You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/10/18 20:51:20 UTC
svn commit: r1399780 [2/2] - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/security/
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/
oak-core/src/main/java/org/apache/jackrabbit/oak/security/...
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java Thu Oct 18 18:51:18 2012
@@ -26,9 +26,8 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
-import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
/**
* UserConfigurationImpl... TODO
@@ -36,9 +35,11 @@ import org.apache.jackrabbit.oak.spi.sec
public class UserConfigurationImpl implements UserConfiguration {
private final ConfigurationParameters config;
+ private final SecurityProvider securityProvider;
- public UserConfigurationImpl(ConfigurationParameters config) {
+ public UserConfigurationImpl(ConfigurationParameters config, SecurityProvider securityProvider) {
this.config = config;
+ this.securityProvider = securityProvider;
}
@Nonnull
@@ -48,25 +49,18 @@ public class UserConfigurationImpl imple
}
@Override
- public UserProvider getUserProvider(Root root) {
- return new UserProviderImpl(root, config);
- }
-
- @Override
- public MembershipProvider getMembershipProvider(Root root) {
- return new MembershipProviderImpl(root, config);
- }
-
- @Override
public List<ValidatorProvider> getValidatorProviders() {
ValidatorProvider vp = new UserValidatorProvider(getConfigurationParameters());
return Collections.singletonList(vp);
}
@Override
- public UserManager getUserManager(Session session, Root root, NamePathMapper namePathMapper) {
- UserProvider up = getUserProvider(root);
- MembershipProvider mp = getMembershipProvider(root);
- return new UserManagerImpl(session, namePathMapper, up, mp, config);
+ public UserManager getUserManager(Root root, NamePathMapper namePathMapper, Session session) {
+ return new UserManagerImpl(session, root, namePathMapper, securityProvider);
+ }
+
+ @Override
+ public UserManager getUserManager(Root root, NamePathMapper namePathMapper) {
+ return new UserManagerImpl(null, root, namePathMapper, securityProvider);
}
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java Thu Oct 18 18:51:18 2012
@@ -17,20 +17,26 @@
package org.apache.jackrabbit.oak.security.user;
import java.security.Principal;
+import javax.annotation.CheckForNull;
import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
-import javax.jcr.UnsupportedRepositoryOperationException;
import org.apache.jackrabbit.api.security.user.Impersonation;
import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.security.principal.AdminPrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.principal.TreeBasedPrincipal;
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
+import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
+import org.apache.jackrabbit.oak.util.NodeUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import static org.apache.jackrabbit.oak.api.Type.STRING;
+
/**
* UserImpl...
*/
@@ -45,11 +51,12 @@ class UserImpl extends AuthorizableImpl
UserImpl(String id, Tree tree, UserManagerImpl userManager) throws RepositoryException {
super(id, tree, userManager);
- isAdmin = userManager.getUserProvider().isAdminUser(tree);
+
+ isAdmin = UserUtility.getAdminId(userManager.getConfig()).equals(id);
}
void checkValidTree(Tree tree) throws RepositoryException {
- if (tree == null || !getUserProvider().isAuthorizableType(tree, AuthorizableType.USER)) {
+ if (tree == null || !UserUtility.isType(tree, AuthorizableType.USER)) {
throw new IllegalArgumentException("Invalid user node: node type rep:User expected.");
}
}
@@ -69,7 +76,7 @@ class UserImpl extends AuthorizableImpl
@Override
public Principal getPrincipal() throws RepositoryException {
Tree userTree = getTree();
- String principalName = getUserProvider().getPrincipalName(userTree);
+ String principalName = getPrincipalName(userTree);
if (isAdmin()) {
return new AdminPrincipalImpl(principalName, userTree, getUserManager().getNamePathMapper());
} else {
@@ -92,8 +99,8 @@ class UserImpl extends AuthorizableImpl
* @see org.apache.jackrabbit.api.security.user.User#getCredentials()
*/
@Override
- public Credentials getCredentials() throws RepositoryException {
- throw new UnsupportedRepositoryOperationException("Not implemented.");
+ public Credentials getCredentials() {
+ return new CredentialsImpl(getID(), getPasswordHash());
}
/**
@@ -101,7 +108,7 @@ class UserImpl extends AuthorizableImpl
*/
@Override
public Impersonation getImpersonation() throws RepositoryException {
- return getUserProvider().getImpersonation(getTree(), getUserManager().getPrincipalProvider());
+ return new ImpersonationImpl(this);
}
/**
@@ -114,7 +121,7 @@ class UserImpl extends AuthorizableImpl
}
UserManagerImpl userManager = getUserManager();
userManager.onPasswordChange(this, password);
- getUserProvider().setPassword(getTree(), password, true);
+ userManager.setPassword(getTree(), password, true);
}
/**
@@ -123,7 +130,7 @@ class UserImpl extends AuthorizableImpl
@Override
public void changePassword(String password, String oldPassword) throws RepositoryException {
// make sure the old password matches.
- String pwHash = getUserProvider().getPasswordHash(getTree());
+ String pwHash = getPasswordHash();
if (!PasswordUtility.isSame(pwHash, oldPassword)) {
throw new RepositoryException("Failed to change password: Old password does not match.");
}
@@ -135,7 +142,18 @@ class UserImpl extends AuthorizableImpl
*/
@Override
public void disable(String reason) throws RepositoryException {
- getUserProvider().disable(getTree(), reason);
+ if (isAdmin) {
+ throw new RepositoryException("The administrator user cannot be disabled.");
+ }
+ Tree tree = getTree();
+ if (reason == null) {
+ if (tree.hasProperty(REP_DISABLED)) {
+ // enable the user again.
