You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by ju...@apache.org on 2013/12/19 18:08:17 UTC
svn commit: r1552356 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/core/
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/per...
Author: jukka
Date: Thu Dec 19 17:08:17 2013
New Revision: 1552356
URL: http://svn.apache.org/r1552356
Log:
OAK-1247: Non-deterministic access control test failures
Make PermissionValidator get the PermissionProvider from the before state
instead of from the commit info. This makes the permission checks more
deterministic and avoids the problem of commits from an unrefreshed
session being potentially evaluated against outdated permission settings.
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/CommitInfo.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AuthorizationConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/CompositeAuthorizationConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAuthorizationConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManager.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/TreePermissionImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/commit/BackgroundObserverTest.java
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/SessionContext.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java?rev=1552356&r1=1552355&r2=1552356&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java Thu Dec 19 17:08:17 2013
@@ -131,7 +131,10 @@ public abstract class AbstractRoot imple
private final LazyValue<PermissionProvider> permissionProvider = new LazyValue<PermissionProvider>() {
@Override
protected PermissionProvider createValue() {
- return getAcConfig().getPermissionProvider(AbstractRoot.this, subject.getPrincipals());
+ return getAcConfig().getPermissionProvider(
+ AbstractRoot.this,
+ getContentSession().getWorkspaceName(),
+ subject.getPrincipals());
}
};
@@ -271,10 +274,8 @@ public abstract class AbstractRoot imple
checkLive();
ContentSession session = getContentSession();
CommitInfo info = new CommitInfo(
- session.toString(),
- session.getAuthInfo().getUserID(),
- permissionProvider.get(), moveTracker, message);
- base = store.merge(builder, getCommitHook(path, info), info);
+ session.toString(), session.getAuthInfo().getUserID(), message);
+ base = store.merge(builder, getCommitHook(path), info);
secureBuilder.baseChanged();
modCount = 0;
if (permissionProvider.hasValue()) {
@@ -293,7 +294,7 @@ public abstract class AbstractRoot imple
* @return A commit hook combining repository global commit hook(s) with the pluggable hooks
* defined with the security modules and the padded {@code hooks}.
*/
- private CommitHook getCommitHook(@Nullable final String path, @Nonnull CommitInfo commitInfo) {
+ private CommitHook getCommitHook(@Nullable final String path) {
List<CommitHook> hooks = newArrayList();
if (path != null) {
@@ -317,7 +318,7 @@ public abstract class AbstractRoot imple
}
}
- List<? extends ValidatorProvider> validators = sc.getValidators(workspaceName, commitInfo);
+ List<? extends ValidatorProvider> validators = sc.getValidators(workspaceName, subject.getPrincipals(), moveTracker);
if (!validators.isEmpty()) {
hooks.add(new EditorHook(CompositeEditorProvider.compose(validators)));
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java?rev=1552356&r1=1552355&r2=1552356&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java Thu Dec 19 17:08:17 2013
@@ -39,7 +39,7 @@ import org.apache.jackrabbit.oak.securit
import org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidatorProvider;
import org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionProviderImpl;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
-import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
+import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
@@ -98,10 +98,10 @@ public class AuthorizationConfigurationI
}
@Override
- public List<ValidatorProvider> getValidators(String workspaceName, CommitInfo commitInfo) {
+ public List<ValidatorProvider> getValidators(String workspaceName, Set<Principal> principals, MoveTracker moveTracker) {
return ImmutableList.of(
new PermissionStoreValidatorProvider(),
- new PermissionValidatorProvider(getSecurityProvider(), commitInfo),
+ new PermissionValidatorProvider(getSecurityProvider(), workspaceName, principals, moveTracker),
new AccessControlValidatorProvider(getSecurityProvider()));
}
@@ -130,8 +130,8 @@ public class AuthorizationConfigurationI
@Nonnull
@Override
- public PermissionProvider getPermissionProvider(Root root, Set<Principal> principals) {
- return new PermissionProviderImpl(root, principals, this, permissionEntryCache.createLocalCache());
+ public PermissionProvider getPermissionProvider(Root root, String workspaceName, Set<Principal> principals) {
+ return new PermissionProviderImpl(root, workspaceName, principals, this, permissionEntryCache.createLocalCache());
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java?rev=1552356&r1=1552355&r2=1552356&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java Thu Dec 19 17:08:17 2013
@@ -57,11 +57,11 @@ public class PermissionProviderImpl impl
private ImmutableRoot immutableRoot;
- public PermissionProviderImpl(@Nonnull Root root, @Nonnull Set<Principal> principals,
+ public PermissionProviderImpl(@Nonnull Root root, @Nonnull String workspaceName, @Nonnull Set<Principal> principals,
