jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1508752 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/
Date Wed, 31 Jul 2013 07:43:54 GMT
Author: angela
Date: Wed Jul 31 07:43:54 2013
New Revision: 1508752

URL: http://svn.apache.org/r1508752
Log:
OAK-51 : Access Control Management

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/Util.java
      - copied, changed from r1508502, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java
Removed:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java?rev=1508752&r1=1508751&r2=1508752&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
Wed Jul 31 07:43:54 2013
@@ -99,7 +99,7 @@ abstract class ACL extends AbstractAcces
             getPrivilegeManager().getPrivilege(p.getName());
         }
 
-        AccessControlUtils.checkValidPrincipal(principal, getPrincipalManager());
+        Util.checkValidPrincipal(principal, getPrincipalManager());
 
         for (RestrictionDefinition def : getRestrictionProvider().getSupportedRestrictions(getOakPath()))
{
             String jcrName = getNamePathMapper().getJcrName(def.getName());

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1508752&r1=1508751&r2=1508752&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
Wed Jul 31 07:43:54 2013
@@ -53,6 +53,7 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.commons.iterator.AccessControlPolicyIteratorAdapter;
+import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.PropertyValue;
 import org.apache.jackrabbit.oak.api.QueryEngine;
@@ -74,9 +75,9 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
 import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
 import org.apache.jackrabbit.oak.spi.state.PropertyBuilder;
 import org.apache.jackrabbit.oak.util.NodeUtil;
@@ -94,7 +95,7 @@ import static com.google.common.base.Pre
  * This implementation covers both editing access control content by path and
  * by {@code Principal} resulting both in the same content structure.
  */
-public class AccessControlManagerImpl implements JackrabbitAccessControlManager, AccessControlConstants
{
+class AccessControlManagerImpl implements JackrabbitAccessControlManager, AccessControlConstants
{
 
     private static final Logger log = LoggerFactory.getLogger(AccessControlManagerImpl.class);
 
@@ -111,8 +112,8 @@ public class AccessControlManagerImpl im
 
     private PermissionProvider permissionProvider;
 
-    public AccessControlManagerImpl(@Nonnull Root root, @Nonnull NamePathMapper namePathMapper,
-                                    @Nonnull SecurityProvider securityProvider) {
+    AccessControlManagerImpl(@Nonnull Root root, @Nonnull NamePathMapper namePathMapper,
+                             @Nonnull SecurityProvider securityProvider) {
         this.root = root;
         this.namePathMapper = namePathMapper;
 
@@ -212,13 +213,13 @@ public class AccessControlManagerImpl im
         AccessControlPolicy policy = null;
         Tree aclTree = getAclTree(oakPath, tree);
         if (aclTree == null) {
-            if (tree.hasChild(AccessControlUtils.getAclName(oakPath))) {
+            if (tree.hasChild(Util.getAclName(oakPath))) {
                 // policy child node without tree being access controlled
                 log.warn("Colliding policy child without node being access controllable ({}).",
absPath);
             } else {
                 // create an empty acl unless the node is protected or cannot have
                 // mixin set (e.g. due to a lock)
-                String mixinName = AccessControlUtils.getMixinName(oakPath);
+                String mixinName = Util.getMixinName(oakPath);
                 if (ntMgr.isNodeType(tree, mixinName) || ntMgr.getEffectiveNodeType(tree).supportsMixin(mixinName))
{
                     policy = new NodeACL(oakPath);
                 } else {
@@ -237,7 +238,7 @@ public class AccessControlManagerImpl im
     @Override
     public void setPolicy(@Nullable String absPath, @Nonnull AccessControlPolicy policy)
throws RepositoryException {
         String oakPath = getOakPath(absPath);
-        AccessControlUtils.checkValidPolicy(oakPath, policy);
+        Util.checkValidPolicy(oakPath, policy);
 
         if (policy instanceof PrincipalACL) {
             setPrincipalBasedAcl((PrincipalACL) policy);
@@ -308,7 +309,7 @@ public class AccessControlManagerImpl im
         aclTree.setOrderableChildren(true);
         for (ACE ace : acl.getEntries()) {
             boolean isAllow = ace.isAllow();
-            String nodeName = AccessControlUtils.generateAceName(aclTree, isAllow);
+            String nodeName = Util.generateAceName(aclTree, isAllow);
             String ntName = (isAllow) ? NT_REP_GRANT_ACE : NT_REP_DENY_ACE;
 
