sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chet...@apache.org
Subject svn commit: r1649301 - in /sling/trunk: bundles/jcr/oak-server/ bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/ launchpad/builder/src/main/config/oak/
Date Sun, 04 Jan 2015 09:08:26 GMT
Author: chetanm
Date: Sun Jan  4 09:08:25 2015
New Revision: 1649301

URL: http://svn.apache.org/r1649301
Log:
SLING-4277 - Enable JAAS integration with Oak

-- Use SecurityProvider registered by Oak instead of instantiating a custom one
-- Add OSGi config to enable JR2 compatible config. This replaces the config as created in
buildSecurityConfig
-- Replace the various login method with a single login method which is eventually called
by RepositoryImpl
-- Add import for Felix JAAS package

Added:
    sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.security.user.UserConfigurationImpl.config
  (with props)
    sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider.config
  (with props)
Modified:
    sling/trunk/bundles/jcr/oak-server/pom.xml
    sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/JcrRepositoryHacks.java
    sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/OakSlingRepositoryManager.java

Modified: sling/trunk/bundles/jcr/oak-server/pom.xml
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/oak-server/pom.xml?rev=1649301&r1=1649300&r2=1649301&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/oak-server/pom.xml (original)
+++ sling/trunk/bundles/jcr/oak-server/pom.xml Sun Jan  4 09:08:25 2015
@@ -63,6 +63,7 @@
                           com.mongodb;resolution:=optional,
                           org.apache.jackrabbit.oak.security.user;resolution:=optional,
                           org.apache.jackrabbit.oak.spi.security.authentication,
+                          org.apache.felix.jaas.boot,
                           *
                         </Import-Package>
                         

Modified: sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/JcrRepositoryHacks.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/JcrRepositoryHacks.java?rev=1649301&r1=1649300&r2=1649301&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/JcrRepositoryHacks.java
(original)
+++ sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/JcrRepositoryHacks.java
Sun Jan  4 09:08:25 2015
@@ -31,74 +31,23 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
 
 class JcrRepositoryHacks extends RepositoryImpl {
-    
-    // TODO TCCL switching shouldn't be needed?
-    // LoginModules are not found without this
-    static abstract class LoginHelper {
-        Session TCCLLogin() throws RepositoryException {
-            final Thread thread = Thread.currentThread();
-            final ClassLoader loader = thread.getContextClassLoader();
-            try {
-                thread.setContextClassLoader(Oak.class.getClassLoader());
-                return doLogin();
-            } finally {
-                thread.setContextClassLoader(loader);
-            }
-            
-        }
-        
-        protected abstract Session doLogin() throws RepositoryException;
-    };
-    
+
 	JcrRepositoryHacks(ContentRepository contentRepository, Whiteboard whiteboard, 
 	        SecurityProvider securityProvider, int observationQueueLenght, CommitRateLimiter
commitRateLimiter) {
 		super(contentRepository, whiteboard, securityProvider, observationQueueLenght, commitRateLimiter);
 	}
-	
-    @Override
-    public Session login() throws RepositoryException {
-        return new LoginHelper() {
-            protected Session doLogin() throws RepositoryException {
-                return JcrRepositoryHacks.super.login();
-            }
-        }.TCCLLogin();
-    }
-
-    @Override
-    public Session login(final Credentials creds, final String workspace, final Map<String,
Object> opt)
-            throws RepositoryException {
-        return new LoginHelper() {
-            protected Session doLogin() throws RepositoryException {
-                return JcrRepositoryHacks.super.login(creds, workspace, opt);
-            }
-        }.TCCLLogin();
-    }
 
     @Override
-    public Session login(final Credentials credentials) throws RepositoryException {
-        return new LoginHelper() {
-            protected Session doLogin() throws RepositoryException {
-                return JcrRepositoryHacks.super.login(credentials);
-            }
-        }.TCCLLogin();
-    }
-
-    @Override
-    public Session login(final String workspace) throws RepositoryException {
-        return new LoginHelper() {
-            protected Session doLogin() throws RepositoryException {
-                return JcrRepositoryHacks.super.login(workspace);
-            }
-        }.TCCLLogin();
-    }
-
-    @Override
-    public Session login(final Credentials credentials, final String workspace)
-            throws RepositoryException {
-        return new LoginHelper() {
-            protected Session doLogin() throws RepositoryException {
-                return JcrRepositoryHacks.super.login(credentials, workspace);
-            }
-        }.TCCLLogin();
+    public Session login(
+            Credentials credentials, String workspace,
+            Map<String, Object> attributes) throws RepositoryException {
+        Thread thread = Thread.currentThread();
+        ClassLoader loader = thread.getContextClassLoader();
+        try {
+            thread.setContextClassLoader(Oak.class.getClassLoader());
+            return super.login(credentials, workspace, attributes);
+        } finally {
+            thread.setContextClassLoader(loader);
+        }
     }
 }
\ No newline at end of file