@Nonnull AuthorizationConfiguration acConfig,
@Nonnull PermissionEntryCache.Local cache) {
this.root = root;
- this.workspaceName = root.getContentSession().getWorkspaceName();
+ this.workspaceName = workspaceName;
this.acConfig = acConfig;
immutableRoot = getImmutableRoot(root, acConfig);
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java?rev=1552356&r1=1552355&r2=1552356&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java Thu Dec 19 17:08:17 2013
@@ -16,12 +16,15 @@
*/
package org.apache.jackrabbit.oak.security.authorization.permission;
+import java.security.Principal;
+import java.util.Set;
+
import javax.annotation.Nonnull;
+import org.apache.jackrabbit.oak.core.ImmutableRoot;
import org.apache.jackrabbit.oak.core.ImmutableTree;
import org.apache.jackrabbit.oak.core.TreeTypeProviderImpl;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
-import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
@@ -45,14 +48,15 @@ public class PermissionValidatorProvider
private final AuthorizationConfiguration acConfig;
private final long jr2Permissions;
- private final CommitInfo commitInfo;
+ private final String workspaceName;
+ private final Set<Principal> principals;
private final MoveTracker moveTracker;
private ReadOnlyNodeTypeManager ntMgr;
private Context acCtx;
private Context userCtx;
- public PermissionValidatorProvider(SecurityProvider securityProvider, CommitInfo commitInfo) {
+ public PermissionValidatorProvider(SecurityProvider securityProvider, String workspaceName, Set<Principal> principals, MoveTracker moveTracker) {
this.securityProvider = securityProvider;
this.acConfig = securityProvider.getConfiguration(AuthorizationConfiguration.class);
@@ -60,8 +64,9 @@ public class PermissionValidatorProvider
String compatValue = params.getConfigValue(PermissionConstants.PARAM_PERMISSIONS_JR2, null, String.class);
jr2Permissions = Permissions.getPermissions(compatValue);
- this.commitInfo = commitInfo;
- moveTracker = commitInfo.getMoveTracker();
+ this.workspaceName = workspaceName;
+ this.principals = principals;
+ this.moveTracker = moveTracker;
}
//--------------------------------------------------< ValidatorProvider >---
@@ -70,9 +75,10 @@ public class PermissionValidatorProvider
public Validator getRootValidator(NodeState before, NodeState after) {
ntMgr = ReadOnlyNodeTypeManager.getInstance(after);
- PermissionProvider pp = getPermissionProvider();
ImmutableTree treeBefore = createTree(before);
ImmutableTree treeAfter = createTree(after);
+ PermissionProvider pp = acConfig.getPermissionProvider(
+ new ImmutableRoot(treeBefore), workspaceName, principals);
if (moveTracker.isEmpty()) {
return new PermissionValidator(treeBefore, treeAfter, pp, this);
@@ -110,7 +116,4 @@ public class PermissionValidatorProvider
return new ImmutableTree(root, new TreeTypeProviderImpl(getAccessControlContext()));
}
- private PermissionProvider getPermissionProvider() {
- return commitInfo.getPermissionProvider();
- }
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java?rev=1552356&r1=1552355&r2=1552356&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java Thu Dec 19 17:08:17 2013
@@ -16,8 +16,10 @@
*/
package org.apache.jackrabbit.oak.security.privilege;
+import java.security.Principal;
import java.util.Collections;
import java.util.List;
+import java.util.Set;
import javax.annotation.Nonnull;
@@ -27,7 +29,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
-import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
+import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
@@ -70,7 +72,7 @@ public class PrivilegeConfigurationImpl
@Nonnull
@Override
- public List<? extends ValidatorProvider> getValidators(String workspaceName, CommitInfo commitInfo) {
+ public List<? extends ValidatorProvider> getValidators(String workspaceName, Set<Principal> principals, MoveTracker moveTracker) {
return Collections.singletonList(new PrivilegeValidatorProvider());
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java?rev=1552356&r1=1552355&r2=1552356&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java Thu Dec 19 17:08:17 2013
@@ -16,8 +16,10 @@
*/
package org.apache.jackrabbit.oak.security.user;
+import java.security.Principal;
import java.util.Collections;
import java.util.List;
+import java.util.Set;
import javax.annotation.Nonnull;
@@ -27,7 +29,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.security.user.autosave.AutoSaveEnabledManager;
-import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
+import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
@@ -68,7 +70,7 @@ public class UserConfigurationImpl exten
@Nonnull
@Override
- public List<? extends ValidatorProvider> getValidators(String workspaceName, CommitInfo commitInfo) {
+ public List<? extends ValidatorProvider> getValidators(String workspaceName, Set<Principal> principals, MoveTracker moveTracker) {
return Collections.singletonList(new UserValidatorProvider(getParameters()));
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/CommitInfo.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/CommitInfo.java?rev=1552356&r1=1552355&r2=1552356&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/CommitInfo.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/CommitInfo.java Thu Dec 19 17:08:17 2013
@@ -16,7 +16,6 @@
* specific language governing permissions and limitations
* under the License.
