jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1521856 - in /jackrabbit/oak/trunk/oak-core/src: main/java/org/apache/jackrabbit/oak/security/authorization/restriction/ main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/ test/java/org/apache/jackrabbit/oak/spi/se...
Date Wed, 11 Sep 2013 14:08:24 GMT
Author: angela
Date: Wed Sep 11 14:08:23 2013
New Revision: 1521856

URL: http://svn.apache.org/r1521856
Log:
OAK-51 : Access Control Management

- simplify restrictions
- add compositerestrictionprovider

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/CompositeRestrictionProvider.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/Restriction.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProviderTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java?rev=1521856&r1=1521855&r2=1521856&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java
Wed Sep 11 14:08:23 2013
@@ -91,7 +91,7 @@ public class PrincipalRestrictionProvide
         Iterator<Restriction> it = Sets.newHashSet(restrictions).iterator();
         while (it.hasNext()) {
             Restriction r = it.next();
-            if (REP_NODE_PATH.equals(r.getName())) {
+            if (REP_NODE_PATH.equals(r.getDefinition().getName())) {
                 it.remove();
             }
         }

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/CompositeRestrictionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/CompositeRestrictionProvider.java?rev=1521856&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/CompositeRestrictionProvider.java
(added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/CompositeRestrictionProvider.java
Wed Sep 11 14:08:23 2013
@@ -0,0 +1,146 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization.restriction;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.jcr.security.AccessControlException;
+
+import com.google.common.collect.Sets;
+import org.apache.jackrabbit.oak.api.Tree;
+
+/**
+ * Aggregates of a collection of {@link RestrictionProvider} implementations
+ * into a single provider.
+ */
+public class CompositeRestrictionProvider implements RestrictionProvider {
+
+    private final Collection<? extends RestrictionProvider> providers;
+
+    private CompositeRestrictionProvider(Collection<? extends RestrictionProvider>
providers) {
+        this.providers = providers;
+    }
+
+    public static RestrictionProvider newInstance(Collection<? extends RestrictionProvider>
providers) {
+        return new CompositeRestrictionProvider(providers);
+    }
+
+    @Nonnull
+    @Override
+    public Set<RestrictionDefinition> getSupportedRestrictions(@Nullable String oakPath)
{
+        Set<RestrictionDefinition> defs = Sets.newHashSet();
+        for (RestrictionProvider rp : providers) {
+            defs.addAll(rp.getSupportedRestrictions(oakPath));
+        }
+        return defs;
+    }
+
+    @Nonnull
+    @Override
+    public Restriction createRestriction(@Nullable String oakPath, @Nonnull String oakName,
@Nonnull Value value) throws AccessControlException, RepositoryException {
+        return getProvider(oakPath, oakName).createRestriction(oakPath, oakName, value);
+    }
+
+    @Nonnull
+    @Override
+    public Restriction createRestriction(@Nullable String oakPath, @Nonnull String oakName,
@Nonnull Value... values) throws AccessControlException, RepositoryException {
+        return getProvider(oakPath, oakName).createRestriction(oakPath, oakName, values);
+    }
+
+    @Nonnull
+    @Override
+    public Set<Restriction> readRestrictions(@Nullable String oakPath, @Nonnull Tree
aceTree) {
+        Set<Restriction> restrictions = Sets.newHashSet();
+        for (RestrictionProvider rp : providers) {
+            restrictions.addAll(rp.readRestrictions(oakPath, aceTree));
+        }
+        return restrictions;
+    }
+
+    @Override
+    public void writeRestrictions(String oakPath, Tree aceTree, Set<Restriction> restrictions)
throws RepositoryException {
+        for (Restriction r : restrictions) {
+            RestrictionProvider rp = getProvider(oakPath, getName(r));
+            rp.writeRestrictions(oakPath, aceTree, restrictions);
+        }
+    }
+
+    @Override
+    public void validateRestrictions(@Nullable String oakPath, @Nonnull Tree aceTree) throws
AccessControlException, RepositoryException {
+        Set<RestrictionDefinition> supported = getSupportedRestrictions(oakPath);
+        Set<String> rNames = new HashSet<String>();
+        for (Restriction r : readRestrictions(oakPath, aceTree)) {
+            String name = getName(r);
+            rNames.add(name);
+            boolean valid = false;
+            for (RestrictionDefinition def : supported) {
+                if (name.equals(def.getName())) {
+                    valid = def.equals(r.getDefinition());
+                    break;
+                }
+            }
+            if (!valid) {
+                throw new AccessControlException("Invalid restriction: " + r + " at " + oakPath);
+            }
+        }
+        for (RestrictionDefinition def : supported) {
+            if (def.isMandatory() && !rNames.contains(def.getName())) {
+                throw new AccessControlException("Mandatory restriction " + def.getName()
+ " is missing.");
+            }
+        }
+    }
+
+    @Nonnull
+    @Override
+    public RestrictionPattern getPattern(@Nullable String oakPath, @Nonnull Tree tree) {
+        List<RestrictionPattern> patterns = new ArrayList<RestrictionPattern>();
+        for (RestrictionProvider rp : providers) {
+            RestrictionPattern pattern = rp.getPattern(oakPath, tree);
+            if (pattern != RestrictionPattern.EMPTY) {
+                patterns.add(pattern);
+            }
+        }
+        switch (patterns.size()) {
+            case 0 : return RestrictionPattern.EMPTY;
+            case 1 : return patterns.iterator().next();
+            default : return new CompositePattern(patterns);
+        }
+    }
+
+    //------------------------------------------------------------< private >---
+    private RestrictionProvider getProvider(@Nullable String oakPath, @Nonnull String oakName)
throws AccessControlException {
+        for (RestrictionProvider rp : providers) {
+            for (RestrictionDefinition def : rp.getSupportedRestrictions(oakPath)) {
+                if (def.getName().equals(oakName)) {
+                    return rp;
+                }
+            }
+        }
+        throw new AccessControlException("Unsupported restriction (path = " + oakPath + ";
name = " + oakName + ')');
+    }
+
+    private static String getName(Restriction restriction) {
+        return restriction.getDefinition().getName();
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/Restriction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/Restriction.java?rev=1521856&r1=1521855&r2=1521856&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/Restriction.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/Restriction.java
Wed Sep 11 14:08:23 2013
@@ -27,7 +27,15 @@ import org.apache.jackrabbit.oak.api.Pro
  *
  * @see org.apache.jackrabbit.api.security.JackrabbitAccessControlList#addEntry(java.security.Principal,
javax.jcr.security.Privilege[], boolean, java.util.Map)
  */
-public interface Restriction extends RestrictionDefinition {
+public interface Restriction {
+
+    /**
+     * Returns the underlying restriction definition.
+     *
+     * @return the restriction definition that applies to this restriction.
+     */
+    @Nonnull
+    RestrictionDefinition getDefinition();
 