+ tree.removeProperty(REP_DISABLED);
+ } // else: not disabled -> nothing to
+ } else {
+ tree.setProperty(REP_DISABLED, reason);
+ }
}
/**
@@ -143,7 +161,7 @@ class UserImpl extends AuthorizableImpl
*/
@Override
public boolean isDisabled() throws RepositoryException {
- return getUserProvider().isDisabled(getTree());
+ return getTree().hasProperty(REP_DISABLED);
}
/**
@@ -151,6 +169,18 @@ class UserImpl extends AuthorizableImpl
*/
@Override
public String getDisabledReason() throws RepositoryException {
- return getUserProvider().getDisableReason(getTree());
+ PropertyState disabled = getTree().getProperty(REP_DISABLED);
+ if (disabled != null) {
+ return disabled.getValue(STRING);
+ } else {
+ return null;
+ }
+ }
+
+ //--------------------------------------------------------------------------
+ @CheckForNull
+ private String getPasswordHash() {
+ NodeUtil n = new NodeUtil(getTree());
+ return n.getString(UserConstants.REP_PASSWORD, null);
}
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java Thu Oct 18 18:51:18 2012
@@ -16,6 +16,8 @@
*/
package org.apache.jackrabbit.oak.security.user;
+import java.io.UnsupportedEncodingException;
+import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.Iterator;
import javax.annotation.CheckForNull;
@@ -24,29 +26,32 @@ import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.UnsupportedRepositoryOperationException;
-import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.Query;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.security.principal.PrincipalManagerImpl;
import org.apache.jackrabbit.oak.security.user.query.XPathQueryBuilder;
import org.apache.jackrabbit.oak.security.user.query.XPathQueryEvaluator;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
-import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
+import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
+import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import static com.google.common.base.Preconditions.checkNotNull;
+
/**
* UserManagerImpl...
*/
@@ -55,20 +60,27 @@ public class UserManagerImpl implements
private static final Logger log = LoggerFactory.getLogger(UserManagerImpl.class);
private final Session session;
+ private final Root root;
private final NamePathMapper namePathMapper;
+ private final SecurityProvider securityProvider;
private final UserProvider userProvider;
private final MembershipProvider membershipProvider;
private final ConfigurationParameters config;
+ private final AuthorizableAction[] authorizableActions;
- public UserManagerImpl(Session session, NamePathMapper namePathMapper,
- UserProvider userProvider, MembershipProvider membershipProvider,
- ConfigurationParameters config) {
+ public UserManagerImpl(Session session, Root root, NamePathMapper namePathMapper,
+ SecurityProvider securityProvider) {
this.session = session;
+ this.root = root;
this.namePathMapper = namePathMapper;
- this.userProvider = userProvider;
- this.membershipProvider = membershipProvider;
- this.config = config;
+ this.securityProvider = securityProvider;
+
+ UserConfiguration uc = securityProvider.getUserConfiguration();
+ this.config = uc.getConfigurationParameters();
+ this.userProvider = new UserProvider(root, config);
+ this.membershipProvider = new MembershipProvider(root, config);
+ this.authorizableActions = config.getConfigValue(UserConstants.PARAM_AUTHORIZABLE_ACTIONS, new AuthorizableAction[0]);
}
//--------------------------------------------------------< UserManager >---
@@ -126,9 +138,14 @@ public class UserManagerImpl implements
@Override
public Iterator<Authorizable> findAuthorizables(Query query) throws RepositoryException {
checkIsLive();
- XPathQueryBuilder builder = new XPathQueryBuilder();
- query.build(builder);
- return new XPathQueryEvaluator(builder, this, session.getWorkspace().getQueryManager(), namePathMapper).eval();
+ if (session != null) {
+ XPathQueryBuilder builder = new XPathQueryBuilder();
+ query.build(builder);
+ return new XPathQueryEvaluator(builder, this, session.getWorkspace().getQueryManager(), namePathMapper).eval();
+ } else {
+ // TODO: implement
+ throw new UnsupportedOperationException("not implemented");
+ }
}
@Override
@@ -154,7 +171,7 @@ public class UserManagerImpl implements
Tree userTree = userProvider.createUser(userID, intermediatePath);
setPrincipal(userTree, principal);
if (password != null) {
- userProvider.setPassword(userTree, password, true);
+ setPassword(userTree, password, true);
}
User user = new UserImpl(userID, userTree, this);
@@ -239,7 +256,8 @@ public class UserManagerImpl implements
* @throws RepositoryException If an exception occurs.
*/
void onCreate(User user, String password) throws RepositoryException {
- for (AuthorizableAction action : getAuthorizableActions()) {
+ // TODO
+ for (AuthorizableAction action : authorizableActions) {
action.onCreate(user, password, session);
}
}
@@ -253,7 +271,8 @@ public class UserManagerImpl implements
* @throws RepositoryException If an exception occurs.
*/
void onCreate(Group group) throws RepositoryException {
- for (AuthorizableAction action : getAuthorizableActions()) {
+ // TODO
+ for (AuthorizableAction action : authorizableActions) {
action.onCreate(group, session);
}
}
@@ -267,7 +286,8 @@ public class UserManagerImpl implements
* @throws RepositoryException If an exception occurs.
