jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1521892 - in /jackrabbit/oak/trunk: oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ ...
Date Wed, 11 Sep 2013 15:03:47 GMT
Author: angela
Date: Wed Sep 11 15:03:47 2013
New Revision: 1521892

URL: http://svn.apache.org/r1521892
Log:
OAK-521 : Configurable AuthorizableAction(s)
- simplify actions
- add composite action provider
- make default impl a service
- fix configuration of access control action
- remove implementation specific action api from generic user configuration and make it a parameter of the user configuration parameters

OAK-522 : Pluggable User Management (wip)
- make configuration impl a service

OAK-754 : Pluggable Security Setup (wip)
- rename ConfigurationParameters#getNullableConfigValue and allow to specify a target class and fix usages
- ConfigurationParameters: improve convertion
- ConfigurationParameters: add more utility methods to create config params

Added:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/OsgiAuthorizableActionProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/CompositeActionProvider.java
Modified:
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModule.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableActionProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeAction.java
    jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/ConfigurationParametersTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlActionTest.java
    jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationActionTest.java
    jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportWithActionsTest.java

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/OsgiAuthorizableActionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/OsgiAuthorizableActionProvider.java?rev=1521892&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/OsgiAuthorizableActionProvider.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/OsgiAuthorizableActionProvider.java Wed Sep 11 15:03:47 2013
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.osgi;
+
+import java.util.List;
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
+import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableActionProvider;
+import org.apache.jackrabbit.oak.spi.security.user.action.CompositeActionProvider;
+
+/**
+ * OsgiAuthorizableActionProvider... TODO
+ */
+public class OsgiAuthorizableActionProvider extends AbstractServiceTracker<AuthorizableActionProvider> implements AuthorizableActionProvider {
+
+    public OsgiAuthorizableActionProvider() {
+        super(AuthorizableActionProvider.class);
+    }
+
+    @Override
+    public List<? extends AuthorizableAction> getAuthorizableActions(@Nonnull SecurityProvider securityProvider) {
+        AuthorizableActionProvider actionProvider = new CompositeActionProvider(getServices());
+        return actionProvider.getAuthorizableActions(securityProvider);
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java Wed Sep 11 15:03:47 2013
@@ -54,7 +54,7 @@ public class PermissionValidatorProvider
         this.acConfig = securityProvider.getConfiguration(AuthorizationConfiguration.class);
 
         ConfigurationParameters params = acConfig.getParameters();
-        String compatValue = params.getNullableConfigValue(PermissionConstants.PARAM_PERMISSIONS_JR2, null);
+        String compatValue = params.getConfigValue(PermissionConstants.PARAM_PERMISSIONS_JR2, null, String.class);
         jr2Permissions = Permissions.getPermissions(compatValue);
     }
 

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java Wed Sep 11 15:03:47 2013
@@ -20,6 +20,8 @@ import java.util.Collections;
 import java.util.List;
 import javax.annotation.Nonnull;
 
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Service;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
@@ -27,17 +29,21 @@ import org.apache.jackrabbit.oak.spi.com
 import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
 import org.apache.jackrabbit.oak.spi.security.Context;
+import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
-import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
-import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableActionProvider;
-import org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider;
 import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
 
 /**
  * Default implementation of the {@link UserConfiguration}.
  */
-public class UserConfigurationImpl extends ConfigurationBase implements UserConfiguration {
+@Component()
+@Service({UserConfiguration.class, SecurityConfiguration.class})
+public class UserConfigurationImpl extends ConfigurationBase implements UserConfiguration, SecurityConfiguration {
+
+    public UserConfigurationImpl() {
+        super();
+    }
 
     public UserConfigurationImpl(SecurityProvider securityProvider) {
         super(securityProvider);
@@ -80,12 +86,4 @@ public class UserConfigurationImpl exten
     public UserManager getUserManager(Root root, NamePathMapper namePathMapper) {
         return new UserManagerImpl(root, namePathMapper, getSecurityProvider());
     }
-
-    @Nonnull
-    @Override
-    public AuthorizableActionProvider getAuthorizableActionProvider() {
-        // TODO OAK-521: add proper implementation
-        AuthorizableActionProvider defProvider = new DefaultAuthorizableActionProvider(getSecurityProvider(), getParameters());
-        return getParameters().getConfigValue(UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER, defProvider);
-    }
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java Wed Sep 11 15:03:47 2013
@@ -126,7 +126,7 @@ class UserInitializer implements Workspa
                 boolean omitPw = params.getConfigValue(PARAM_OMIT_ADMIN_PW, false);
                 userManager.createUser(adminId, (omitPw) ? null : adminId);
             }
-            String anonymousId = Strings.emptyToNull(params.getNullableConfigValue(PARAM_ANONYMOUS_ID, DEFAULT_ANONYMOUS_ID));
+            String anonymousId = Strings.emptyToNull(params.getConfigValue(PARAM_ANONYMOUS_ID, DEFAULT_ANONYMOUS_ID, String.class));
             if (anonymousId != null && userManager.getAuthorizable(anonymousId) == null) {
                 userManager.createUser(anonymousId, null);
             }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java Wed Sep 11 15:03:47 2013
@@ -20,7 +20,6 @@ import java.io.UnsupportedEncodingExcept
 import java.security.NoSuchAlgorithmException;
 import java.security.Principal;
 import java.util.Iterator;
-import java.util.List;
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
@@ -48,6 +47,8 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
+import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableActionProvider;
+import org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider;
 import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtil;
 import org.apache.jackrabbit.oak.spi.security.user.util.UserUtil;
 import org.slf4j.Logger;
@@ -69,7 +70,7 @@ public class UserManagerImpl implements 
     private final UserProvider userProvider;
     private final MembershipProvider membershipProvider;
     private final ConfigurationParameters config;
-    private final List<AuthorizableAction> authorizableActions;
+    private final AuthorizableActionProvider actionProvider;
 
     private UserQueryManager queryManager;
     private ReadOnlyNodeTypeManager ntMgr;
@@ -83,7 +84,16 @@ public class UserManagerImpl implements 
         this.config = uc.getParameters();
         this.userProvider = new UserProvider(root, config);
         this.membershipProvider = new MembershipProvider(root, config);
-        this.authorizableActions = uc.getAuthorizableActionProvider().getAuthorizableActions();
+        this.actionProvider = getActionProvider(config);
+    }
+
+    @Nonnull
+    private static AuthorizableActionProvider getActionProvider(ConfigurationParameters config) {
+        AuthorizableActionProvider actionProvider = config.getConfigValue(UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER, null, AuthorizableActionProvider.class);
+        if (actionProvider == null) {
+            actionProvider = new DefaultAuthorizableActionProvider(config);
+        }
+        return actionProvider;
     }
 