*/
-
package org.apache.jackrabbit.oak.spi.commit;
import static com.google.common.base.Objects.toStringHelper;
@@ -26,8 +25,6 @@ import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
-import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
-
/**
* Commit info instances associate some meta data with a commit.
*/
@@ -39,31 +36,20 @@ public class CommitInfo {
private final String userId;
- private final PermissionProvider permissionProvider;
-
private final String message;
private final long date = System.currentTimeMillis();
- private final MoveTracker moveTracker;
-
/**
* Creates a commit info for the given session and user.
*
* @param sessionId session identifier
* @param userId The user id.
- * @param permissionProvider The permission provider associated with the
- * root that is committing changes.
- * @param moveTracker Information regarding move operations associated with this commit.
* @param message message attached to this commit, or {@code null}
*/
- public CommitInfo(@Nonnull String sessionId, @Nullable String userId,
- @Nonnull PermissionProvider permissionProvider,
- @Nonnull MoveTracker moveTracker, @Nullable String message) {
+ public CommitInfo(@Nonnull String sessionId, @Nullable String userId, @Nullable String message) {
this.sessionId = checkNotNull(sessionId);
this.userId = (userId == null) ? OAK_UNKNOWN : userId;
- this.permissionProvider = checkNotNull(permissionProvider);
- this.moveTracker = checkNotNull(moveTracker);
this.message = message;
}
@@ -83,16 +69,6 @@ public class CommitInfo {
return userId;
}
- @Nonnull
- public MoveTracker getMoveTracker() {
- return moveTracker;
- }
-
- @Nonnull
- public PermissionProvider getPermissionProvider() {
- return permissionProvider;
- }
-
/**
* @return message attached to this commit
*/
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java?rev=1552356&r1=1552355&r2=1552356&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java Thu Dec 19 17:08:17 2013
@@ -18,18 +18,22 @@
*/
package org.apache.jackrabbit.oak.spi.security;
+import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
+import java.util.Set;
+
import javax.annotation.Nonnull;
import com.google.common.base.Function;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
+
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
-import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
+import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.lifecycle.CompositeInitializer;
import org.apache.jackrabbit.oak.spi.lifecycle.CompositeWorkspaceInitializer;
@@ -122,11 +126,11 @@ public abstract class CompositeConfigura
@Nonnull
@Override
- public List<? extends ValidatorProvider> getValidators(final String workspaceName, final CommitInfo commitInfo) {
+ public List<? extends ValidatorProvider> getValidators(final String workspaceName, final Set<Principal> principals, final MoveTracker moveTracker) {
return ImmutableList.copyOf(Iterables.concat(Lists.transform(configurations, new Function<T, List<? extends ValidatorProvider>>() {
@Override
public List<? extends ValidatorProvider> apply(T securityConfiguration) {
- return securityConfiguration.getValidators(workspaceName, commitInfo);
+ return securityConfiguration.getValidators(workspaceName, principals, moveTracker);
}
})));
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java?rev=1552356&r1=1552355&r2=1552356&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java Thu Dec 19 17:08:17 2013
@@ -16,13 +16,15 @@
*/
package org.apache.jackrabbit.oak.spi.security;
+import java.security.Principal;
import java.util.Collections;
import java.util.List;
+import java.util.Set;
import javax.annotation.Nonnull;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
-import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
+import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
@@ -75,7 +77,7 @@ public interface SecurityConfiguration {
List<? extends CommitHook> getCommitHooks(String workspaceName);
@Nonnull
- List<? extends ValidatorProvider> getValidators(String workspaceName, CommitInfo commitInfo);
+ List<? extends ValidatorProvider> getValidators(String workspaceName, Set<Principal> principals, MoveTracker moveTracker);
@Nonnull
List<ProtectedItemImporter> getProtectedItemImporters();
@@ -122,7 +124,7 @@ public interface SecurityConfiguration {