*/
void onRemove(Authorizable authorizable) throws RepositoryException {
- for (AuthorizableAction action : getAuthorizableActions()) {
+ // TODO
+ for (AuthorizableAction action : authorizableActions) {
action.onRemove(authorizable, session);
}
}
@@ -282,22 +302,35 @@ public class UserManagerImpl implements
* @throws RepositoryException If an exception occurs.
*/
void onPasswordChange(User user, String password) throws RepositoryException {
- for (AuthorizableAction action : getAuthorizableActions()) {
+ // TODO
+ for (AuthorizableAction action : authorizableActions) {
action.onPasswordChange(user, password, session);
}
}
- private AuthorizableAction[] getAuthorizableActions() {
- return config.getConfigValue(UserConstants.PARAM_AUTHORIZABLE_ACTIONS, new AuthorizableAction[0]);
- }
-
//--------------------------------------------------------------------------
+ @CheckForNull
+ Node getAuthorizableNode(String id) throws RepositoryException {
+ if (session == null) {
+ return null;
+ }
- Node getAuthorizableNode(String oakPath) throws RepositoryException {
- String jcrPath = getNamePathMapper().getJcrPath(oakPath);
+ Tree tree = userProvider.getAuthorizable(id);
+ if (tree == null) {
+ throw new RepositoryException("Authorizable not associated with an existing tree");
+ }
+ String jcrPath = getNamePathMapper().getJcrPath(tree.getPath());
return session.getNode(jcrPath);
}
+ AuthorizableProperties getAuthorizableProperties(String id) throws RepositoryException {
+ if (session != null) {
+ return new JcrAuthorizableProperties(getAuthorizableNode(id), namePathMapper);
+ } else {
+ return new OakAuthorizableProperties(userProvider, id, namePathMapper);
+ }
+ }
+
NamePathMapper getNamePathMapper() {
return namePathMapper;
}
@@ -311,11 +344,11 @@ public class UserManagerImpl implements
}
PrincipalProvider getPrincipalProvider() throws RepositoryException {
- if (!(session instanceof JackrabbitSession)) {
- throw new UnsupportedRepositoryOperationException("Principal management not supported");
- }
- JackrabbitSession js = (JackrabbitSession) session;
- return ((PrincipalManagerImpl) js.getPrincipalManager()).getPrincipalProvider();
+ return securityProvider.getPrincipalConfiguration().getPrincipalProvider(root, namePathMapper);
+ }
+
+ ConfigurationParameters getConfig() {
+ return config;
}
@CheckForNull
@@ -331,9 +364,9 @@ public class UserManagerImpl implements
if (id == null || tree == null) {
return null;
}
- if (userProvider.isAuthorizableType(tree, AuthorizableType.USER)) {
+ if (UserUtility.isType(tree, AuthorizableType.USER)) {
return new UserImpl(userProvider.getAuthorizableId(tree), tree, this);
- } else if (userProvider.isAuthorizableType(tree, AuthorizableType.GROUP)) {
+ } else if (UserUtility.isType(tree, AuthorizableType.GROUP)) {
return new GroupImpl(userProvider.getAuthorizableId(tree), tree, this);
} else {
throw new RepositoryException("Not a user or group tree " + tree.getPath() + '.');
@@ -357,12 +390,29 @@ public class UserManagerImpl implements
}
}
- private void setPrincipal(Tree userTree, Principal principal) throws RepositoryException {
- getUserProvider().setPrincipalName(userTree, principal.getName());
+ void setPassword(Tree userTree, String password, boolean forceHash) throws RepositoryException {
+ String pwHash;
+ if (forceHash || PasswordUtility.isPlainTextPassword(password)) {
+ try {
+ pwHash = PasswordUtility.buildPasswordHash(password, config);
+ } catch (NoSuchAlgorithmException e) {
+ throw new RepositoryException(e);
+ } catch (UnsupportedEncodingException e) {
+ throw new RepositoryException(e);
+ }
+ } else {
+ pwHash = password;
+ }
+ userTree.setProperty(UserConstants.REP_PASSWORD, pwHash);
+ }
+
+ private void setPrincipal(Tree authorizableTree, Principal principal) {
+ checkNotNull(principal);
+ authorizableTree.setProperty(UserConstants.REP_PRINCIPAL_NAME, principal.getName());
}
private void checkIsLive() throws RepositoryException {
- if (!session.isLive()) {
+ if (session != null && !session.isLive()) {
throw new RepositoryException("UserManager has been closed.");
}
}
Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java (from r1399538, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java&r1=1399538&r2=1399780&rev=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java Thu Oct 18 18:51:18 2012
@@ -16,18 +16,17 @@
*/
package org.apache.jackrabbit.oak.security.user;
-import java.io.UnsupportedEncodingException;
-import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.text.ParseException;
import java.util.Collections;
import java.util.Iterator;
+import javax.annotation.CheckForNull;
+import javax.annotation.Nonnull;
import javax.jcr.RepositoryException;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.jcr.query.Query;
import org.apache.jackrabbit.JcrConstants;
-import org.apache.jackrabbit.api.security.user.Impersonation;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Result;
import org.apache.jackrabbit.oak.api.ResultRow;
@@ -36,12 +35,9 @@ import org.apache.jackrabbit.oak.api.Tre
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.query.PropertyValues;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
-import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.apache.jackrabbit.oak.spi.security.principal.TreeBasedPrincipal;
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
-import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.util.Text;
@@ -145,12 +141,12 @@ import static org.apache.jackrabbit.oak.