     //--------------------------------------------------------< UserManager >---
@@ -224,7 +234,7 @@ public class UserManagerImpl implements 
      * @throws RepositoryException If an exception occurs.
      */
     void onCreate(User user, String password) throws RepositoryException {
-        for (AuthorizableAction action : authorizableActions) {
+        for (AuthorizableAction action : actionProvider.getAuthorizableActions(securityProvider)) {
             action.onCreate(user, password, root, namePathMapper);
         }
     }
@@ -238,7 +248,7 @@ public class UserManagerImpl implements 
      * @throws RepositoryException If an exception occurs.
      */
     void onCreate(Group group) throws RepositoryException {
-        for (AuthorizableAction action : authorizableActions) {
+        for (AuthorizableAction action : actionProvider.getAuthorizableActions(securityProvider)) {
             action.onCreate(group, root, namePathMapper);
         }
     }
@@ -252,7 +262,7 @@ public class UserManagerImpl implements 
      * @throws RepositoryException If an exception occurs.
      */
     void onRemove(Authorizable authorizable) throws RepositoryException {
-        for (AuthorizableAction action : authorizableActions) {
+        for (AuthorizableAction action : actionProvider.getAuthorizableActions(securityProvider)) {
             action.onRemove(authorizable, root, namePathMapper);
         }
     }
@@ -267,7 +277,7 @@ public class UserManagerImpl implements 
      * @throws RepositoryException If an exception occurs.
      */
     void onPasswordChange(User user, String password) throws RepositoryException {
-        for (AuthorizableAction action : authorizableActions) {
+        for (AuthorizableAction action : actionProvider.getAuthorizableActions(securityProvider)) {
             action.onPasswordChange(user, password, root, namePathMapper);
         }
     }
@@ -305,11 +315,6 @@ public class UserManagerImpl implements 
     }
 
     @Nonnull
-    SecurityProvider getSecurityProvider() {
-        return securityProvider;
-    }
-
-    @Nonnull
     ConfigurationParameters getConfig() {
         return config;
     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java Wed Sep 11 15:03:47 2013
@@ -338,7 +338,7 @@ class UserProvider extends AuthorizableB
     }
 
     private String getNodeName(String authorizableId) {
-        AuthorizableNodeName generator = config.getConfigValue(PARAM_AUTHORIZABLE_NODE_NAME, AuthorizableNodeName.DEFAULT);
+        AuthorizableNodeName generator = checkNotNull(config.getConfigValue(PARAM_AUTHORIZABLE_NODE_NAME, AuthorizableNodeName.DEFAULT, AuthorizableNodeName.class));
         return generator.generateNodeName(authorizableId);
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java Wed Sep 11 15:03:47 2013
@@ -26,6 +26,8 @@ import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.Maps;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -48,7 +50,15 @@ public class ConfigurationParameters {
         this.options = (options == null) ? Collections.<String, Object>emptyMap() : Collections.unmodifiableMap(options);
     }
 
-    public static ConfigurationParameters newInstance(Properties properties) {
+    public static ConfigurationParameters newInstance(@Nonnull ConfigurationParameters... params) {
+        Map<String, Object> m = Maps.newHashMap();
+        for (ConfigurationParameters cp : params) {
+            m.putAll(cp.options);
+        }
+        return new ConfigurationParameters(ImmutableMap.copyOf(m));
+    }
+
+    public static ConfigurationParameters newInstance(@Nonnull Properties properties) {
         if (properties.isEmpty()) {
             return EMPTY;
         }
@@ -60,7 +70,7 @@ public class ConfigurationParameters {
         return new ConfigurationParameters(options);
     }
 
-    public static ConfigurationParameters newInstance(Dictionary<String, Object> properties) {
+    public static ConfigurationParameters newInstance(@Nonnull Dictionary<String, Object> properties) {
         if (properties.isEmpty()) {
             return EMPTY;
         }
@@ -101,15 +111,18 @@ public class ConfigurationParameters {
      *     match the type of the default value.</li>
      * </ul>
      *
+     *
      * @param key The name of the configuration option.
      * @param defaultValue The default value to return if no such entry exists
      * or to use for conversion.
+     * @param targetClass The target class
      * @return The original or converted configuration value or {@code null}.
      */
     @CheckForNull
-    public <T> T getNullableConfigValue(@Nonnull String key, @Nullable T defaultValue) {
-        if (options != null && options.containsKey(key)) {
-            return convert(options.get(key), defaultValue);
+    public <T> T getConfigValue(@Nonnull String key, @Nullable T defaultValue,
+                                @Nullable Class<T> targetClass) {
+        if (options.containsKey(key)) {
+            return convert(options.get(key), defaultValue, targetClass);
         } else {
             return defaultValue;
         }
@@ -117,8 +130,8 @@ public class ConfigurationParameters {
 