             NodeUtil aceNode = new NodeUtil(aclTree).addChild(nodeName, ntName);
@@ -322,7 +323,7 @@ public class AccessControlManagerImpl im
     @Override
     public void removePolicy(@Nullable String absPath, @Nonnull AccessControlPolicy policy)
throws RepositoryException {
         String oakPath = getOakPath(absPath);
-        AccessControlUtils.checkValidPolicy(oakPath, policy);
+        Util.checkValidPolicy(oakPath, policy);
 
         if (policy instanceof PrincipalACL) {
             PrincipalACL principalAcl = (PrincipalACL) policy;
@@ -359,7 +360,7 @@ public class AccessControlManagerImpl im
     @Nonnull
     @Override
     public JackrabbitAccessControlPolicy[] getApplicablePolicies(@Nonnull Principal principal)
throws RepositoryException {
-        AccessControlUtils.checkValidPrincipal(principal, principalManager);
+        Util.checkValidPrincipal(principal, principalManager);
 
         String oakPath = (principal instanceof ItemBasedPrincipal) ? ((ItemBasedPrincipal)
principal).getPath() : null;
         JackrabbitAccessControlPolicy policy = createPrincipalACL(oakPath, principal);
@@ -374,7 +375,7 @@ public class AccessControlManagerImpl im
     @Nonnull
     @Override
     public JackrabbitAccessControlPolicy[] getPolicies(@Nonnull Principal principal) throws
RepositoryException {
-        AccessControlUtils.checkValidPrincipal(principal, principalManager);
+        Util.checkValidPrincipal(principal, principalManager);
 
         String oakPath = (principal instanceof ItemBasedPrincipal) ? ((ItemBasedPrincipal)
principal).getPath() : null;
         JackrabbitAccessControlPolicy policy = createPrincipalACL(oakPath, principal);
@@ -389,7 +390,7 @@ public class AccessControlManagerImpl im
     @Nonnull
     @Override
     public AccessControlPolicy[] getEffectivePolicies(@Nonnull Set<Principal> principals)
throws RepositoryException {
-        AccessControlUtils.checkValidPrincipals(principals, principalManager);
+        Util.checkValidPrincipals(principals, principalManager);
         Root r = root.getContentSession().getLatestRoot();
 
         Result aceResult = searchAces(principals, r);
@@ -478,8 +479,8 @@ public class AccessControlManagerImpl im
 
     @CheckForNull
     private Tree getAclTree(@Nullable String oakPath, @Nonnull Tree accessControlledTree)
{
-        if (AccessControlUtils.isAccessControlled(oakPath, accessControlledTree, ntMgr))
{
-            String aclName = AccessControlUtils.getAclName(oakPath);
+        if (Util.isAccessControlled(oakPath, accessControlledTree, ntMgr)) {
+            String aclName = Util.getAclName(oakPath);
             Tree policyTree = accessControlledTree.getChild(aclName);
             if (policyTree.exists()) {
                 return policyTree;
@@ -496,9 +497,9 @@ public class AccessControlManagerImpl im
      */
     @Nonnull
     private Tree createAclTree(@Nullable String oakPath, @Nonnull Tree tree) throws AccessDeniedException
{
-        if (!AccessControlUtils.isAccessControlled(oakPath, tree, ntMgr)) {
+        if (!Util.isAccessControlled(oakPath, tree, ntMgr)) {
             PropertyState mixins = tree.getProperty(JcrConstants.JCR_MIXINTYPES);
-            String mixinName = AccessControlUtils.getMixinName(oakPath);
+            String mixinName = Util.getMixinName(oakPath);
             if (mixins == null) {
                 tree.setProperty(JcrConstants.JCR_MIXINTYPES, Collections.singleton(mixinName),
Type.NAMES);
             } else {
@@ -507,7 +508,7 @@ public class AccessControlManagerImpl im
                 tree.setProperty(pb.getPropertyState());
             }
         }
-        String aclName = AccessControlUtils.getAclName(oakPath);
+        String aclName = Util.getAclName(oakPath);
         return new NodeUtil(tree).addChild(aclName, NT_REP_ACL).getTree();
     }
 