*
* TODO
*/
-class UserProviderImpl extends AuthorizableBaseProvider implements UserProvider {
+class UserProvider extends AuthorizableBaseProvider {
/**
* logger instance
*/
- private static final Logger log = LoggerFactory.getLogger(UserProviderImpl.class);
+ private static final Logger log = LoggerFactory.getLogger(UserProvider.class);
private static final String DELIMITER = "/";
@@ -159,7 +155,7 @@ class UserProviderImpl extends Authoriza
private final String groupPath;
private final String userPath;
- UserProviderImpl(Root root, ConfigurationParameters config) {
+ UserProvider(Root root, ConfigurationParameters config) {
super(root, config);
defaultDepth = config.getConfigValue(PARAM_DEFAULT_DEPTH, DEFAULT_DEPTH);
@@ -169,32 +165,27 @@ class UserProviderImpl extends Authoriza
}
//-------------------------------------------------------< UserProvider >---
- @Override
+ @Nonnull
public Tree createUser(String userID, String intermediateJcrPath) throws RepositoryException {
return createAuthorizableNode(userID, false, intermediateJcrPath);
}
- @Override
+ @Nonnull
public Tree createGroup(String groupID, String intermediateJcrPath) throws RepositoryException {
return createAuthorizableNode(groupID, true, intermediateJcrPath);
}
- @Override
+ @CheckForNull
public Tree getAuthorizable(String authorizableId) {
return getByID(authorizableId, AuthorizableType.AUTHORIZABLE);
}
- @Override
- public Tree getAuthorizable(String authorizableId, AuthorizableType authorizableType) {
- return getByID(authorizableId, authorizableType);
- }
-
- @Override()
+ @CheckForNull
public Tree getAuthorizableByPath(String authorizableOakPath) {
return getByPath(authorizableOakPath);
}
- @Override
+ @CheckForNull
public Tree getAuthorizableByPrincipal(Principal principal) {
if (principal instanceof TreeBasedPrincipal) {
return root.getTree(((TreeBasedPrincipal) principal).getOakPath());
@@ -225,10 +216,10 @@ class UserProviderImpl extends Authoriza
return null;
}
- @Override
+ @CheckForNull
public String getAuthorizableId(Tree authorizableTree) {
checkNotNull(authorizableTree);
- if (UserUtility.isAuthorizableTree(authorizableTree, AuthorizableType.AUTHORIZABLE)) {
+ if (UserUtility.isType(authorizableTree, AuthorizableType.AUTHORIZABLE)) {
PropertyState idProp = authorizableTree.getProperty(UserConstants.REP_AUTHORIZABLE_ID);
if (idProp != null) {
return idProp.getValue(STRING);
@@ -239,112 +230,37 @@ class UserProviderImpl extends Authoriza
return null;
}
- @Override
+ /**
+ * Find the authorizable trees matching the following search parameters within
+ * the sub-tree defined by an authorizable tree:
+ *
+ * @param propertyRelPaths An array of property names or relative paths
+ * pointing to properties within the tree defined by a given authorizable node.
+ * @param value The property value to look for.
+ * @param ntNames An array of node type names to restrict the search within
+ * the authorizable tree to a subset of nodes that match any of the node
+ * type names; {@code null} indicates that no filtering by node type is
+ * desired. Specifying a node type name that defines an authorizable node
+ * )e.g. {@link UserConstants#NT_REP_USER rep:User} will limit the search to
+ * properties defined with the authorizable node itself instead of searching
+ * the complete sub-tree.
+ * @param exact A boolean flag indicating if the value must match exactly or not.s
+ * @param maxSize The maximal number of search results to look for.
+ * @param authorizableType Filter the search results to only return authorizable
+ * trees of a given type. Passing {@link AuthorizableType#AUTHORIZABLE} indicates that
+ * no filtering for a specific authorizable type is desired. However, properties
+ * might still be search in the complete sub-tree of authorizables depending
+ * on the other query parameters.
+ * @return An iterator of authorizable trees that match the specified
+ * search parameters and filters or an empty iterator if no result can be
+ * found.