     @Nonnull
     public <T> T getConfigValue(@Nonnull String key, @Nonnull T defaultValue) {
-        if (options != null && options.containsKey(key)) {
-            T value = convert(options.get(key), defaultValue);
+        if (options.containsKey(key)) {
+            T value = convert(options.get(key), defaultValue, null);
             return (value == null) ? defaultValue : value;
         } else {
             return defaultValue;
@@ -128,16 +141,21 @@ public class ConfigurationParameters {
     //--------------------------------------------------------< private >---
     @SuppressWarnings("unchecked")
     @Nullable
-    private static <T> T convert(@Nullable Object configProperty, @Nullable T defaultValue) {
+    private static <T> T convert(@Nullable Object configProperty, @Nullable T defaultValue, @Nullable Class<T> trgtClass) {
         if (configProperty == null) {
             return null;
         }
 
         T value;
         String str = configProperty.toString();
-        Class targetClass = (defaultValue == null) ? configProperty.getClass() : defaultValue.getClass();
+        Class targetClass;
+        if (trgtClass != null) {
+            targetClass = trgtClass;
+        } else {
+            targetClass = (defaultValue == null) ? configProperty.getClass() : defaultValue.getClass();
+        }
         try {
-            if (targetClass == configProperty.getClass()) {
+            if (targetClass.equals(configProperty.getClass()) || targetClass.isAssignableFrom(configProperty.getClass())) {
                 value = (T) configProperty;
             } else if (targetClass == String.class) {
                 value = (T) str;
@@ -156,7 +174,7 @@ public class ConfigurationParameters {
             }
         } catch (NumberFormatException e) {
             log.warn("Invalid value {}; cannot be parsed into {}", str, targetClass.getName());
-            value = defaultValue;
+            throw new IllegalArgumentException("Cannot convert config entry " + str + " to " + targetClass.getName());
         }
         return value;
     }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModule.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModule.java Wed Sep 11 15:03:47 2013
@@ -65,7 +65,7 @@ public abstract class ExternalLoginModul
      * @throws SyncException
      */
     protected SyncHandler getSyncHandler() throws SyncException {
-        Object syncHandler = options.getNullableConfigValue(PARAM_SYNC_HANDLER, null);
+        Object syncHandler = options.getConfigValue(PARAM_SYNC_HANDLER, null, null);
         if (syncHandler == null) {
             return new DefaultSyncHandler();
         } else if (syncHandler instanceof SyncHandler) {
@@ -117,7 +117,7 @@ public abstract class ExternalLoginModul
         try {
             SyncHandler handler = getSyncHandler();
             Root root = getRoot();
-            Object smValue = options.getNullableConfigValue(PARAM_SYNC_MODE, null);
+            Object smValue = options.getConfigValue(PARAM_SYNC_MODE, null, null);
             SyncMode syncMode;
             if (smValue == null) {
                 syncMode = DEFAULT_SYNC_MODE;

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java Wed Sep 11 15:03:47 2013
@@ -22,7 +22,6 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
-import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableActionProvider;
 
 /**
  * Configuration interface for user management.
@@ -33,7 +32,4 @@ public interface UserConfiguration exten
 
     @Nonnull
     UserManager getUserManager(Root root, NamePathMapper namePathMapper);
-
-    @Nonnull
-    AuthorizableActionProvider getAuthorizableActionProvider();
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java Wed Sep 11 15:03:47 2013
@@ -35,14 +35,17 @@ import org.apache.jackrabbit.oak.spi.sec
  */
 public abstract class AbstractAuthorizableAction implements AuthorizableAction {
 
-    // TODO OAK-521:: review again
-    protected abstract void init(SecurityProvider securityProvider, ConfigurationParameters config);
-
     //-------------------------------------------------< AuthorizableAction >---
     /**
      * Doesn't perform any action.
-     *
-     * @see AuthorizableAction#onCreate(org.apache.jackrabbit.api.security.user.Group, org.apache.jackrabbit.oak.api.Root, org.apache.jackrabbit.oak.namepath.NamePathMapper)
+     */
+    @Override
+    public void init(SecurityProvider securityProvider, ConfigurationParameters config) {
+        // nothing to do
+    }
+
+    /**
+     * Doesn't perform any action.
      */
     @Override
     public void onCreate(@Nonnull Group group, @Nonnull Root root, @Nonnull NamePathMapper namePathMapper) throws RepositoryException {
@@ -51,8 +54,6 @@ public abstract class AbstractAuthorizab
 
     /**
      * Doesn't perform any action.
-     *
-     * @see AuthorizableAction#onCreate(org.apache.jackrabbit.api.security.user.User, String, org.apache.jackrabbit.oak.api.Root, org.apache.jackrabbit.oak.namepath.NamePathMapper)
      */
     @Override
     public void onCreate(@Nonnull User user, @Nullable String password, @Nonnull Root root, @Nonnull NamePathMapper namePathMapper) throws RepositoryException {
@@ -61,8 +62,6 @@ public abstract class AbstractAuthorizab
 
     /**
      * Doesn't perform any action.
-     *
-     * @see AuthorizableAction#onRemove(org.apache.jackrabbit.api.security.user.Authorizable, org.apache.jackrabbit.oak.api.Root, org.apache.jackrabbit.oak.namepath.NamePathMapper)
      */
     @Override
     public void onRemove(@Nonnull Authorizable authorizable, @Nonnull Root root, @Nonnull NamePathMapper namePathMapper) throws RepositoryException {
@@ -71,8 +70,6 @@ public abstract class AbstractAuthorizab
 