@@ -516,13 +517,13 @@ public class AccessControlManagerImpl im
                                                   @Nonnull Tree accessControlledTree,
                                                   boolean isEffectivePolicy) throws RepositoryException
{
         JackrabbitAccessControlList acl = null;
-        String aclName = AccessControlUtils.getAclName(oakPath);
-        if (accessControlledTree.exists() && AccessControlUtils.isAccessControlled(oakPath,
accessControlledTree, ntMgr)) {
+        String aclName = Util.getAclName(oakPath);
+        if (accessControlledTree.exists() && Util.isAccessControlled(oakPath, accessControlledTree,
ntMgr)) {
             Tree aclTree = accessControlledTree.getChild(aclName);
             if (aclTree.exists()) {
                 List<ACE> entries = new ArrayList<ACE>();
                 for (Tree child : aclTree.getChildren()) {
-                    if (AccessControlUtils.isACE(child, ntMgr)) {
+                    if (Util.isACE(child, ntMgr)) {
                         entries.add(createACE(oakPath, child, restrictionProvider));
                     }
                 }
@@ -544,7 +545,7 @@ public class AccessControlManagerImpl im
         List<ACE> entries = new ArrayList<ACE>();
         for (ResultRow row : aceResult.getRows()) {
             Tree aceTree = root.getTree(row.getPath());
-            if (AccessControlUtils.isACE(aceTree, ntMgr)) {
+            if (Util.isACE(aceTree, ntMgr)) {
                 String aclPath = Text.getRelativeParent(aceTree.getPath(), 1);
                 String path;
                 if (aclPath.endsWith(REP_REPO_POLICY)) {

Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/Util.java
(from r1508502, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/Util.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/Util.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java&r1=1508502&r2=1508752&rev=1508752&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/Util.java
Wed Jul 31 07:43:54 2013
@@ -30,16 +30,17 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
 
 /**
- * Access control specific utility methods
+ * Implementation specific access control utility methods
  */
-public final class AccessControlUtils extends org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils
implements AccessControlConstants {
+final class Util implements AccessControlConstants {
 
     /**
      *  Private constructor to avoid instantiation
      */
-    private AccessControlUtils() {}
+    private Util() {}
 
-    public static void checkValidPrincipal(Principal principal, PrincipalManager principalManager)
throws AccessControlException {
+    public static void checkValidPrincipal(@Nullable Principal principal,
+                                           @Nonnull PrincipalManager principalManager) throws
AccessControlException {
         String name = (principal == null) ? null : principal.getName();
         if (name == null || name.isEmpty()) {
             throw new AccessControlException("Invalid principal " + name);
@@ -49,12 +50,13 @@ public final class AccessControlUtils ex
         }
     }
 
-    public static void checkValidPrincipals(@Nullable Set<Principal> principals, PrincipalManager
principalManager) throws AccessControlException {
+    public static void checkValidPrincipals(@Nullable Set<Principal> principals,
+                                            @Nonnull PrincipalManager principalManager) throws
AccessControlException {
         if (principals == null) {
             throw new AccessControlException("Valid principals expected. Found null.");
         }
         for (Principal principal : principals) {
-            AccessControlUtils.checkValidPrincipal(principal, principalManager);
+            checkValidPrincipal(principal, principalManager);
         }
     }
 
@@ -69,7 +71,8 @@ public final class AccessControlUtils ex
         }
     }
 
-    public static boolean isAccessControlled(String oakPath, @Nonnull Tree tree, @Nonnull
ReadOnlyNodeTypeManager ntMgr) {
+    public static boolean isAccessControlled(@Nullable String oakPath, @Nonnull Tree tree,
+                                             @Nonnull ReadOnlyNodeTypeManager ntMgr) {
         String mixinName = getMixinName(oakPath);
         return ntMgr.isNodeType(tree, mixinName);
     }

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java?rev=1508752&r1=1508751&r2=1508752&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/ReadTest.java
Wed Jul 31 07:43:54 2013
@@ -16,13 +16,10 @@
  */
 package org.apache.jackrabbit.oak.jcr.security.authorization;
 
-import static org.junit.Assert.assertArrayEquals;
-
 import java.security.Principal;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
-
 import javax.jcr.Node;
 import javax.jcr.PathNotFoundException;
 import javax.jcr.RepositoryException;
@@ -35,10 +32,12 @@ import javax.jcr.util.TraversingItemVisi
 import com.google.common.collect.Sets;
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
 import org.apache.jackrabbit.api.security.user.Group;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlUtils;
+import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.junit.Test;
 
+import static org.junit.Assert.assertArrayEquals;
+
 /**
  * Permission evaluation tests related to {@link javax.jcr.security.Privilege#JCR_READ} privilege.
  */



Mime
View raw message