+ */
+ @Nonnull
public Iterator<Tree> findAuthorizables(String[] propertyRelPaths, String value, String[] ntNames, boolean exact, long maxSize, AuthorizableType authorizableType) {
// TODO
throw new UnsupportedOperationException("not yet implemented");
}
- @Override
- public boolean isAuthorizableType(Tree authorizableTree, AuthorizableType authorizableType) {
- return UserUtility.isAuthorizableTree(authorizableTree, authorizableType);
- }
-
- @Override
- public boolean isAdminUser(Tree userTree) {
- checkNotNull(userTree);
- return isAuthorizableType(userTree, AuthorizableType.USER) && UserUtility.getAdminId(config).equals(getAuthorizableId(userTree));
- }
-
- @Override
- public String getPasswordHash(Tree userTree) {
- checkNotNull(userTree);
-
- NodeUtil n = new NodeUtil(userTree);
- return n.getString(UserConstants.REP_PASSWORD, null);
- }
-
- @Override
- public void setPassword(Tree userTree, String password, boolean forceHash) throws RepositoryException {
- String pwHash;
- if (forceHash || PasswordUtility.isPlainTextPassword(password)) {
- try {
- pwHash = PasswordUtility.buildPasswordHash(password, config);
- } catch (NoSuchAlgorithmException e) {
- throw new RepositoryException(e);
- } catch (UnsupportedEncodingException e) {
- throw new RepositoryException(e);
- }
- } else {
- pwHash = password;
- }
- setProtectedProperty(userTree, UserConstants.REP_PASSWORD, pwHash);
- }
-
- @Override
- public String getPrincipalName(Tree authorizableTree) throws RepositoryException {
- checkNotNull(authorizableTree);
-
- String principalName;
- if (authorizableTree.hasProperty(REP_PRINCIPAL_NAME)) {
- return authorizableTree.getProperty(REP_PRINCIPAL_NAME).getValue(STRING);
- } else {
- String msg = "Authorizable without principal name " + getAuthorizableId(authorizableTree);
- log.warn(msg);
- throw new RepositoryException(msg);
- }
- }
-
- @Override
- public void setPrincipalName(Tree authorizableTree, String principalName) throws RepositoryException {
- checkNotNull(authorizableTree);
- checkNotNull(principalName);
-
- setProtectedProperty(authorizableTree, UserConstants.REP_PRINCIPAL_NAME, principalName);
- }
-
- @Override
- public Impersonation getImpersonation(Tree userTree, PrincipalProvider principalProvider) {
- // FIXME: for login the impersonation could be based on the tree directly -> improve
- return new ImpersonationImpl(getAuthorizableId(userTree), this, principalProvider);
- }
-
- @Override
- public boolean isDisabled(Tree userTree) {
- checkNotNull(userTree);
-
- return userTree.hasProperty(REP_DISABLED);
- }
-
- @Override
- public String getDisableReason(Tree userTree) {
- checkNotNull(userTree);
-
- PropertyState disabled = userTree.getProperty(REP_DISABLED);
- if (disabled != null) {
- return disabled.getValue(STRING);
- } else {
- return null;
- }
- }
-
- @Override
- public void disable(Tree userTree, String reason) throws RepositoryException {
- checkNotNull(userTree);
-
- if (isAdminUser(userTree)) {
- throw new RepositoryException("The administrator user cannot be disabled.");
- }
- if (reason == null) {
- if (isDisabled(userTree)) {
- // enable the user again.
- setProtectedProperty(userTree, REP_DISABLED, null);
- } // else: not disabled -> nothing to
- } else {
- setProtectedProperty(userTree, REP_DISABLED, reason);
- }
- }
-
//------------------------------------------------------------< private >---
private Tree createAuthorizableNode(String authorizableId, boolean isGroup, String intermediatePath) throws RepositoryException {
@@ -445,12 +361,4 @@ class UserProviderImpl extends Authoriza
}
return sb.toString();
}
-
- private void setProtectedProperty(Tree authorizableTree, String propertyName, String value) {
- if (value == null) {
- authorizableTree.removeProperty(propertyName);
- } else {
- authorizableTree.setProperty(propertyName, value);
- }
- }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java Thu Oct 18 18:51:18 2012
@@ -67,7 +67,7 @@ class UserValidator extends DefaultValid
fail(msg);
}
- if (UserUtility.isAuthorizableTree(parentBefore.getTree(), AuthorizableType.USER)
+ if (UserUtility.isType(parentBefore.getTree(), AuthorizableType.USER)
&& REP_PASSWORD.equals(name)
&& PasswordUtility.isPlainTextPassword(after.getValue(Type.STRING))) {
String msg = "Password may not be plain text.";
@@ -146,7 +146,7 @@ class UserValidator extends DefaultValid
// FIXME: copied from UserProvider#isAdminUser
private boolean isAdminUser(NodeUtil userNode) {
String id = (userNode.getString(REP_AUTHORIZABLE_ID, Text.unescapeIllegalJcrChars(userNode.getName())));
- return UserUtility.isAuthorizableTree(userNode.getTree(), AuthorizableType.USER) &&
+ return UserUtility.isType(userNode.getTree(), AuthorizableType.USER) &&
UserUtility.getAdminId(provider.getConfig()).equals(id);
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidatorProvider.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidatorProvider.java Thu Oct 18 18:51:18 2012
@@ -22,7 +22,6 @@ import org.apache.jackrabbit.oak.core.Re
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.util.NodeUtil;
@@ -34,7 +33,6 @@ import static com.google.common.base.Pre
class UserValidatorProvider implements ValidatorProvider {
private final ConfigurationParameters config;
- private UserProvider userProvider;
UserValidatorProvider(ConfigurationParameters config) {
this.config = checkNotNull(config);
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java Thu Oct 18 18:51:18 2012
@@ -31,6 +31,7 @@ import javax.security.auth.callback.Unsu
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
+import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
@@ -39,9 +40,8 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authentication.callback.PrincipalProviderCallback;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.RepositoryCallback;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.SecurityProviderCallback;
