You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/09/12 09:59:55 UTC
svn commit: r1522476 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi:
Activator.java OsgiSecurityProvider.java
Author: angela
Date: Thu Sep 12 07:59:55 2013
New Revision: 1522476
URL: http://svn.apache.org/r1522476
Log:
OAK-754 : Pluggable Security Setup (wip)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/OsgiSecurityProvider.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/Activator.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/Activator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/Activator.java?rev=1522476&r1=1522475&r2=1522476&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/Activator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/Activator.java Thu Sep 12 07:59:55 2013
@@ -22,6 +22,7 @@ import java.util.List;
import java.util.Map;
import java.util.Properties;
+import com.google.common.collect.ImmutableMap;
import org.apache.jackrabbit.mk.api.MicroKernel;
import org.apache.jackrabbit.oak.Oak;
import org.apache.jackrabbit.oak.api.ContentRepository;
@@ -29,15 +30,23 @@ import org.apache.jackrabbit.oak.api.jmx
import org.apache.jackrabbit.oak.core.ContentRepositoryImpl;
import org.apache.jackrabbit.oak.kernel.KernelNodeStore;
import org.apache.jackrabbit.oak.osgi.OsgiRepositoryInitializer.RepositoryInitializerObserver;
-import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
import org.apache.jackrabbit.oak.spi.lifecycle.OakInitializer;
import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
+import org.apache.jackrabbit.oak.spi.security.user.AuthorizableNodeName;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.spi.state.NodeStore;
import org.apache.jackrabbit.oak.spi.whiteboard.OsgiWhiteboard;
import org.apache.jackrabbit.oak.spi.whiteboard.Registration;
import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
+import org.osgi.framework.Bundle;
import org.osgi.framework.BundleActivator;
import org.osgi.framework.BundleContext;
+import org.osgi.framework.ServiceFactory;
import org.osgi.framework.ServiceReference;
import org.osgi.framework.ServiceRegistration;
import org.osgi.util.tracker.ServiceTracker;
@@ -64,27 +73,44 @@ public class Activator implements Bundle
private final OsgiRepositoryInitializer repositoryInitializerTracker = new OsgiRepositoryInitializer();
+ private final OsgiAuthorizableActionProvider authorizableActionProvider = new OsgiAuthorizableActionProvider();
+
+ private final OsgiRestrictionProvider restrictionProvider = new OsgiRestrictionProvider();
+
+ private final OsgiSecurityProvider securityProvider;
+
private final Map<ServiceReference, ServiceRegistration> services = new HashMap<ServiceReference, ServiceRegistration>();
private final List<Registration> registrations = new ArrayList<Registration>();
+ public Activator() {
+ securityProvider = new OsgiSecurityProvider(getSecurityConfig());
+ }
+
//----------------------------------------------------< BundleActivator >---
@Override
public void start(BundleContext bundleContext) throws Exception {
context = bundleContext;
whiteboard = new OsgiWhiteboard(bundleContext);
+
indexProvider.start(bundleContext);
indexEditorProvider.start(bundleContext);
validatorProvider.start(bundleContext);
repositoryInitializerTracker.setObserver(this);
repositoryInitializerTracker.start(bundleContext);
- microKernelTracker = new ServiceTracker(
- context, MicroKernel.class.getName(), this);
+
+ authorizableActionProvider.start(bundleContext);
+ restrictionProvider.start(bundleContext);
+ securityProvider.start(bundleContext);
+
+ microKernelTracker = new ServiceTracker(context, MicroKernel.class.getName(), this);
microKernelTracker.open();
// nodeStoreTracker = new ServiceTracker(
// context, NodeStore.class.getName(), this);
// nodeStoreTracker.open();
+
+ registerSecurityProvider();
}
@Override
@@ -95,6 +121,9 @@ public class Activator implements Bundle
indexEditorProvider.stop();
validatorProvider.stop();
repositoryInitializerTracker.stop();
+ authorizableActionProvider.stop();
+ restrictionProvider.stop();
+ securityProvider.stop();
for(Registration r : registrations){
r.unregister();
@@ -119,8 +148,7 @@ public class Activator implements Bundle
NodeStore store = (NodeStore) service;
OakInitializer.initialize(store, repositoryInitializerTracker, indexEditorProvider);
Oak oak = new Oak(store)