@Nonnull
@Override
public List<? extends ValidatorProvider> getValidators(
- String workspaceName, CommitInfo commitInfo) {
+ String workspaceName, Set<Principal> principals, MoveTracker moveTracker) {
return Collections.emptyList();
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AuthorizationConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AuthorizationConfiguration.java?rev=1552356&r1=1552355&r2=1552356&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AuthorizationConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AuthorizationConfiguration.java Thu Dec 19 17:08:17 2013
@@ -43,5 +43,6 @@ public interface AuthorizationConfigurat
@Nonnull
PermissionProvider getPermissionProvider(@Nonnull Root root,
+ @Nonnull String workspaceName,
@Nonnull Set<Principal> principals);
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/CompositeAuthorizationConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/CompositeAuthorizationConfiguration.java?rev=1552356&r1=1552355&r2=1552356&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/CompositeAuthorizationConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/CompositeAuthorizationConfiguration.java Thu Dec 19 17:08:17 2013
@@ -80,7 +80,7 @@ public class CompositeAuthorizationConfi
@Nonnull
@Override
- public PermissionProvider getPermissionProvider(@Nonnull Root root, @Nonnull Set<Principal> principals) {
+ public PermissionProvider getPermissionProvider(@Nonnull Root root, @Nonnull String workspaceName, @Nonnull Set<Principal> principals) {
// TODO
throw new UnsupportedOperationException("not yet implemented.");
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAuthorizationConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAuthorizationConfiguration.java?rev=1552356&r1=1552355&r2=1552356&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAuthorizationConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAuthorizationConfiguration.java Thu Dec 19 17:08:17 2013
@@ -48,7 +48,7 @@ public class OpenAuthorizationConfigurat
@Nonnull
@Override
- public PermissionProvider getPermissionProvider(Root root, Set<Principal> principals) {
+ public PermissionProvider getPermissionProvider(Root root, String workspaceName, Set<Principal> principals) {
return OpenPermissionProvider.getInstance();
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManager.java?rev=1552356&r1=1552355&r2=1552356&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManager.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManager.java Thu Dec 19 17:08:17 2013
@@ -19,6 +19,7 @@ package org.apache.jackrabbit.oak.spi.se
import java.security.Principal;
import java.util.HashSet;
import java.util.Set;
+
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
@@ -52,6 +53,7 @@ public abstract class AbstractAccessCont
private static final Logger log = LoggerFactory.getLogger(AbstractAccessControlManager.class);
private final Root root;
+ private final String workspaceName;
private final NamePathMapper namePathMapper;
private final AuthorizationConfiguration config;
private final PrivilegeManager privilegeManager;
@@ -62,6 +64,7 @@ public abstract class AbstractAccessCont
@Nonnull NamePathMapper namePathMapper,
@Nonnull SecurityProvider securityProvider) {
this.root = root;
+ this.workspaceName = root.getContentSession().getWorkspaceName();
this.namePathMapper = namePathMapper;
privilegeManager = securityProvider.getConfiguration(PrivilegeConfiguration.class).getPrivilegeManager(root, namePathMapper);
@@ -99,7 +102,7 @@ public abstract class AbstractAccessCont
if (getPrincipals().equals(principals)) {
return hasPrivileges(absPath, privileges);
} else {
- PermissionProvider provider = config.getPermissionProvider(root, principals);
+ PermissionProvider provider = config.getPermissionProvider(root, workspaceName, principals);
return hasPrivileges(absPath, privileges, provider, Permissions.READ_ACCESS_CONTROL, false);
}
}
@@ -109,7 +112,7 @@ public abstract class AbstractAccessCont
if (getPrincipals().equals(principals)) {
return getPrivileges(absPath);
} else {
- PermissionProvider provider = config.getPermissionProvider(root, principals);
+ PermissionProvider provider = config.getPermissionProvider(root, workspaceName, principals);