-import org.apache.jackrabbit.oak.spi.security.authentication.callback.UserProviderCallback;
+import org.apache.jackrabbit.oak.spi.security.authentication.callback.UserManagerCallback;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -115,8 +115,8 @@ import org.slf4j.LoggerFactory;
* authenticate the subject as well as to write back information during
* {@link #commit()}.</li>
*
- * <li>{@link #getUserProvider()}: Returns an instance of the configured
- * {@link UserProvider} or {@code null}.</li>
+ * <li>{@link #getUserManager()}: Returns an instance of the configured
+ * {@link UserManager} or {@code null}.</li>
*
* <li>{@link #getPrincipalProvider()}: Returns an instance of the configured
* principal provider or {@code null}.</li>
@@ -317,19 +317,19 @@ public abstract class AbstractLoginModul
}
@CheckForNull
- protected UserProvider getUserProvider() {
- UserProvider userProvider = null;
+ protected UserManager getUserManager() {
+ UserManager userManager = null;
SecurityProvider sp = getSecurityProvider();
Root root = getRoot();
if (root != null && sp != null) {
- userProvider = sp.getUserConfiguration().getUserProvider(root);
+ userManager = sp.getUserConfiguration().getUserManager(root, NamePathMapper.DEFAULT);
}
- if (userProvider == null && callbackHandler != null) {
+ if (userManager == null && callbackHandler != null) {
try {
- UserProviderCallback userCallBack = new UserProviderCallback();
+ UserManagerCallback userCallBack = new UserManagerCallback();
callbackHandler.handle(new Callback[] {userCallBack});
- userProvider = userCallBack.getUserProvider();
+ userManager = userCallBack.getUserManager();
} catch (IOException e) {
log.debug(e.getMessage());
} catch (UnsupportedCallbackException e) {
@@ -337,7 +337,7 @@ public abstract class AbstractLoginModul
}
}
- return userProvider;
+ return userManager;
}
@CheckForNull
Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserManagerCallback.java (from r1399538, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserProviderCallback.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserManagerCallback.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserManagerCallback.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserProviderCallback.java&r1=1399538&r2=1399780&rev=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserProviderCallback.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/callback/UserManagerCallback.java Thu Oct 18 18:51:18 2012
@@ -18,36 +18,36 @@ package org.apache.jackrabbit.oak.spi.se
import javax.security.auth.callback.Callback;
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
+import org.apache.jackrabbit.api.security.user.UserManager;
/**
- * Callback implementation used to pass a {@link UserProvider} to the
+ * Callback implementation used to pass a {@link UserManager} to the
* login module.
*/
-public class UserProviderCallback implements Callback {
+public class UserManagerCallback implements Callback {
- private UserProvider userProvider;
+ private UserManager userManager;
/**
* Returns the user provider as set using
- * {@link #setUserProvider(org.apache.jackrabbit.oak.spi.security.user.UserProvider)}
+ * {@link #setUserManager(org.apache.jackrabbit.api.security.user.UserManager)}
* or {@code null}.
*
- * @return an instance of {@code UserProvider} or {@code null} if no
+ * @return an instance of {@code UserManager} or {@code null} if no
* provider has been set before.
*/
- public UserProvider getUserProvider() {
- return userProvider;
+ public UserManager getUserManager() {
+ return userManager;
}
/**
- * Sets the {@code UserProvider} that is being used during the
+ * Sets the {@code UserManager} that is being used during the
* authentication process.
*
- * @param userProvider The user provider to use during the
+ * @param userManager The user provider to use during the
* authentication process.
*/
- public void setUserProvider(UserProvider userProvider) {
- this.userProvider = userProvider;
+ public void setUserManager(UserManager userManager) {
+ this.userManager = userManager;
}
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfiguration.java Thu Oct 18 18:51:18 2012
@@ -35,14 +35,11 @@ public interface UserConfiguration {
ConfigurationParameters getConfigurationParameters();
@Nonnull
- UserProvider getUserProvider(Root root);
-
- @Nonnull
- MembershipProvider getMembershipProvider(Root root);
+ List<ValidatorProvider> getValidatorProviders();
@Nonnull
- List<ValidatorProvider> getValidatorProviders();
+ UserManager getUserManager(Root root, NamePathMapper namePathMapper, Session session);
@Nonnull
- UserManager getUserManager(Session session, Root root, NamePathMapper namePathMapper);
+ UserManager getUserManager(Root root, NamePathMapper namePathMapper);
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/util/UserUtility.java Thu Oct 18 18:51:18 2012
@@ -42,10 +42,10 @@ public final class UserUtility implement
}
public static boolean isAuthorizableTree(Tree authorizableTree) {
- return isAuthorizableTree(authorizableTree, AuthorizableType.AUTHORIZABLE);
+ return isType(authorizableTree, AuthorizableType.AUTHORIZABLE);
}
- public static boolean isAuthorizableTree(Tree authorizableTree, AuthorizableType type) {
+ public static boolean isType(Tree authorizableTree, AuthorizableType type) {
// FIXME: check for node type according to the specified type constraint
if (authorizableTree != null && authorizableTree.hasProperty(JcrConstants.JCR_PRIMARYTYPE)) {
String ntName = authorizableTree.getProperty(JcrConstants.JCR_PRIMARYTYPE).getValue(STRING);
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/DefaultLoginModuleTest.java Thu Oct 18 18:51:18 2012
@@ -23,25 +23,28 @@ import javax.security.auth.login.AppConf
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginException;
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.AbstractOakTest;
