jackrabbit-oak-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ang...@apache.org
Subject svn commit: r1522671 - in /jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr: delegate/SessionDelegate.java repository/RepositoryImpl.java security/AccessManager.java session/SessionContext.java
Date Thu, 12 Sep 2013 17:24:45 GMT
Author: angela
Date: Thu Sep 12 17:24:44 2013
New Revision: 1522671

URL: http://svn.apache.org/r1522671
Log:
OAK-51 : Access Control Management (simplify permission related code in oak-jcr)

Modified:
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegate.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/repository/RepositoryImpl.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/AccessManager.java
    jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/SessionContext.java

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegate.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegate.java?rev=1522671&r1=1522670&r2=1522671&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegate.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegate.java
Thu Sep 12 17:24:44 2013
@@ -16,14 +16,8 @@
  */
 package org.apache.jackrabbit.oak.jcr.delegate;
 
-import static com.google.common.base.Preconditions.checkNotNull;
-import static com.google.common.collect.Lists.newArrayList;
-import static org.apache.jackrabbit.oak.commons.PathUtils.denotesRoot;
-import static org.apache.jackrabbit.oak.commons.PathUtils.elements;
-
 import java.io.IOException;
 import java.util.List;
-
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.jcr.ItemExistsException;
@@ -40,18 +34,15 @@ import org.apache.jackrabbit.oak.api.Roo
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.commons.PathUtils;
 import org.apache.jackrabbit.oak.core.IdentifierManager;
+import org.apache.jackrabbit.oak.jcr.security.AccessManager;
 import org.apache.jackrabbit.oak.jcr.session.RefreshStrategy;
 import org.apache.jackrabbit.oak.jcr.session.operation.SessionOperation;
-import org.apache.jackrabbit.oak.jcr.security.AccessManager;
 import org.apache.jackrabbit.oak.spi.commit.Editor;
 import org.apache.jackrabbit.oak.spi.commit.EditorHook;
 import org.apache.jackrabbit.oak.spi.commit.EditorProvider;
 import org.apache.jackrabbit.oak.spi.commit.FailingValidator;
 import org.apache.jackrabbit.oak.spi.commit.SubtreeExcludingValidator;
 import org.apache.jackrabbit.oak.spi.commit.Validator;
-import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
-import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
 import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
 import org.apache.jackrabbit.oak.spi.state.NodeState;
@@ -60,6 +51,11 @@ import org.slf4j.LoggerFactory;
 import org.slf4j.Marker;
 import org.slf4j.MarkerFactory;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.collect.Lists.newArrayList;
+import static org.apache.jackrabbit.oak.commons.PathUtils.denotesRoot;
+import static org.apache.jackrabbit.oak.commons.PathUtils.elements;
+
 /**
  * TODO document
  */
@@ -72,7 +68,6 @@ public class SessionDelegate {
 
     private final Root root;
     private final IdentifierManager idManager;
-    private final PermissionProvider permissionProvider;
 
     private boolean isAlive = true;
     private int sessionOpCount;
@@ -88,17 +83,12 @@ public class SessionDelegate {
      *
      * @param contentSession  the content session
      * @param refreshStrategy  the refresh strategy used for auto refreshing this session
-     * @param securityProvider the security provider
      */
-    public SessionDelegate(@Nonnull ContentSession contentSession, RefreshStrategy refreshStrategy,
-            SecurityProvider securityProvider) {
+    public SessionDelegate(@Nonnull ContentSession contentSession, RefreshStrategy refreshStrategy)
{
         this.contentSession = checkNotNull(contentSession);
         this.refreshStrategy = checkNotNull(refreshStrategy);
         this.root = contentSession.getLatestRoot();
         this.idManager = new IdentifierManager(root);
-        this.permissionProvider = checkNotNull(securityProvider)
-                .getConfiguration(AuthorizationConfiguration.class)
-                .getPermissionProvider(root, contentSession.getAuthInfo().getPrincipals());
     }
 
     public synchronized void refreshAtNextAccess() {
@@ -306,7 +296,6 @@ public class SessionDelegate {
         } catch (CommitFailedException e) {
             throw newRepositoryException(e);
         }
-        permissionProvider.refresh();
     }
 
     /**
@@ -334,7 +323,6 @@ public class SessionDelegate {
                 throw newRepositoryException(e);
             }
         }
-        permissionProvider.refresh();
     }
 
     public void refresh(boolean keepChanges) {
@@ -343,7 +331,6 @@ public class SessionDelegate {
         } else {
             root.refresh();
         }
-        permissionProvider.refresh();
     }
 
     //----------------------------------------------------------< Workspace >---
@@ -404,11 +391,6 @@ public class SessionDelegate {
         return root.getQueryEngine();
     }
 
-    @Nonnull
-    public PermissionProvider getPermissionProvider() {
-        return permissionProvider;
-    }
-
     /**
      * The current {@code Root} instance this session delegate instance operates on.
      * To ensure the returned root reflects the correct repository revision access