     /**
      * Doesn't perform any action.
-     *
-     * @see AuthorizableAction#onPasswordChange(org.apache.jackrabbit.api.security.user.User, String, org.apache.jackrabbit.oak.api.Root, org.apache.jackrabbit.oak.namepath.NamePathMapper)
      */
     @Override
     public void onPasswordChange(@Nonnull User user, @Nullable String newPassword, @Nonnull Root root, @Nonnull NamePathMapper namePathMapper) throws RepositoryException {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java Wed Sep 11 15:03:47 2013
@@ -17,8 +17,6 @@
 package org.apache.jackrabbit.oak.spi.security.user.action;
 
 import java.security.Principal;
-import java.util.ArrayList;
-import java.util.List;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 import javax.jcr.RepositoryException;
@@ -38,7 +36,6 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.util.UserUtil;
-import org.apache.jackrabbit.util.Text;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -60,8 +57,8 @@ import org.slf4j.LoggerFactory;
  * </p>
  * <p>Example configuration:
  * <pre>
- *    groupPrivilegeNames : "jcr:read"
- *    userPrivilegeNames  : "jcr:read, rep:write"
+ *    groupPrivilegeNames : ["jcr:read"]
+ *    userPrivilegeNames  : ["jcr:read,rep:write"]
  * </pre>
  * </p>
  * <p>This configuration could for example lead to the following content
@@ -109,15 +106,14 @@ public class AccessControlAction extends
     private String[] groupPrivilegeNames = new String[0];
     private String[] userPrivilegeNames = new String[0];
 
-    //-----------------------------------------< AbstractAuthorizableAction >---
+    //-------------------------------------------------< AuthorizableAction >---
     @Override
-    protected void init(SecurityProvider securityProvider, ConfigurationParameters config) {
-        setSecurityProvider(securityProvider);
-        setUserPrivilegeNames(config.getNullableConfigValue(USER_PRIVILEGE_NAMES, (String) null));
-        setGroupPrivilegeNames(config.getNullableConfigValue(GROUP_PRIVILEGE_NAMES, (String) null));
+    public void init(SecurityProvider securityProvider, ConfigurationParameters config) {
+        this.securityProvider = securityProvider;
+        userPrivilegeNames = privilegeNames(config, USER_PRIVILEGE_NAMES);
+        groupPrivilegeNames = privilegeNames(config, GROUP_PRIVILEGE_NAMES);
     }
 
-    //-------------------------------------------------< AuthorizableAction >---
     @Override
     public void onCreate(Group group, Root root, NamePathMapper namePathMapper) throws RepositoryException {
         setAC(group, root, namePathMapper);
@@ -128,36 +124,23 @@ public class AccessControlAction extends
         setAC(user, root, namePathMapper);
     }
 
-    //------------------------------------------------------< Configuration >---
-    public void setSecurityProvider(@Nonnull SecurityProvider securityProvider) {
-        this.securityProvider = securityProvider;
-    }
-
-    /**
-     * Sets the privileges a new group will be granted on the group's home directory.
-     *
-     * @param privilegeNames A comma separated list of privilege names.
-     */
-    public void setGroupPrivilegeNames(@Nullable String privilegeNames) {
-        if (privilegeNames != null && privilegeNames.length() > 0) {
-            groupPrivilegeNames = split(privilegeNames);
-        }
-
-    }
-
+    //------------------------------------------------------------< private >---
     /**
-     * Sets the privileges a new user will be granted on the user's home directory.
+     * Gets the privilege names that be granted on the group's home directory.
      *
-     * @param privilegeNames  A comma separated list of privilege names.
+     * @param config the configuration parameters.
+     * @param paramName the name of the configuration option
+     * @return a valid string array containing the privilege names.
      */
-    public void setUserPrivilegeNames(@Nullable String privilegeNames) {
-        if (privilegeNames != null && privilegeNames.length() > 0) {
-            userPrivilegeNames = split(privilegeNames);
+    private static String[] privilegeNames(ConfigurationParameters config, String paramName) {
+        String[] privilegeNames = config.getConfigValue(paramName, null, String[].class);
+        if (privilegeNames != null && privilegeNames.length > 0) {
+            return privilegeNames;
+        } else {
+            return new String[0];
         }
     }
 
-    //------------------------------------------------------------< private >---
-
     private void setAC(@Nonnull Authorizable authorizable, @Nonnull Root root,
                        @Nonnull NamePathMapper namePathMapper) throws RepositoryException {
         if (securityProvider == null) {
@@ -236,22 +219,4 @@ public class AccessControlAction extends
         }
         return privileges;
     }
-
-    /**
-     * Split the specified configuration parameter into privilege names.
-     *
-     * @param configParam The configuration parameter defining a comma separated
-     * list of privilege names.
-     * @return An array of privilege names.
-     */
-    private static String[] split(@Nonnull String configParam) {
-        List<String> nameList = new ArrayList<String>();
-        for (String pn : Text.explode(configParam, ',', false)) {
-            String privName = pn.trim();
-            if (privName.length()  > 0) {
-                nameList.add(privName);
-            }
-        }
-        return nameList.toArray(new String[nameList.size()]);
-    }
 }

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java Wed Sep 11 15:03:47 2013
@@ -23,6 +23,8 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 
 /**
  * The {@code AuthorizableAction} interface provide an implementation
@@ -45,6 +47,14 @@ import org.apache.jackrabbit.oak.namepat
 public interface AuthorizableAction {
 
     /**
+     * Initialize this action with the specified security provider and configuration.
+     *
+     * @param securityProvider
+     * @param config
+     */
+    void init(SecurityProvider securityProvider, ConfigurationParameters config);
+
+    /**
      * Allows to add application specific modifications or validation associated
      * with the creation of a new group. Note, that this method is called
      * <strong>before</strong> any {@code Root#commit()} call.