     /**
      * The OAK property state associated with this restriction.

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java?rev=1521856&r1=1521855&r2=1521856&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java
Wed Sep 11 14:08:23 2013
@@ -24,18 +24,25 @@ import org.apache.jackrabbit.oak.api.Pro
 /**
  * {@code RestrictionImpl}
  */
-public class RestrictionImpl extends RestrictionDefinitionImpl implements Restriction {
+public class RestrictionImpl implements Restriction {
 
+    private final RestrictionDefinition definition;
     private final PropertyState property;
 
     public RestrictionImpl(@Nonnull PropertyState property, boolean isMandatory) {
-        super(property.getName(), property.getType(), isMandatory);
+        this.definition = new RestrictionDefinitionImpl(property.getName(), property.getType(),
isMandatory);
         this.property = property;
     }
 
     //--------------------------------------------------------< Restriction >---
     @Nonnull
     @Override
+    public RestrictionDefinition getDefinition() {
+        return definition;
+    }
+
+    @Nonnull
+    @Override
     public PropertyState getProperty() {
         return property;
     }
@@ -43,7 +50,7 @@ public class RestrictionImpl extends Res
     //-------------------------------------------------------------< Object >---
     @Override
     public int hashCode() {
-        return Objects.hashCode(getName(), getRequiredType(), isMandatory(), property);
+        return Objects.hashCode(definition, property);
     }
 
     @Override
@@ -53,9 +60,8 @@ public class RestrictionImpl extends Res
         }
         if (o instanceof RestrictionImpl) {
             RestrictionImpl other = (RestrictionImpl) o;
-            return super.equals(other) && property.equals(other.property);
+            return definition.equals(other.definition) && property.equals(other.property);
         }
-
         return false;
     }
 }

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProviderTest.java?rev=1521856&r1=1521855&r2=1521856&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProviderTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProviderTest.java
Wed Sep 11 14:08:23 2013
@@ -179,7 +179,7 @@ public class AbstractRestrictionProvider
     public void testCreateRestriction() throws Exception {
         Restriction r = restrictionProvider.createRestriction(testPath, REP_GLOB, globValue);
         assertNotNull(r);
-        assertEquals(REP_GLOB, r.getName());
+        assertEquals(REP_GLOB, r.getDefinition().getName());
         assertEquals(globValue.getString(), r.getProperty().getValue(Type.STRING));
     }
 
@@ -189,8 +189,8 @@ public class AbstractRestrictionProvider
                 valueFactory.createValue("nt:folder", PropertyType.NAME),
                 valueFactory.createValue("nt:file", PropertyType.NAME));
         assertNotNull(r);
-        assertEquals(REP_NT_NAMES, r.getName());
-        assertEquals(Type.NAMES, r.getRequiredType());
+        assertEquals(REP_NT_NAMES, r.getDefinition().getName());
+        assertEquals(Type.NAMES, r.getDefinition().getRequiredType());
 