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/repository/RepositoryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/repository/RepositoryImpl.java?rev=1522671&r1=1522670&r2=1522671&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/repository/RepositoryImpl.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/repository/RepositoryImpl.java
Thu Sep 12 17:24:44 2013
@@ -205,8 +205,7 @@ public class RepositoryImpl implements J
 
             RefreshStrategy refreshStrategy = createRefreshStrategy(refreshInterval);
             ContentSession contentSession = contentRepository.login(credentials, workspaceName);
-            SessionDelegate sessionDelegate = new SessionDelegate(
-                    contentSession, refreshStrategy, securityProvider);
+            SessionDelegate sessionDelegate = new SessionDelegate(contentSession, refreshStrategy);
             SessionContext context = createSessionContext(
                     securityProvider, createAttributes(refreshInterval), sessionDelegate);
             return context.getSession();
@@ -328,4 +327,4 @@ public class RepositoryImpl implements J
                 new ThreadSynchronising(threadSaveCount)});
     }
 
-}
\ No newline at end of file
+}

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/AccessManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/AccessManager.java?rev=1522671&r1=1522670&r2=1522671&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/AccessManager.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/AccessManager.java
Thu Sep 12 17:24:44 2013
@@ -31,18 +31,20 @@ import org.apache.jackrabbit.oak.spi.sec
  * AccessManager
  */
 public class AccessManager {
+
     private final SessionDelegate delegate;
     private final PermissionProvider permissionProvider;
 
-    public AccessManager(SessionDelegate delegate) {
+    public AccessManager(SessionDelegate delegate, PermissionProvider permissionProvider)
{
         this.delegate = delegate;
-        this.permissionProvider = delegate.getPermissionProvider();
+        this.permissionProvider = permissionProvider;
     }
 
     public boolean hasPermissions(@Nonnull final String oakPath, @Nonnull final String actions)
{
         return delegate.safePerform(new SessionOperation<Boolean>() {
             @Override
             public Boolean perform() {
+                permissionProvider.refresh();
                 return permissionProvider.isGranted(oakPath, actions);
             }
         });
@@ -52,6 +54,7 @@ public class AccessManager {
         return delegate.safePerform(new SessionOperation<Boolean>() {
             @Override
             public Boolean perform() {
+                permissionProvider.refresh();
                 return permissionProvider.isGranted(tree, property, permissions);
             }
         });
@@ -68,4 +71,4 @@ public class AccessManager {
             throw new AccessDeniedException("Access denied.");
         }
     }
-}
\ No newline at end of file
+}

Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/SessionContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/SessionContext.java?rev=1522671&r1=1522670&r2=1522671&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/SessionContext.java
(original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/SessionContext.java
Thu Sep 12 17:24:44 2013
@@ -16,16 +16,11 @@
  */
 package org.apache.jackrabbit.oak.jcr.session;
 
-import static com.google.common.base.Preconditions.checkNotNull;
-import static com.google.common.collect.Sets.newHashSet;
-import static com.google.common.collect.Sets.newTreeSet;
-
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
 import javax.jcr.PathNotFoundException;
@@ -51,8 +46,8 @@ import org.apache.jackrabbit.oak.jcr.del
 import org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate;
 import org.apache.jackrabbit.oak.jcr.delegate.UserManagerDelegator;
 import org.apache.jackrabbit.oak.jcr.observation.ObservationManagerImpl;
-import org.apache.jackrabbit.oak.jcr.session.operation.SessionOperation;
 import org.apache.jackrabbit.oak.jcr.security.AccessManager;
+import org.apache.jackrabbit.oak.jcr.session.operation.SessionOperation;
 import org.apache.jackrabbit.oak.namepath.LocalNameMapper;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.namepath.NamePathMapperImpl;
@@ -63,6 +58,7 @@ import org.apache.jackrabbit.oak.plugins
 import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
@@ -71,6 +67,10 @@ import org.apache.jackrabbit.oak.spi.xml
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.collect.Sets.newHashSet;
+import static com.google.common.collect.Sets.newTreeSet;
+
 /**
  * Instances of this class are passed to all JCR implementation classes
  * (e.g. {@code SessionImpl}, {@code NodeImpl}, etc.) and provide access to
@@ -97,6 +97,7 @@ public class SessionContext implements N
     private WorkspaceImpl workspace = null;
 
     private AccessControlManager accessControlManager;
+    private AccessManager accessManager;
     private PrincipalManager principalManager;
     private UserManager userManager;
     private PrivilegeManager privilegeManager;
@@ -353,7 +354,13 @@ public class SessionContext implements N
 
     @Nonnull
     public AccessManager getAccessManager() throws RepositoryException {
-        return new AccessManager(delegate);
+        if (accessManager == null) {
+            PermissionProvider pp = checkNotNull(securityProvider)
+                    .getConfiguration(AuthorizationConfiguration.class)
+                    .getPermissionProvider(delegate.getRoot(), delegate.getAuthInfo().getPrincipals());
+            accessManager = new AccessManager(delegate, pp);
+        }
+        return accessManager;
     }
 
     @Nonnull



Mime
View raw message