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableActionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableActionProvider.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableActionProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableActionProvider.java Wed Sep 11 15:03:47 2013
@@ -17,6 +17,9 @@
 package org.apache.jackrabbit.oak.spi.security.user.action;
 
 import java.util.List;
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 
 /**
  * {@code AuthorizableActionProvider} is used to provide {@code AuthorizableAction}s
@@ -26,5 +29,5 @@ import java.util.List;
  */
 public interface AuthorizableActionProvider {
 
-    List<AuthorizableAction> getAuthorizableActions();
+    List<? extends AuthorizableAction> getAuthorizableActions(@Nonnull SecurityProvider securityProvider);
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java Wed Sep 11 15:03:47 2013
@@ -23,8 +23,6 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
-import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 
 /**
  * Authorizable action attempting to clear all group membership before removing
@@ -34,12 +32,6 @@ import org.apache.jackrabbit.oak.spi.sec
  */
 public class ClearMembershipAction extends AbstractAuthorizableAction {
 
-    //-----------------------------------------< AbstractAuthorizableAction >---
-    @Override
-    protected void init(SecurityProvider securityProvider, ConfigurationParameters config) {
-        // nothing to do
-    }
-
     //-------------------------------------------------< AuthorizableAction >---
     @Override
     public void onRemove(Authorizable authorizable, Root root, NamePathMapper namePathMapper) throws RepositoryException {

Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/CompositeActionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/CompositeActionProvider.java?rev=1521892&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/CompositeActionProvider.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/CompositeActionProvider.java Wed Sep 11 15:03:47 2013
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.user.action;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+
+import com.google.common.collect.Lists;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+
+/**
+ * Aggregates a collection of {@link AuthorizableActionProvider}s into a single
+ * provider.
+ */
+public class CompositeActionProvider implements AuthorizableActionProvider {
+
+    private final Collection<? extends AuthorizableActionProvider> providers;
+
+    public CompositeActionProvider(Collection<? extends AuthorizableActionProvider> providers) {
+        this.providers = providers;
+    }
+
+    public CompositeActionProvider(AuthorizableActionProvider... providers) {
+        this.providers = Arrays.asList(providers);
+    }
+
+    @Override
+    public List<? extends AuthorizableAction> getAuthorizableActions(SecurityProvider securityProvider) {
+        List<AuthorizableAction> actions = Lists.newArrayList();
+        for (AuthorizableActionProvider p : providers) {
+            actions.addAll(p.getAuthorizableActions(securityProvider));
+        }
+        return actions;
+    }
+}
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java Wed Sep 11 15:03:47 2013
@@ -16,31 +16,74 @@
  */
 package org.apache.jackrabbit.oak.spi.security.user.action;
 
-import java.util.Collections;
 import java.util.List;
 
+import com.google.common.collect.Lists;
+import org.apache.felix.scr.annotations.Activate;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Property;
+import org.apache.felix.scr.annotations.PropertyOption;
+import org.apache.felix.scr.annotations.Service;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.osgi.service.component.ComponentContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
- * DefaultAuthorizableActionProvider... TODO
+ * Default implementation of the {@link AuthorizableActionProvider} interface
+ * that allows to config all actions provided by the OAK.
  */
+@Component()
+@Service(AuthorizableActionProvider.class)
 public class DefaultAuthorizableActionProvider implements AuthorizableActionProvider {
 
-    private final SecurityProvider securityProvider;
-    private final ConfigurationParameters config;
+    private static final Logger log = LoggerFactory.getLogger(DefaultAuthorizableActionProvider.class);
 
-    public DefaultAuthorizableActionProvider(SecurityProvider securityProvider,
-                                             ConfigurationParameters config) {
-        this.securityProvider = securityProvider;
+    private static final String ENABLED_ACTIONS = "enabledActions";
+
+    @Property(name = ENABLED_ACTIONS,
+            options = {
+                    @PropertyOption(name = "org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction", value = "AccessControlAction"),
+                    @PropertyOption(name = "org.apache.jackrabbit.oak.spi.security.user.action.PasswordValidationAction", value = "PasswordValidationAction"),
+                    @PropertyOption(name = "org.apache.jackrabbit.oak.spi.security.user.action.PasswordChangeAction", value = "PasswordChangeAction"),
+                    @PropertyOption(name = "org.apache.jackrabbit.oak.spi.security.user.action.ClearMembershipAction", value = "ClearMembershipAction")
+            })
+    private String[] enabledActions = new String[] {AccessControlAction.class.getName()};
+
+    private ConfigurationParameters config = ConfigurationParameters.EMPTY;
+
+    public DefaultAuthorizableActionProvider() {}
+
+    public DefaultAuthorizableActionProvider(ConfigurationParameters config) {
         this.config = config;
     }
 
+    //-----------------------------------------< AuthorizableActionProvider >---
     @Override
-    public List<AuthorizableAction> getAuthorizableActions() {
-        // TODO OAK-521: create and initialize actions from configuration
-        AccessControlAction action = new AccessControlAction();
-        action.init(securityProvider, config);
-        return Collections.<AuthorizableAction>singletonList(action);
+    public List<? extends AuthorizableAction> getAuthorizableActions(SecurityProvider securityProvider) {
+        List<AuthorizableAction> actions = Lists.newArrayList();
+        for (String className : enabledActions) {
+            try {
+                Object o = Class.forName(className).newInstance();
+                if (o instanceof AuthorizableAction) {
+                    actions.add((AuthorizableAction) o);
+                }
+            } catch (Exception e) {
+                log.debug("Unable to create authorizable action", e);
+            }
+        }
+
+        // merge configurations that may contain action configuration information
+        for (AuthorizableAction action : actions) {
+            action.init(securityProvider, config);
+        }
+        return actions;
+    }
+
+    //----------------------------------------------------< SCR Integration >---
+    @Activate
+    protected void activate(ComponentContext context) {
+        config = ConfigurationParameters.newInstance(context.getProperties());
     }
 }
\ No newline at end of file

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeAction.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordChangeAction.java Wed Sep 11 15:03:47 2013
@@ -24,8 +24,6 @@ import javax.jcr.nodetype.ConstraintViol
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
-import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtil;
 import org.apache.jackrabbit.oak.util.TreeUtil;
@@ -43,11 +41,6 @@ import org.apache.jackrabbit.oak.util.Tr
  */
 public class PasswordChangeAction extends AbstractAuthorizableAction {
 
-    @Override
-    protected void init(SecurityProvider securityProvider, ConfigurationParameters config) {
-        // nothing to do
-    }
-
     //-------------------------------------------------< AuthorizableAction >---
     @Override
     public void onPasswordChange(User user, String newPassword, Root root, NamePathMapper namePathMapper) throws RepositoryException {

Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java Wed Sep 11 15:03:47 2013
@@ -57,16 +57,15 @@ public class PasswordValidationAction ex
 
     private Pattern pattern;
 
-    //-----------------------------------------< AbstractAuthorizableAction >---
+    //-------------------------------------------------< AuthorizableAction >---
     @Override
-    protected void init(SecurityProvider securityProvider, ConfigurationParameters config) {
-        String constraint = config.getNullableConfigValue(CONSTRAINT, (String) null);
+    public void init(SecurityProvider securityProvider, ConfigurationParameters config) {
+        String constraint = config.getConfigValue(CONSTRAINT, null, String.class);
         if (constraint != null) {
             setConstraint(constraint);
         }
     }
 
-    //-------------------------------------------------< AuthorizableAction >---
     @Override
     public void onCreate(User user, String password, Root root, NamePathMapper namePathMapper) throws RepositoryException {
         validatePassword(password, false);
@@ -77,13 +76,13 @@ public class PasswordValidationAction ex
         validatePassword(newPassword, true);
     }
 
-    //------------------------------------------------------< Configuration >---
+    //------------------------------------------------------------< private >---
     /**
      * Set the password constraint.
      *
      * @param constraint A regular expression that can be used to validate a new password.
      */
-    public void setConstraint(@Nonnull String constraint) {
+    private void setConstraint(@Nonnull String constraint) {
         try {
             pattern = Pattern.compile(constraint);
         } catch (PatternSyntaxException e) {
@@ -91,7 +90,6 @@ public class PasswordValidationAction ex
         }
     }
 
-    //------------------------------------------------------------< private >---
     /**
      * Validate the specified password.
      *

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/ConfigurationParametersTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/ConfigurationParametersTest.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/ConfigurationParametersTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/ConfigurationParametersTest.java Wed Sep 11 15:03:47 2013
@@ -16,6 +16,7 @@
  */
 package org.apache.jackrabbit.oak.security;
 
+import java.util.Calendar;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
@@ -30,6 +31,7 @@ import static junit.framework.Assert.ass
 import static junit.framework.Assert.assertNotNull;
 import static junit.framework.Assert.assertNull;
 import static junit.framework.Assert.assertTrue;
+import static junit.framework.Assert.fail;
 import static org.junit.Assert.assertArrayEquals;
 
 public class ConfigurationParametersTest {
@@ -72,10 +74,17 @@ public class ConfigurationParametersTest
         map.put("o1", "v");
         ConfigurationParameters options = new ConfigurationParameters(map);
 
-        assertEquals("v", options.getNullableConfigValue("o1", null));
-        assertEquals("v", options.getNullableConfigValue("o1", "v2"));
-        assertEquals("v2", options.getNullableConfigValue("missing", "v2"));
-        assertEquals(null, options.getNullableConfigValue("missing", null));
+        assertEquals("v", options.getConfigValue("o1", null, null));
+        assertEquals("v", options.getConfigValue("o1", null, String.class));
+
+        assertEquals("v", options.getConfigValue("o1", "v2", null));
+        assertEquals("v", options.getConfigValue("o1", "v2", String.class));
+
+        assertEquals("v2", options.getConfigValue("missing", "v2", null));
+        assertEquals("v2", options.getConfigValue("missing", "v2", String.class));
+
+        assertNull(options.getConfigValue("missing", null, null));
+        assertNull(options.getConfigValue("missing", null, TestObject.class));
 
     }
 
@@ -89,9 +98,11 @@ public class ConfigurationParametersTest
         assertEquals(obj, options.getConfigValue("missing", obj));
         assertEquals(int1000, options.getConfigValue("missing", int1000));
 
-        assertNull(options.getNullableConfigValue("missing", null));
-        assertEquals(obj, options.getNullableConfigValue("missing", obj));
-        assertEquals(int1000, options.getNullableConfigValue("missing", int1000));
+        assertNull(options.getConfigValue("missing", null, null));
+        assertNull(options.getConfigValue("missing", null, String.class));
+        assertEquals(obj, options.getConfigValue("missing", obj, null));
+        assertEquals(obj, options.getConfigValue("missing", obj, TestObject.class));
+        assertEquals(int1000, options.getConfigValue("missing", int1000, Integer.class));
     }
 
     @Test
@@ -111,14 +122,17 @@ public class ConfigurationParametersTest
     public void testArrayDefaultValue2() {
         TestObject[] testArray = new TestObject[] {new TestObject("t")};
 
-        TestObject[] result = ConfigurationParameters.EMPTY.getNullableConfigValue("test", new TestObject[0]);
+        TestObject[] result = ConfigurationParameters.EMPTY.getConfigValue("test", new TestObject[0], null);
         assertNotNull(result);
         assertEquals(0, result.length);
-        assertArrayEquals(testArray, ConfigurationParameters.EMPTY.getNullableConfigValue("test", testArray));
+        assertArrayEquals(testArray, ConfigurationParameters.EMPTY.getConfigValue("test", testArray, null));
+        assertArrayEquals(testArray, ConfigurationParameters.EMPTY.getConfigValue("test", testArray, TestObject[].class));
 
         ConfigurationParameters options = new ConfigurationParameters(Collections.singletonMap("test", testArray));
-        assertArrayEquals(testArray, (TestObject[]) options.getNullableConfigValue("test", null));
-        assertArrayEquals(testArray, options.getNullableConfigValue("test", new TestObject[] {new TestObject("s")}));
+        assertArrayEquals(testArray, (TestObject[]) options.getConfigValue("test", null, null));
+        assertArrayEquals(testArray, options.getConfigValue("test", null, TestObject[].class));
+        assertArrayEquals(testArray, options.getConfigValue("test", new TestObject[]{new TestObject("s")}, null));
+        assertArrayEquals(testArray, options.getConfigValue("test", new TestObject[]{new TestObject("s")}, TestObject[].class));
     }
 
