You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2017/03/07 12:52:04 UTC
svn commit: r1785836 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak:
security/authentication/token/ spi/security/authentication/token/
Author: angela
Date: Tue Mar 7 12:52:04 2017
New Revision: 1785836
URL: http://svn.apache.org/viewvc?rev=1785836&view=rev
Log:
OAK-5900 : Add Nonnull Annotation to TokenInfo.matches(TokenCredentials)
OAK-5901 : Minor improvements to TokenProviderImpl and TokenValidator
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenValidatorProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenInfo.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1785836&r1=1785835&r2=1785836&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java Tue Mar 7 12:52:04 2017
@@ -146,7 +146,7 @@ class TokenProviderImpl implements Token
return false;
} else {
Object attr = credentialsSupport.getAttributes(creds).get(TOKEN_ATTRIBUTE);
- return (attr != null && "".equals(attr.toString()));
+ return (attr != null && attr.toString().isEmpty());
}
}
@@ -197,8 +197,8 @@ class TokenProviderImpl implements Token
public TokenInfo createToken(@Nonnull String userId, @Nonnull Map<String, ?> attributes) {
String error = "Failed to create login token. {}";
User user = getUser(userId);
- NodeUtil tokenParent = getTokenParent(user);
- if (tokenParent != null && user != null) {
+ NodeUtil tokenParent = (user == null) ? null : getTokenParent(user);
+ if (tokenParent != null) {
try {
String id = user.getID();
long creationTime = new Date().getTime();
@@ -257,12 +257,14 @@ class TokenProviderImpl implements Token
int pos = token.indexOf(DELIM);
String nodeId = (pos == -1) ? token : token.substring(0, pos);
Tree tokenTree = identifierManager.getTree(nodeId);
- String userId = getUserId(tokenTree);
- if (userId == null || !isValidTokenTree(tokenTree)) {
- return null;
- } else {
- return new TokenInfoImpl(new NodeUtil(tokenTree), token, userId);
+ if (isValidTokenTree(tokenTree)) {
+ String userId = getUserId(tokenTree);
+ if (userId != null) {
+ return new TokenInfoImpl(new NodeUtil(tokenTree), token, userId);
+ }
}
+ // not a valid token tree or failed to extract userID
+ return null;
}
//--------------------------------------------------------------------------
@@ -323,27 +325,21 @@ class TokenProviderImpl implements Token
return Text.replace(ISO8601.format(creation), ":", ".");
}
- @CheckForNull
- private Tree getTokenTree(@Nonnull TokenInfo tokenInfo) {
- if (tokenInfo instanceof TokenInfoImpl) {
- return root.getTree(((TokenInfoImpl) tokenInfo).tokenPath);
- } else {
- return null;
- }
+ @Nonnull
+ private Tree getTokenTree(@Nonnull TokenInfoImpl tokenInfo) {
+ return root.getTree(tokenInfo.tokenPath);
}
@CheckForNull
- private String getUserId(@CheckForNull Tree tokenTree) {
- if (tokenTree != null && tokenTree.exists()) {
- try {
- String userPath = Text.getRelativeParent(tokenTree.getPath(), 2);
- Authorizable authorizable = userManager.getAuthorizableByPath(userPath);
- if (authorizable != null && !authorizable.isGroup() && !((User) authorizable).isDisabled()) {
- return authorizable.getID();
- }
- } catch (RepositoryException e) {
- log.debug("Cannot determine userID from token: {}", e.getMessage());
+ private String getUserId(@Nonnull Tree tokenTree) {
+ try {
+ String userPath = Text.getRelativeParent(tokenTree.getPath(), 2);
+ Authorizable authorizable = userManager.getAuthorizableByPath(userPath);
+ if (authorizable != null && !authorizable.isGroup() && !((User) authorizable).isDisabled()) {
+ return authorizable.getID();
}
+ } catch (RepositoryException e) {
+ log.debug("Cannot determine userID from token: {}", e.getMessage());
}
return null;
}
@@ -365,10 +361,7 @@ class TokenProviderImpl implements Token
}
@CheckForNull
- private NodeUtil getTokenParent(@CheckForNull User user) {
- if (user == null) {
- return null;
- }
+ private NodeUtil getTokenParent(@Nonnull User user) {
NodeUtil tokenParent = null;
String parentPath = null;
try {
@@ -453,7 +446,7 @@ class TokenProviderImpl implements Token
private final Map<String, String> publicAttributes;
- private TokenInfoImpl(NodeUtil tokenNode, String token, String userId) {
+ private TokenInfoImpl(@Nonnull NodeUtil tokenNode, @Nonnull String token, @Nonnull String userId) {
this.token = token;
this.tokenPath = tokenNode.getTree().getPath();
this.userId = userId;
@@ -502,7 +495,7 @@ class TokenProviderImpl implements Token
// for backwards compatibility use true as default value for the 'tokenRefresh' configuration
if (options.getConfigValue(PARAM_TOKEN_REFRESH, true)) {
Tree tokenTree = getTokenTree(this);
- if (tokenTree != null && tokenTree.exists()) {
+ if (tokenTree.exists()) {
NodeUtil tokenNode = new NodeUtil(tokenTree);
if (isExpired(loginTime)) {
log.debug("Attempt to reset an expired token.");
@@ -529,7 +522,7 @@ class TokenProviderImpl implements Token
@Override
public boolean remove() {
Tree tokenTree = getTokenTree(this);
- if (tokenTree != null && tokenTree.exists()) {
+ if (tokenTree.exists()) {
try {
if (tokenTree.remove()) {
root.commit(CommitMarker.asCommitAttributes());
@@ -543,7 +536,7 @@ class TokenProviderImpl implements Token
}
@Override
- public boolean matches(TokenCredentials tokenCredentials) {
+ public boolean matches(@Nonnull TokenCredentials tokenCredentials) {
String tk = tokenCredentials.getToken();
int pos = tk.lastIndexOf(DELIM);
if (pos > -1) {
@@ -594,8 +587,8 @@ class TokenProviderImpl implements Token
* @return {@code true} if the specified {@code attributeName}
* starts with or equals {@link #TOKEN_ATTRIBUTE}.
