+     */
+    private SystemSubject() {}
+
     private static Subject createSystemSubject() {
         return new Subject(true, Collections.singleton(SystemPrincipal.INSTANCE), Collections.<Object>emptySet(),
Collections.<Object>emptySet());
     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java?rev=1481803&r1=1481802&r2=1481803&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
Mon May 13 11:55:30 2013
@@ -45,7 +45,7 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
 
 /**
- * {@code AccessControlConfigurationImpl} ... TODO
+ * Default implementation of the {@code AccessControlConfiguration}.
  */
 public class AccessControlConfigurationImpl extends SecurityConfiguration.Default implements
AccessControlConfiguration {
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java?rev=1481803&r1=1481802&r2=1481803&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
Mon May 13 11:55:30 2013
@@ -16,14 +16,11 @@
  */
 package org.apache.jackrabbit.oak.security.authorization;
 
-import static com.google.common.base.Preconditions.checkNotNull;
-
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-
 import javax.annotation.CheckForNull;
 import javax.jcr.PropertyType;
 import javax.jcr.RepositoryException;
@@ -51,8 +48,11 @@ import org.apache.jackrabbit.oak.spi.xml
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+
 /**
- * AccessControlImporter... TODO
+ * {@link ProtectedNodeImporter} implementation that handles access control lists,
+ * entries and restrictions.
  */
 class AccessControlImporter implements ProtectedNodeImporter, AccessControlConstants {
 
@@ -233,7 +233,6 @@ class AccessControlImporter implements P
         private void setPrincipal(TextValue txtValue) {
             String principalName = txtValue.getString();
             principal = principalManager.getPrincipal(principalName);
-            // TODO: review handling of unknown principals
             if (principal == null) {
                 principal = new PrincipalImpl(principalName);
             }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java?rev=1481803&r1=1481802&r2=1481803&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java
Mon May 13 11:55:30 2013
@@ -27,18 +27,16 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 /**
- * AccessControlUtils... TODO
+ * Access control specific utility methods
  */
 public final class AccessControlUtils extends org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils
implements AccessControlConstants {
 
     /**
-     * logger instance
+     *  Private constructor to avoid instantiation
      */
-    private static final Logger log = LoggerFactory.getLogger(AccessControlUtils.class);
+    private AccessControlUtils() {}
 
     public static void checkValidPrincipal(Principal principal, PrincipalManager principalManager)
throws AccessControlException {
         String name = (principal == null) ? null : principal.getName();

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPattern.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPattern.java?rev=1481803&r1=1481802&r2=1481803&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPattern.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPattern.java
Mon May 13 11:55:30 2013
@@ -105,7 +105,6 @@ final class GlobPattern implements Restr
     //-------------------------------------------------< RestrictionPattern >---
     @Override
     public boolean matches(@Nonnull Tree tree, @Nullable PropertyState property) {
-        // TODO
         String path = (property == null) ? tree.getPath() : PathUtils.concat(tree.getPath(),
property.getName());
         return matches(path);
     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/NodeTypePattern.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/NodeTypePattern.java?rev=1481803&r1=1481802&r2=1481803&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/NodeTypePattern.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/NodeTypePattern.java
Mon May 13 11:55:30 2013
@@ -29,7 +29,11 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 /**
- * NodeTypePattern... TODO
+ * Implementation of the {@link RestrictionPattern} interface that returns
+ * {@code true} if the primary type of the target tree (or the parent of a
+ * target property) is contained in the configured node type name. This allows
+ * to limit certain operations (e.g. adding or removing a child tree) to
+ * nodes with a specific node type.
  */
 class NodeTypePattern implements RestrictionPattern {
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeBits.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeBits.java?rev=1481803&r1=1481802&r2=1481803&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeBits.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeBits.java
Mon May 13 11:55:30 2013
@@ -201,12 +201,17 @@ public final class PrivilegeBits impleme
     }
 