return getPrivileges(absPath, provider, Permissions.READ_ACCESS_CONTROL);
}
}
@@ -173,7 +176,7 @@ public abstract class AbstractAccessCont
@Nonnull
protected PermissionProvider getPermissionProvider() {
if (permissionProvider == null) {
- permissionProvider = config.getPermissionProvider(root, getPrincipals());
+ permissionProvider = config.getPermissionProvider(root, workspaceName, getPrincipals());
} else {
permissionProvider.refresh();
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java?rev=1552356&r1=1552355&r2=1552356&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java Thu Dec 19 17:08:17 2013
@@ -102,7 +102,7 @@ public class PermissionProviderImplTest
}
private PermissionProvider createPermissionProvider(ContentSession session) {
- return config.getPermissionProvider(session.getLatestRoot(), session.getAuthInfo().getPrincipals());
+ return config.getPermissionProvider(session.getLatestRoot(), session.getWorkspaceName(), session.getAuthInfo().getPrincipals());
}
@Test
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java?rev=1552356&r1=1552355&r2=1552356&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.java Thu Dec 19 17:08:17 2013
@@ -88,7 +88,7 @@ public class PermissionStoreTest extends
}
private PermissionProvider createPermissionProvider() {
- return acConfig.getPermissionProvider(testRoot, testSession.getAuthInfo().getPrincipals());
+ return acConfig.getPermissionProvider(testRoot, testSession.getWorkspaceName(), testSession.getAuthInfo().getPrincipals());
}
@Test
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/TreePermissionImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/TreePermissionImplTest.java?rev=1552356&r1=1552355&r2=1552356&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/TreePermissionImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/TreePermissionImplTest.java Thu Dec 19 17:08:17 2013
@@ -65,7 +65,7 @@ public class TreePermissionImplTest exte
private TreePermission getTreePermission(String path) throws Exception {
ContentSession testSession = createTestSession();
- PermissionProvider pp = config.getPermissionProvider(testSession.getLatestRoot(), testSession.getAuthInfo().getPrincipals());
+ PermissionProvider pp = config.getPermissionProvider(testSession.getLatestRoot(), testSession.getWorkspaceName(), testSession.getAuthInfo().getPrincipals());
return pp.getTreePermission(root.getTree(path), TreePermission.EMPTY);
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/commit/BackgroundObserverTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/commit/BackgroundObserverTest.java?rev=1552356&r1=1552355&r2=1552356&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/commit/BackgroundObserverTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/commit/BackgroundObserverTest.java Thu Dec 19 17:08:17 2013
@@ -35,14 +35,14 @@ import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import com.google.common.collect.Lists;
+
import org.apache.jackrabbit.oak.api.Type;
-import org.apache.jackrabbit.oak.spi.security.authorization.permission.OpenPermissionProvider;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.junit.Test;
public class BackgroundObserverTest {
- private static final CommitInfo COMMIT_INFO = new CommitInfo
- ("no-session", null, OpenPermissionProvider.getInstance(), new MoveTracker(), null);
+ private static final CommitInfo COMMIT_INFO =
+ new CommitInfo("no-session", null, null);
private final List<List<Runnable>> assertionLists = Lists.newArrayList();
private CountDownLatch doneCounter;
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/SessionContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/SessionContext.java?rev=1552356&r1=1552355&r2=1552356&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/SessionContext.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/SessionContext.java Thu Dec 19 17:08:17 2013
@@ -423,7 +423,7 @@ public class SessionContext implements N
if (permissionProvider == null) {
permissionProvider = checkNotNull(securityProvider)
.getConfiguration(AuthorizationConfiguration.class)
- .getPermissionProvider(delegate.getRoot(), delegate.getAuthInfo().getPrincipals());
+ .getPermissionProvider(delegate.getRoot(), delegate.getWorkspaceName(), delegate.getAuthInfo().getPrincipals());
}
return permissionProvider;
}