         PropertyState ps = r.getProperty();
         assertTrue(ps.isArray());
@@ -204,8 +204,8 @@ public class AbstractRestrictionProvider
     public void testCreateMvRestriction2() throws Exception {
         Restriction r = restrictionProvider.createRestriction(testPath, REP_NT_NAMES, nameValues);
         assertNotNull(r);
-        assertEquals(REP_NT_NAMES, r.getName());
-        assertEquals(Type.NAMES, r.getRequiredType());
+        assertEquals(REP_NT_NAMES, r.getDefinition().getName());
+        assertEquals(Type.NAMES, r.getDefinition().getRequiredType());
 
         PropertyState ps = r.getProperty();
         assertTrue(ps.isArray());
@@ -219,8 +219,8 @@ public class AbstractRestrictionProvider
     public void testCreateMvRestriction3() throws Exception {
         Restriction r = restrictionProvider.createRestriction(testPath, REP_NT_NAMES, nameValue);
         assertNotNull(r);
-        assertEquals(REP_NT_NAMES, r.getName());
-        assertEquals(Type.NAMES, r.getRequiredType());
+        assertEquals(REP_NT_NAMES, r.getDefinition().getName());
+        assertEquals(Type.NAMES, r.getDefinition().getRequiredType());
 
         assertTrue(r.getProperty().isArray());
         assertEquals(Type.NAMES, r.getProperty().getType());
@@ -233,8 +233,8 @@ public class AbstractRestrictionProvider
     public void testCreateEmptyMvRestriction() throws Exception {
         Restriction r = restrictionProvider.createRestriction(testPath, REP_NT_NAMES);
         assertNotNull(r);
-        assertEquals(REP_NT_NAMES, r.getName());
-        assertEquals(Type.NAMES, r.getRequiredType());
+        assertEquals(REP_NT_NAMES, r.getDefinition().getName());
+        assertEquals(Type.NAMES, r.getDefinition().getRequiredType());
 
         assertTrue(r.getProperty().isArray());
         assertEquals(Type.NAMES, r.getProperty().getType());
@@ -248,8 +248,8 @@ public class AbstractRestrictionProvider
     public void testCreateEmptyMvRestriction2() throws Exception {
         Restriction r = restrictionProvider.createRestriction(testPath, REP_NT_NAMES, new
Value[0]);
         assertNotNull(r);
-        assertEquals(REP_NT_NAMES, r.getName());
-        assertEquals(Type.NAMES, r.getRequiredType());
+        assertEquals(REP_NT_NAMES, r.getDefinition().getName());
+        assertEquals(Type.NAMES, r.getDefinition().getRequiredType());
 
         assertTrue(r.getProperty().isArray());
         assertEquals(Type.NAMES, r.getProperty().getType());

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java?rev=1521856&r1=1521855&r2=1521856&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java
(original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java
Wed Sep 11 14:08:23 2013
@@ -19,6 +19,8 @@ package org.apache.jackrabbit.oak.spi.se
 import java.util.ArrayList;
 import java.util.List;
 
+import javax.annotation.Nonnull;
+
 import com.google.common.collect.ImmutableList;
 import org.apache.jackrabbit.oak.TestNameMapper;
 import org.apache.jackrabbit.oak.api.PropertyState;
@@ -57,17 +59,17 @@ public class RestrictionImplTest extends
 
     @Test
     public void testGetName() {
-        assertEquals(name, restriction.getName());
+        assertEquals(name, restriction.getDefinition().getName());
     }
 
     @Test
     public void testGetRequiredType() {
-        assertEquals(Type.NAME, restriction.getRequiredType());
+        assertEquals(Type.NAME, restriction.getDefinition().getRequiredType());
     }
 
     @Test
     public void testIsMandatory() {
-        assertTrue(restriction.isMandatory());
+        assertTrue(restriction.getDefinition().isMandatory());
     }
 
     @Test
@@ -101,18 +103,12 @@ public class RestrictionImplTest extends
         rs.add(new RestrictionImpl(createProperty(name, value), false));
         // - different impl
         rs.add(new Restriction() {
+            @Nonnull
             @Override
-            public String getName() {
-                return name;
-            }
-            @Override
-            public Type<?> getRequiredType() {
-                return Type.NAME;
-            }
-            @Override
-            public boolean isMandatory() {
-                return true;
+            public RestrictionDefinition getDefinition() {
+                return new RestrictionDefinitionImpl(name, Type.NAME, true);
             }
+
             @Override
             public PropertyState getProperty() {
                 return createProperty(name, value);



Mime
View raw message