     /**
-     * TODO
+     * Calculate the granted permissions by evaluating the given privileges. Note,
+     * that only built-in privileges can be mapped to permissions. Any other
+     * privileges will be ignored.
      *
-     * @param bits
-     * @param parentBits
-     * @param isAllow
-     * @return
+     * @param bits The set of privileges present at given tree.
+     * @param parentBits The privileges present on the parent tree. These are
+     * required in order to determine permissions that include a modification
+     * of the parent tree (add_child_nodes, remove_child_nodes).
+     * @param isAllow {@code true} if the privileges are granted; {@code false}
+     * otherwise.
+     * @return the resulting permissions.
      */
     public static long calculatePermissions(@Nonnull PrivilegeBits bits,
                                             @Nonnull PrivilegeBits parentBits,

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java?rev=1481803&r1=1481802&r2=1481803&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
Mon May 13 11:55:30 2013
@@ -36,7 +36,7 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
 
 /**
- * UserConfigurationImpl... TODO
+ * Default implementation of the {@link UserConfiguration}.
  */
 public class UserConfigurationImpl extends SecurityConfiguration.Default implements UserConfiguration
{
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionPattern.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionPattern.java?rev=1481803&r1=1481802&r2=1481803&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionPattern.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionPattern.java
Mon May 13 11:55:30 2013
@@ -23,14 +23,37 @@ import org.apache.jackrabbit.oak.api.Pro
 import org.apache.jackrabbit.oak.api.Tree;
 
 /**
- * RestrictionPattern... TODO
+ * Interface used to verify if a given {@code restriction} applies to a given
+ * item or path.
  */
 public interface RestrictionPattern {
 
+    /**
+     * Returns {@code true} if the underlying restriction matches the specified
+     * tree or property state.
+     *
+     * @param tree The target tree or the parent of the target property.
+     * @param property The target property state or {@code null} if the target
+     * item is a tree.
+     * @return {@code true} if the underlying restriction matches the specified
+     * tree or property state; {@code false} otherwise.
+     */
     boolean matches(@Nonnull Tree tree, @Nullable PropertyState property);
 
+    /**
+     * Returns {@code true} if the underlying restriction matches the specified
+     * path.
+     *
+     * @param path The path of the target item.
+     * @return {@code true} if the underlying restriction matches the specified
+     * path; {@code false} otherwise.
+     */
     boolean matches(@Nonnull String path);
 
+    /**
+     * Default implementation of the {@code RestrictionPattern} that always
+     * returns {@code true} and thus matches all items or paths.
+     */
     RestrictionPattern EMPTY = new RestrictionPattern() {
         @Override
         public boolean matches(@Nonnull Tree tree, @Nullable PropertyState property) {

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/InvalidTestPrincipal.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/InvalidTestPrincipal.java?rev=1481803&r1=1481802&r2=1481803&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/InvalidTestPrincipal.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/InvalidTestPrincipal.java
Mon May 13 11:55:30 2013
@@ -18,11 +18,9 @@ package org.apache.jackrabbit.oak.securi
 
 import java.security.Principal;
 
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
 /**
- * InvalidPrincipal... TODO
+ * Test principal implementation which doesn't implement the OAK specific
+ * principal marker interface.
  */
 public final class InvalidTestPrincipal implements Principal {
 

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java?rev=1481803&r1=1481802&r2=1481803&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissionsTest.java
Mon May 13 11:55:30 2013
@@ -16,20 +16,22 @@
  */
 package org.apache.jackrabbit.oak.security.authorization.permission;
 
-import static org.junit.Assert.assertSame;
-import static org.junit.Assert.assertTrue;
-
 import java.util.ArrayList;
 import java.util.List;
 
 import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
+import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.ReadStatus;
 import org.junit.Before;
 import org.junit.Test;
 
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+
 /**
  * Test {@code AllPermissions}.
  */
@@ -45,7 +47,9 @@ public class AllPermissionsTest extends 
         super.before();
 
         paths.add("/");
-        // TODO
+        paths.add(VersionConstants.VERSION_STORE_PATH);
+        paths.add(NodeTypeConstants.NODE_TYPES_PATH);
+        paths.add(getTestUser().getPath());
     }
 
     @Test



Mime
View raw message