import org.apache.jackrabbit.oak.Oak;
import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.api.ContentRepository;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
import org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
import static org.junit.Assert.fail;
/**
@@ -105,12 +108,13 @@ public class DefaultLoginModuleTest exte
public void testAnonymousLogin() throws Exception {
String anonymousID = UserUtility.getAnonymousId(securityProvider.getUserConfiguration().getConfigurationParameters());
- UserProvider up = securityProvider.getUserConfiguration().getUserProvider(admin.getLatestRoot());
+ Root root = admin.getLatestRoot();
+ UserManager userMgr = securityProvider.getUserConfiguration().getUserManager(root, NamePathMapper.DEFAULT);
// verify initial user-content looks like expected
- Tree anonymous = up.getAuthorizable(anonymousID);
+ Authorizable anonymous = userMgr.getAuthorizable(anonymousID);
assertNotNull(anonymous);
- assertNull(up.getPasswordHash(anonymous));
+ assertFalse(root.getTree(anonymous.getPath()).hasProperty(UserConstants.REP_PASSWORD));
ContentSession cs = null;
try {
@@ -130,24 +134,25 @@ public class DefaultLoginModuleTest exte
String anonymousID = UserUtility.getAnonymousId(securityProvider.getUserConfiguration().getConfigurationParameters());
Root root = admin.getLatestRoot();
- UserProvider up = securityProvider.getUserConfiguration().getUserProvider(root);
+ UserManager userManager = securityProvider.getUserConfiguration().getUserManager(root, NamePathMapper.DEFAULT);
ContentSession cs = null;
+ User user = null;
try {
- Tree userTree = up.createUser("test", null);
- up.setPassword(userTree, "pw", true);
- up.setPrincipalName(userTree, "test");
+ user = userManager.createUser("test", "pw");
root.commit();
cs = getContentRepository().login(new SimpleCredentials("test", "pw".toCharArray()), null);
AuthInfo authInfo = cs.getAuthInfo();
assertEquals("test", authInfo.getUserID());
} finally {
+ if (user != null) {
+ user.remove();
+ root.commit();
+ }
if (cs != null) {
cs.close();
}
- up.getAuthorizable("test").remove();
- root.commit();
}
}
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java?rev=1399780&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java Thu Oct 18 18:51:18 2012
@@ -0,0 +1,107 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.user;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.oak.AbstractOakTest;
+import org.apache.jackrabbit.oak.api.ContentRepository;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
+import org.junit.Test;
+
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertFalse;
+import static junit.framework.Assert.assertNotNull;
+import static junit.framework.Assert.assertNull;
+import static junit.framework.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+/**
+ * UserManagerImplTest...
+ */
+public class UserManagerImplTest extends AbstractOakTest {
+
+ @Override
+ protected ContentRepository createRepository() {
+ // TODO
+ return null;
+ }
+
+// @Test
+// public void testSetPassword() throws Exception {
+// UserManagerImpl userMgr = createUserManager();
+// User user = userMgr.createUser("a", "pw");
+//
+// List<String> pwds = new ArrayList<String>();
+// pwds.add("pw");
+// pwds.add("");
+// pwds.add("{sha1}pw");
+//
+// for (String pw : pwds) {
+// user.setPassword(user, pw, true);
+// String pwHash = up.getPasswordHash(user);
+// assertNotNull(pwHash);
+// assertTrue(PasswordUtility.isSame(pwHash, pw));
+// }
+//
+// for (String pw : pwds) {
+// up.setPassword(user, pw, false);
+// String pwHash = up.getPasswordHash(user);
+// assertNotNull(pwHash);
+// if (!pw.startsWith("{")) {
+// assertTrue(PasswordUtility.isSame(pwHash, pw));
+// } else {
+// assertFalse(PasswordUtility.isSame(pwHash, pw));
+// assertEquals(pw, pwHash);
+// }
+// }
+// }
+//
+// @Test
+// public void setPasswordNull() throws Exception {
+// UserProviderImpl up = createUserProvider();
+// Tree user = up.createUser("a", null);
+//
+// try {
+// up.setPassword(user, null, true);
+// fail("setting null password should fail");
+// } catch (IllegalArgumentException e) {
+// // expected
+// }
+//
+// try {
+// up.setPassword(user, null, false);
+// fail("setting null password should fail");
+// } catch (IllegalArgumentException e) {
+// // expected
+// }
+// }
+
+
+//
+// @Test
+// public void testGetPasswordHash() throws Exception {
+// UserProviderImpl up = createUserProvider();
+// Tree user = up.createUser("a", null);
+//
+// assertNull(up.getPasswordHash(user));
+// }
+
+}
\ No newline at end of file
Copied: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderTest.java (from r1399538, jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderTest.java?p2=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderTest.java&p1=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java&r1=1399538&r2=1399780&rev=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderTest.java Thu Oct 18 18:51:18 2012
@@ -32,20 +32,14 @@ import org.apache.jackrabbit.oak.api.Tre
import org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexHook;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.OpenSecurityProvider;
-import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
-import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
-import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
import org.apache.jackrabbit.util.Text;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import static junit.framework.Assert.assertEquals;
-import static junit.framework.Assert.assertFalse;
import static junit.framework.Assert.assertNotNull;
-import static junit.framework.Assert.assertNull;
import static junit.framework.Assert.assertTrue;
import static org.junit.Assert.fail;
@@ -56,7 +50,7 @@ import static org.junit.Assert.fail;
* TODO: add tests for setProtectedProperty (might still be refactored...)