     @Test
@@ -159,24 +173,63 @@ public class ConfigurationParametersTest
         m.put("Int3", 1000);
         ConfigurationParameters options = new ConfigurationParameters(m);
 
-        assertNotNull(options.getNullableConfigValue("TEST", null));
-        assertEquals(testObject, options.getNullableConfigValue("TEST", null));
+        assertNotNull(options.getConfigValue("TEST", null, null));
+        assertNotNull(options.getConfigValue("TEST", null, TestObject.class));
+
+        assertEquals(testObject, options.getConfigValue("TEST", null, null));
+        assertEquals(testObject, options.getConfigValue("TEST", null, TestObject.class));
+
+        assertEquals(testObject, options.getConfigValue("TEST", testObject, null));
+        assertEquals(testObject, options.getConfigValue("TEST", testObject, TestObject.class));
+
+        assertEquals("t", options.getConfigValue("TEST", "defaultString", null));
+        assertEquals("t", options.getConfigValue("TEST", "defaultString", String.class));
+
+        assertEquals("1000", options.getConfigValue("String", null, null));
+        assertEquals("1000", options.getConfigValue("String", null, String.class));
+
+        assertEquals(int1000, options.getConfigValue("String", new Integer(10), null));
+        assertEquals(int1000, options.getConfigValue("String", new Integer(10), Integer.class));
+
+        assertEquals(new Long(1000), options.getConfigValue("String", new Long(10), null));
+        assertEquals(new Long(1000), options.getConfigValue("String", new Long(10), Long.class));
 
-        assertEquals(testObject, options.getNullableConfigValue("TEST", testObject));
-        assertEquals("t", options.getNullableConfigValue("TEST", "defaultString"));
+        assertEquals("1000", options.getConfigValue("String", "10", null));
+        assertEquals("1000", options.getConfigValue("String", "10", String.class));
 
-        assertEquals("1000", options.getNullableConfigValue("String", null));
-        assertEquals(int1000, options.getNullableConfigValue("String", new Integer(10)));
-        assertEquals(new Long(1000), options.getNullableConfigValue("String", new Long(10)));
-        assertEquals("1000", options.getNullableConfigValue("String", "10"));
-
-        assertEquals(int1000, options.getNullableConfigValue("Int2", null));
-        assertEquals(int1000, options.getNullableConfigValue("Int2", new Integer(10)));
-        assertEquals("1000", options.getNullableConfigValue("Int2", "1000"));
-
-        assertEquals(1000, options.getNullableConfigValue("Int3", null));
-        assertEquals(int1000, options.getNullableConfigValue("Int3", new Integer(10)));
-        assertEquals("1000", options.getNullableConfigValue("Int3", "1000"));
+        assertEquals(int1000, options.getConfigValue("Int2", null, null));
+        assertEquals(int1000, options.getConfigValue("Int2", new Integer(10), null));
+        assertEquals("1000", options.getConfigValue("Int2", "1000", null));
+
+        assertEquals(1000, options.getConfigValue("Int3", null, null));
+        assertEquals(int1000, options.getConfigValue("Int3", new Integer(10), null));
+        assertEquals("1000", options.getConfigValue("Int3", "1000", null));
+    }
+
+    @Test
+    public void testImpossibleConversion() {
+        Map<String, Object> map = new HashMap<String, Object>();
+        map.put("string", "v");
+        map.put("obj", new TestObject("test"));
+        map.put("int", new Integer(10));
+        ConfigurationParameters options = new ConfigurationParameters(map);
+
+        Map<String, Class> impossible = new HashMap();
+        impossible.put("string", TestObject.class);
+        impossible.put("string", Integer.class);
+        impossible.put("string", Calendar.class);
+        impossible.put("obj", Integer.class);
+        impossible.put("int", TestObject.class);
+        impossible.put("int", Calendar.class);
+
+        for (String key : impossible.keySet()) {
+            try {
+                options.getConfigValue(key, null, impossible.get(key));
+                fail("Impossible conversion for " + key + " to " + impossible.get(key));
+            } catch (IllegalArgumentException e) {
+                // success
+            }
+        }
     }
 
     @Test
@@ -194,11 +247,12 @@ public class ConfigurationParametersTest
     public void testNullValue2() {
         ConfigurationParameters options = new ConfigurationParameters(Collections.singletonMap("test", null));
 
-        assertNull(options.getNullableConfigValue("test", null));
-        assertNull(options.getNullableConfigValue("test", "value"));
-        assertNull(options.getNullableConfigValue("test", "value"));
-        assertNull(options.getNullableConfigValue("test", new TestObject("t")));
-        assertNull(options.getNullableConfigValue("test", false));
+        assertNull(options.getConfigValue("test", null, null));
+        assertNull(options.getConfigValue("test", null, TestObject.class));
+        assertNull(options.getConfigValue("test", "value", null));
+        assertNull(options.getConfigValue("test", "value", null));
+        assertNull(options.getConfigValue("test", new TestObject("t"), null));
+        assertNull(options.getConfigValue("test", false, null));
     }
 
     private class TestObject {

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlActionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlActionTest.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlActionTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlActionTest.java Wed Sep 11 15:03:47 2013
@@ -45,9 +45,9 @@ public class AccessControlActionTest ext
 
     @Override
     protected ConfigurationParameters getSecurityConfigParameters() {
-        Map<String, String> map = new HashMap<String, String>();
-        map.put(AccessControlAction.GROUP_PRIVILEGE_NAMES, PrivilegeConstants.JCR_READ);
-        map.put(AccessControlAction.USER_PRIVILEGE_NAMES, PrivilegeConstants.JCR_ALL);
+        Map<String, String[]> map = new HashMap<String, String[]>();
+        map.put(AccessControlAction.GROUP_PRIVILEGE_NAMES, new String[] {PrivilegeConstants.JCR_READ});
+        map.put(AccessControlAction.USER_PRIVILEGE_NAMES, new String[] {PrivilegeConstants.JCR_ALL});
 