- // FIXME: proper osgi setup for security provider (see OAK-17 and sub-tasks)
- .with(new SecurityProviderImpl())
+ .with(securityProvider)
.with(validatorProvider)
.with(indexProvider)
.with(whiteboard)
@@ -159,4 +187,42 @@ public class Activator implements Bundle
}
}
+ //------------------------------------------------------------< private >---
+ private ConfigurationParameters getSecurityConfig() {
+ Map<String, Object> userMap = ImmutableMap.of(
+ UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER, authorizableActionProvider,
+ UserConstants.PARAM_AUTHORIZABLE_NODE_NAME, AuthorizableNodeName.DEFAULT); // TODO
+
+ Map<String, OsgiRestrictionProvider> authorizMap = ImmutableMap.of(
+ AccessControlConstants.PARAM_RESTRICTION_PROVIDER, restrictionProvider
+ );
+
+ ConfigurationParameters securityConfig = new ConfigurationParameters(ImmutableMap.of(
+ UserConfiguration.NAME, new ConfigurationParameters(userMap),
+ AuthorizationConfiguration.NAME, new ConfigurationParameters(authorizMap)
+ ));
+ return securityConfig;
+ }
+
+ private void registerSecurityProvider() {
+ ServiceFactory sf = new ServiceFactory() {
+ @Override
+ public Object getService(Bundle bundle, ServiceRegistration serviceRegistration) {
+ return securityProvider;
+ }
+
+ @Override
+ public void ungetService(Bundle bundle, ServiceRegistration serviceRegistration, Object o) {
+ // nothing to do
+ }
+ };
+ final ServiceRegistration r = context.registerService(SecurityProvider.class.getName(), sf, null);
+ registrations.add(new Registration() {
+ @Override
+ public void unregister() {
+ r.unregister();
+
+ }
+ });
+ }
}
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/OsgiSecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/OsgiSecurityProvider.java?rev=1522476&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/OsgiSecurityProvider.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/OsgiSecurityProvider.java Thu Sep 12 07:59:55 2013
@@ -0,0 +1,103 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.osgi;
+
+import java.util.Map;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import com.google.common.collect.Maps;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.osgi.framework.ServiceReference;
+
+/**
+ * OsgiSecurityProvider... TODO
+ */
+public class OsgiSecurityProvider extends AbstractServiceTracker<SecurityConfiguration> implements SecurityProvider {
+
+ private Map<String, SecurityConfiguration> serviceMap = Maps.newHashMap();
+ private ConfigurationParameters config;
+
+ public OsgiSecurityProvider(@Nonnull ConfigurationParameters config) {
+ super(SecurityConfiguration.class);
+ this.config = config;
+ }
+
+ //-------------------------------------------< ServiceTrackerCustomizer >---
+ @Override
+ public Object addingService(ServiceReference reference) {
+ Object service = super.addingService(reference);
+ if (service instanceof SecurityConfiguration) {
+ SecurityConfiguration sc = (SecurityConfiguration) service;
+ synchronized (this) {
+ serviceMap.put(sc.getName(), sc);
+ }
+
+ if (service instanceof ConfigurationBase) {
+ ((ConfigurationBase) service).setSecurityProvider(this);
+ }
+ }
+ return service;
+ }
+
+ @Override
+ public void removedService(ServiceReference reference, Object service) {
+ super.removedService(reference, service);
+ if (service instanceof SecurityConfiguration) {
+ synchronized (this) {
+ serviceMap.remove(((SecurityConfiguration) service).getName());
+ }
+ }
+ }
+
+
+ //---------------------------------------------------< SecurityProvider >---
+ @Nonnull
+ @Override
+ public ConfigurationParameters getParameters(@Nullable String name) {
+ if (name == null) {
+ return config;
+ }
+ ConfigurationParameters params = config.getConfigValue(name, ConfigurationParameters.EMPTY);
+ SecurityConfiguration sc = serviceMap.get(name);
+ if (sc != null) {
+ return ConfigurationParameters.newInstance(params, sc.getParameters());
+ } else {
+ return params;
+ }
+ }
+
+ @Nonnull
+ @Override
+ public Iterable<? extends SecurityConfiguration> getConfigurations() {
+ return serviceMap.values();
+ }
+
+ @Nonnull
+ @Override
+ public <T> T getConfiguration(@Nonnull Class<T> configClass) {
+ for (SecurityConfiguration sc : serviceMap.values()) {
+ if (configClass.isAssignableFrom(sc.getClass())) {
+ return (T) sc;
+ }
+ }
+ throw new IllegalStateException("Unsupported configuration class " + configClass.getName());
+ }
+}
\ No newline at end of file