*/
- private boolean isMandatoryAttribute(String attributeName) {
- return attributeName != null && attributeName.startsWith(TOKEN_ATTRIBUTE);
+ private boolean isMandatoryAttribute(@Nonnull String attributeName) {
+ return attributeName.startsWith(TOKEN_ATTRIBUTE);
}
/**
@@ -608,7 +601,7 @@ class TokenProviderImpl implements Token
* @return {@code true} if the specified property name doesn't seem
* to represent repository internal information.
*/
- private boolean isInfoAttribute(String attributeName) {
+ private boolean isInfoAttribute(@Nonnull String attributeName) {
String prefix = Text.getNamespacePrefix(attributeName);
return !NamespaceConstants.RESERVED_PREFIXES.contains(prefix);
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenValidatorProvider.java?rev=1785836&r1=1785835&r2=1785836&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenValidatorProvider.java Tue Mar 7 12:52:04 2017
@@ -95,13 +95,13 @@ class TokenValidatorProvider extends Val
@Override
public void propertyChanged(PropertyState before, PropertyState after) throws CommitFailedException {
- String beforeName = after.getName();
- if (TOKEN_ATTRIBUTE_KEY.equals(beforeName)) {
- String msg = "Attempt to change reserved token property " + beforeName;
+ String propertyName = after.getName();
+ if (TOKEN_ATTRIBUTE_KEY.equals(propertyName)) {
+ String msg = "Attempt to change reserved token property " + propertyName;
throw constraintViolation(61, msg);
- } else if (TOKEN_ATTRIBUTE_EXPIRY.equals(beforeName)) {
+ } else if (TOKEN_ATTRIBUTE_EXPIRY.equals(propertyName)) {
verifyCommitInfo();
- } else if (JcrConstants.JCR_PRIMARYTYPE.equals(beforeName)) {
+ } else if (JcrConstants.JCR_PRIMARYTYPE.equals(propertyName)) {
if (TOKEN_NT_NAME.equals(after.getValue(Type.STRING))) {
throw constraintViolation(62, "Changing primary type of existing node to the reserved token node type.");
}
@@ -164,7 +164,7 @@ class TokenValidatorProvider extends Val
verifyHierarchy(tokenTree.getPath());
Tree parent = tokenTree.getParent();
- if (!TOKENS_NODE_NAME.equals(parent.getName()) || !UserConstants.NT_REP_USER.equals(TreeUtil.getPrimaryTypeName(parent.getParent()))) {
+ if (!isTokensParent(parent) || !UserConstants.NT_REP_USER.equals(TreeUtil.getPrimaryTypeName(parent.getParent()))) {
throw constraintViolation(65, "Invalid location of token node.");
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenInfo.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenInfo.java?rev=1785836&r1=1785835&r2=1785836&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenInfo.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenInfo.java Tue Mar 7 12:52:04 2017
@@ -81,7 +81,7 @@ public interface TokenInfo {
* validated against the information stored in this instance; {@code false}
* otherwise.
*/
- boolean matches(TokenCredentials tokenCredentials);
+ boolean matches(@Nonnull TokenCredentials tokenCredentials);
/**
* Returns the private attributes stored with this info object.
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java?rev=1785836&r1=1785835&r2=1785836&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java Tue Mar 7 12:52:04 2017
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("1.4.0")
+@Version("1.4.1")
@Export(optional = "provide:=true")
package org.apache.jackrabbit.oak.spi.security.authentication.token;