         ConfigurationParameters userConfig = new ConfigurationParameters(map);
         return new ConfigurationParameters(ImmutableMap.of(UserConfiguration.NAME, userConfig));

Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationActionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationActionTest.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationActionTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationActionTest.java Wed Sep 11 15:03:47 2013
@@ -17,12 +17,14 @@
 package org.apache.jackrabbit.oak.spi.security.user.action;
 
 import java.util.ArrayList;
-import java.util.Arrays;
+import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 import javax.annotation.Nonnull;
 import javax.jcr.RepositoryException;
 import javax.jcr.nodetype.ConstraintViolationException;
 
+import com.google.common.collect.ImmutableList;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.oak.AbstractSecurityTest;
 import org.apache.jackrabbit.oak.api.Root;
@@ -59,7 +61,8 @@ public class PasswordValidationActionTes
         user = (User) getUserManager(root).getAuthorizable(adminSession.getAuthInfo().getUserID());
 
         testAction.reset();
-        pwAction.setConstraint("^.*(?=.{8,})(?=.*[a-z])(?=.*[A-Z]).*");
+        pwAction.init(getSecurityProvider(), new ConfigurationParameters(
+                Collections.singletonMap(PasswordValidationAction.CONSTRAINT, "^.*(?=.{8,})(?=.*[a-z])(?=.*[A-Z]).*")));
 
     }
 
@@ -140,7 +143,7 @@ public class PasswordValidationActionTes
         testUser = getUserManager(root).createUser("testuser", "testPw123456");
         root.commit();
         try {
-            pwAction.setConstraint("abc");
+            pwAction.init(getSecurityProvider(), new ConfigurationParameters(Collections.singletonMap(PasswordValidationAction.CONSTRAINT, "abc")));
 
             String hashed = PasswordUtil.buildPasswordHash("abc");
             testUser.changePassword(hashed);
@@ -164,11 +167,6 @@ public class PasswordValidationActionTes
         }
 
         @Override
-        protected void init(SecurityProvider securityProvider, ConfigurationParameters config) {
-            // nothing to do
-        }
-
-        @Override
         public void onCreate(User user, String password, Root root, NamePathMapper namePathMapper) throws RepositoryException {
             onCreateCalled++;
         }
@@ -181,10 +179,15 @@ public class PasswordValidationActionTes
 
     private class TestSecurityProvider extends SecurityProviderImpl {
 
-        private final AuthorizableAction[] actions;
+        private final AuthorizableActionProvider actionProvider;
 
         private TestSecurityProvider() {
-            this.actions = new AuthorizableAction[]{pwAction, testAction};
+            actionProvider = new AuthorizableActionProvider() {
+                @Override
+                public List<? extends AuthorizableAction> getAuthorizableActions(@Nonnull SecurityProvider securityProvider) {
+                    return ImmutableList.of(pwAction, testAction);
+                }
+            };
         }
 
         public <T> T getConfiguration(Class<T> configClass) {
@@ -192,13 +195,9 @@ public class PasswordValidationActionTes
                 return (T) new UserConfigurationImpl(this) {
                     @Nonnull
                     @Override
-                    public AuthorizableActionProvider getAuthorizableActionProvider() {
-                        return new AuthorizableActionProvider() {
-                            @Override
-                            public List<AuthorizableAction> getAuthorizableActions() {
-                                return Arrays.asList(actions);
-                            }
-                        };
+                    public ConfigurationParameters getParameters() {
+                        Map<String, AuthorizableActionProvider> m = Collections.singletonMap(UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER, actionProvider);
+                        return ConfigurationParameters.newInstance(super.getParameters(), new ConfigurationParameters(m));
                     }
                 };
             } else {

Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportWithActionsTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportWithActionsTest.java?rev=1521892&r1=1521891&r2=1521892&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportWithActionsTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserImportWithActionsTest.java Wed Sep 11 15:03:47 2013
@@ -25,7 +25,6 @@ import javax.jcr.security.AccessControlE
 import javax.jcr.security.AccessControlList;
 import javax.jcr.security.AccessControlManager;
 import javax.jcr.security.AccessControlPolicy;
-import javax.jcr.security.Privilege;
 
 import org.apache.jackrabbit.api.JackrabbitSession;
 import org.apache.jackrabbit.api.security.user.Authorizable;
@@ -33,6 +32,8 @@ import org.apache.jackrabbit.api.securit
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
 import org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction;
 import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
@@ -116,7 +117,7 @@ public class UserImportWithActionsTest e
 
     public void testAccessControlActionExecutionForUser() throws Exception {
         AccessControlAction a1 = new AccessControlAction();
-        a1.setUserPrivilegeNames(Privilege.JCR_ALL);
+        //a1.setUserPrivilegeNames(Privilege.JCR_ALL);
 
         setAuthorizableActions(a1);
 
@@ -152,7 +153,7 @@ public class UserImportWithActionsTest e
 
     public void testAccessControlActionExecutionForUser2() throws Exception {
         AccessControlAction a1 = new AccessControlAction();
-        a1.setUserPrivilegeNames(Privilege.JCR_ALL);
+        //a1.setUserPrivilegeNames(Privilege.JCR_ALL);
 
         setAuthorizableActions(a1);
 
@@ -188,7 +189,7 @@ public class UserImportWithActionsTest e
 
     public void testAccessControlActionExecutionForGroup() throws Exception {
         AccessControlAction a1 = new AccessControlAction();
-        a1.setGroupPrivilegeNames(Privilege.JCR_READ);
+        //a1.setGroupPrivilegeNames(Privilege.JCR_READ);
 
         setAuthorizableActions(a1);
 
@@ -236,6 +237,10 @@ public class UserImportWithActionsTest e
         private String pw;
 
         @Override
+        public void init(SecurityProvider securityProvider, ConfigurationParameters config) {
+        }
+
+        @Override
         public void onCreate(Group group, Root root, NamePathMapper namePathMapper) throws RepositoryException {
             id = group.getID();
         }



Mime
View raw message