You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2023/04/20 15:14:20 UTC
[jackrabbit-oak] branch trunk updated: OAK-10200 : CompositeAccessControlManager.getEffectivePolicies(String) should filter duplicate policies
This is an automated email from the ASF dual-hosted git repository.
angela pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/jackrabbit-oak.git
The following commit(s) were added to refs/heads/trunk by this push:
new 63b4ddb9d1 OAK-10200 : CompositeAccessControlManager.getEffectivePolicies(String) should filter duplicate policies
63b4ddb9d1 is described below
commit 63b4ddb9d173b766ed4e23e3bc6150d721c768cb
Author: angela <an...@adobe.com>
AuthorDate: Thu Apr 20 17:14:10 2023 +0200
OAK-10200 : CompositeAccessControlManager.getEffectivePolicies(String) should filter duplicate policies
---
.../authorization/composite/CompositeAccessControlManager.java | 3 +--
.../composite/CompositeAccessControlManagerTest.java | 10 ++++++++++
.../security/internal/SecurityProviderRegistrationTest.java | 6 ++++--
3 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAccessControlManager.java b/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAccessControlManager.java
index 202ff0e611..24cc670463 100644
--- a/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAccessControlManager.java
+++ b/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAccessControlManager.java
@@ -98,8 +98,7 @@ class CompositeAccessControlManager extends AbstractAccessControlManager {
break;
}
}
- List<AccessControlPolicy> l = policies.build();
- return l.toArray(new AccessControlPolicy[0]);
+ return policies.build().stream().distinct().toArray(AccessControlPolicy[]::new);
}
@Override
diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAccessControlManagerTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAccessControlManagerTest.java
index b858ff181e..a7d7514e1e 100644
--- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAccessControlManagerTest.java
+++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAccessControlManagerTest.java
@@ -194,6 +194,16 @@ public class CompositeAccessControlManagerTest extends AbstractSecurityTest {
assertEquals(1, acMgr.getEffectivePolicies(child.getPath()).length);
}
+ @Test
+ public void testGetEffectivePoliciesFiltersDuplicates() throws Exception {
+ TestAcMgr test = new TestAcMgr();
+ test.hasPolicy = true;
+
+ // create a composite that would result in duplicate effective policies
+ AccessControlManager composite = createComposite(test, test);
+ assertEquals(1, composite.getEffectivePolicies(TEST_PATH).length);
+ }
+
@Test
public void testSetPolicyAtRoot() throws Exception {
AccessControlPolicyIterator it = acMgr.getApplicablePolicies("/");
diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java
index 23d66cd93f..78449a5626 100644
--- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java
+++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java
@@ -56,6 +56,7 @@ import org.apache.jackrabbit.oak.spi.security.authentication.LoginModuleStatsCol
import org.apache.jackrabbit.oak.spi.security.authentication.token.CompositeTokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ReadPolicy;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregationFilter;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
@@ -1019,9 +1020,10 @@ public class SecurityProviderRegistrationTest extends AbstractSecurityTest {
AggregatedPermissionProvider pp = mock(AggregatedPermissionProvider.class);
JackrabbitAccessControlManager acMgr = mock(JackrabbitAccessControlManager.class);
+ // make sure different policies are returned for subsequent calls of the aggregated configurations
AccessControlPolicy policy = mock(AccessControlPolicy.class);
- when(acMgr.getEffectivePolicies(anyString())).thenReturn(new AccessControlPolicy[] {policy});
- when(acMgr.getEffectivePolicies(any(Set.class))).thenReturn(new AccessControlPolicy[] {policy});
+ when(acMgr.getEffectivePolicies(anyString())).thenReturn(new AccessControlPolicy[] {policy}).thenReturn(new AccessControlPolicy[] {ReadPolicy.INSTANCE});
+ when(acMgr.getEffectivePolicies(any(Set.class))).thenReturn(new AccessControlPolicy[] {policy}).thenReturn(new AccessControlPolicy[] {ReadPolicy.INSTANCE});
AuthorizationConfiguration ac1 = mock(AuthorizationConfiguration.class);
AuthorizationConfiguration ac2 = mock(AuthorizationConfiguration.class);