Modified: sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/OakSlingRepositoryManager.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/OakSlingRepositoryManager.java?rev=1649301&r1=1649300&r2=1649301&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/OakSlingRepositoryManager.java
(original)
+++ sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/OakSlingRepositoryManager.java
Sun Jan  4 09:08:25 2015
@@ -19,12 +19,13 @@ package org.apache.sling.oak.server;
 
 import static com.google.common.collect.ImmutableSet.of;
 import static java.util.Collections.singleton;
+import static org.apache.felix.scr.annotations.ReferencePolicy.STATIC;
+import static org.apache.felix.scr.annotations.ReferencePolicyOption.GREEDY;
 import static org.apache.jackrabbit.oak.plugins.index.IndexConstants.INDEX_DEFINITIONS_NAME;
 import static org.apache.jackrabbit.oak.plugins.index.IndexUtils.createIndexDefinition;
 
 import java.util.Arrays;
 import java.util.Dictionary;
-import java.util.HashMap;
 import java.util.Hashtable;
 import java.util.Map;
 import java.util.TreeMap;
@@ -34,7 +35,6 @@ import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
 import javax.jcr.security.Privilege;
-import javax.security.auth.login.Configuration;
 
 import org.apache.felix.scr.annotations.Activate;
 import org.apache.felix.scr.annotations.Component;
@@ -60,24 +60,17 @@ import org.apache.jackrabbit.oak.plugins
 import org.apache.jackrabbit.oak.plugins.nodetype.write.InitialContent;
 import org.apache.jackrabbit.oak.plugins.observation.CommitRateLimiter;
 import org.apache.jackrabbit.oak.plugins.version.VersionEditorProvider;
-import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
 import org.apache.jackrabbit.oak.spi.commit.EditorHook;
 import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
-import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
-import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
-import org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction;
 import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
 import org.apache.jackrabbit.oak.spi.state.NodeStore;
 import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
 import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardIndexEditorProvider;
 import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardIndexProvider;
-import org.apache.jackrabbit.oak.spi.xml.ImportBehavior;
-import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
 import org.apache.sling.commons.osgi.PropertiesUtil;
 import org.apache.sling.commons.threads.ThreadPool;
 import org.apache.sling.commons.threads.ThreadPoolManager;
@@ -208,9 +201,11 @@ public class OakSlingRepositoryManager e
         return this.namespaceMappers;
     }
 
+    @Reference(policy = STATIC, policyOption = GREEDY)
+    private SecurityProvider securityProvider = null;
+
     @Override
     protected Repository acquireRepository() {
-        final SecurityProvider securityProvider = new SecurityProviderImpl(buildSecurityConfig());
         this.adminUserName = securityProvider.getConfiguration(UserConfiguration.class).getParameters().getConfigValue(
             UserConstants.PARAM_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID);
 
@@ -330,8 +325,6 @@ public class OakSlingRepositoryManager e
 
     @Activate
     private void activate(ComponentContext componentContext) {
-        // FIXME GRANITE-2315
-        Configuration.setConfiguration(ConfigurationUtil.getJackrabbit2Configuration(ConfigurationParameters.EMPTY));
         this.componentContext = componentContext;
 
         @SuppressWarnings("unchecked")
@@ -435,23 +428,6 @@ public class OakSlingRepositoryManager e
 
     }
 
-    // TODO: use proper osgi configuration (once that works in oak)
-    private static ConfigurationParameters buildSecurityConfig() {
-        Map<String, Object> userConfig = new HashMap<String, Object>();
-        userConfig.put(UserConstants.PARAM_GROUP_PATH, "/home/groups");
-        userConfig.put(UserConstants.PARAM_USER_PATH, "/home/users");
-        userConfig.put(UserConstants.PARAM_DEFAULT_DEPTH, 1);
-        userConfig.put(AccessControlAction.USER_PRIVILEGE_NAMES, new String[] { PrivilegeConstants.JCR_ALL
});
-        userConfig.put(AccessControlAction.GROUP_PRIVILEGE_NAMES, new String[] { PrivilegeConstants.JCR_READ
});
-        userConfig.put(ProtectedItemImporter.PARAM_IMPORT_BEHAVIOR, ImportBehavior.NAME_BESTEFFORT);
-
-        Map<String, Object> config = new HashMap<String, Object>();
-        config.put(
-                UserConfiguration.NAME,
-                ConfigurationParameters.of(userConfig));
-        return ConfigurationParameters.of(config);
-    }
-
     private static int getObservationQueueLength(ComponentContext context) {
         Dictionary<?, ?> properties = context.getProperties();
         Object value = properties.get(OBSERVATION_QUEUE_LENGTH);

Added: sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.security.user.UserConfigurationImpl.config
URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.security.user.UserConfigurationImpl.config?rev=1649301&view=auto
==============================================================================
--- sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.security.user.UserConfigurationImpl.config
(added)
+++ sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.security.user.UserConfigurationImpl.config
Sun Jan  4 09:08:25 2015
@@ -0,0 +1,4 @@
+groupsPath="/home/groups"
+usersPath="/home/users"
+defaultDepth="1"
+importBehavior="besteffort"
\ No newline at end of file

Propchange: sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.security.user.UserConfigurationImpl.config
------------------------------------------------------------------------------
    svn:eol-style = native

Added: sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider.config
URL: http://svn.apache.org/viewvc/sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider.config?rev=1649301&view=auto
==============================================================================
--- sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider.config
(added)
+++ sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider.config
Sun Jan  4 09:08:25 2015
@@ -0,0 +1,3 @@
+enabledActions=["org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction"]
+userPrivilegeNames=["jcr:all"]
+groupPrivilegeNames=["jcr:read"]
\ No newline at end of file

Propchange: sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider.config
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message