* TODO: add tests for findAuthorizables once implementation is ready
*/
-public class UserProviderImplTest extends AbstractOakTest {
+public class UserProviderTest extends AbstractOakTest {
private ContentSession contentSession;
private Root root;
@@ -88,7 +82,6 @@ public class UserProviderImplTest extend
cleanupPaths.add(defaultGroupPath);
cleanupPaths.add(customUserPath);
cleanupPaths.add(customGroupPath);
-
}
@After
@@ -107,13 +100,13 @@ public class UserProviderImplTest extend
}
private UserProvider createUserProvider() {
- return new UserProviderImpl(root, defaultConfig);
+ return new UserProvider(root, defaultConfig);
}
private UserProvider createUserProvider(int defaultDepth) {
Map<String, Object> options = new HashMap<String, Object>(customOptions);
options.put(UserConstants.PARAM_DEFAULT_DEPTH, defaultDepth);
- return new UserProviderImpl(root, new ConfigurationParameters(options));
+ return new UserProvider(root, new ConfigurationParameters(options));
}
@Test
@@ -282,33 +275,6 @@ public class UserProviderImplTest extend
}
@Test
- public void testGetAuthorizableWithType() throws Exception {
- UserProvider up = createUserProvider();
-
- String userID = "thabit";
- Tree user = up.createUser(userID, null);
- root.commit();
-
- Tree a = up.getAuthorizable(userID, AuthorizableType.USER);
- assertNotNull(a);
- assertEquals(user.getPath(), a.getPath());
-
- assertNotNull(up.getAuthorizable(userID, AuthorizableType.AUTHORIZABLE));
- assertNull(up.getAuthorizable(userID, AuthorizableType.GROUP));
-
- String groupID = "hr";
- Tree group = up.createGroup(groupID, null);
- root.commit();
-
- Tree g = up.getAuthorizable(groupID, AuthorizableType.GROUP);
- assertNotNull(a);
- assertEquals(user.getPath(), a.getPath());
-
- assertNotNull(up.getAuthorizable(groupID, AuthorizableType.AUTHORIZABLE));
- assertNull(up.getAuthorizable(groupID, AuthorizableType.USER));
- }
-
- @Test
public void testGetAuthorizableByPath() throws Exception {
UserProvider up = createUserProvider();
@@ -324,26 +290,6 @@ public class UserProviderImplTest extend
}
@Test
- public void testIsAdminUser() throws Exception {
- UserProvider userProvider = createUserProvider();
-
- String adminId = UserUtility.getAdminId(defaultConfig);
- Tree adminTree = userProvider.getAuthorizable(adminId, AuthorizableType.USER);
- if (adminTree == null) {
- adminTree = userProvider.createUser(adminId, null);
- }
- assertTrue(userProvider.isAdminUser(adminTree));
-
- List<Tree> others = new ArrayList<Tree>();
- others.add(userProvider.createUser("laura", null));
- others.add(userProvider.createGroup("administrators", null));
-
- for (Tree other : others) {
- assertFalse(userProvider.isAdminUser(other));
- }
- }
-
- @Test
public void testGetAuthorizableId() throws Exception {
UserProvider up = createUserProvider();
@@ -373,62 +319,4 @@ public class UserProviderImplTest extend
u2.remove();
}
}
-
- @Test
- public void testGetPasswordHash() throws Exception {
- UserProvider up = createUserProvider();
- Tree user = up.createUser("a", null);
-
- assertNull(up.getPasswordHash(user));
- }
-
- @Test
- public void testSetPassword() throws Exception {
- UserProvider up = createUserProvider();
- Tree user = up.createUser("a", null);
-
- List<String> pwds = new ArrayList<String>();
- pwds.add("pw");
- pwds.add("");
- pwds.add("{sha1}pw");
-
- for (String pw : pwds) {
- up.setPassword(user, pw, true);
- String pwHash = up.getPasswordHash(user);
- assertNotNull(pwHash);
- assertTrue(PasswordUtility.isSame(pwHash, pw));
- }
-
- for (String pw : pwds) {
- up.setPassword(user, pw, false);
- String pwHash = up.getPasswordHash(user);
- assertNotNull(pwHash);
- if (!pw.startsWith("{")) {
- assertTrue(PasswordUtility.isSame(pwHash, pw));
- } else {
- assertFalse(PasswordUtility.isSame(pwHash, pw));
- assertEquals(pw, pwHash);
- }
- }
- }
-
- @Test
- public void setPasswordNull() throws Exception {
- UserProvider up = createUserProvider();
- Tree user = up.createUser("a", null);
-
- try {
- up.setPassword(user, null, true);
- fail("setting null password should fail");
- } catch (IllegalArgumentException e) {
- // expected
- }
-
- try {
- up.setPassword(user, null, false);
- fail("setting null password should fail");
- } catch (IllegalArgumentException e) {
- // expected
- }
- }
}
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java Thu Oct 18 18:51:18 2012
@@ -493,7 +493,7 @@ public class SessionDelegate {
UserManager getUserManager() throws UnsupportedRepositoryOperationException {
if (userManager == null) {
if (securityProvider != null) {
- userManager = securityProvider.getUserConfiguration().getUserManager(session, root, getNamePathMapper());
+ userManager = securityProvider.getUserConfiguration().getUserManager(root, getNamePathMapper(), session);
} else {
throw new UnsupportedRepositoryOperationException("User management not supported.");
}
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserTest.java?rev=1399780&r1=1399779&r2=1399780&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/UserTest.java Thu Oct 18 18:51:18 2012
@@ -266,15 +266,6 @@ public class UserTest extends AbstractUs
}
}
- public void testUserGetCredentials() throws RepositoryException, NotExecutableException {
- try {
- Credentials creds = user.getCredentials();
- fail("getCredentials is not yet implemented");
- } catch (UnsupportedRepositoryOperationException e) {
- // expected
- }
- }
-
public void testLoginWithGetCredentials() throws RepositoryException, NotExecutableException {
try {
Credentials creds = user.getCredentials();