You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/08/22 14:46:35 UTC
svn commit: r1376022 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/security/authorization/
main/java/org/apache/jackrabbit/oak/spi/security/authorization/
test/java/org/apache/jackrabbit/oak/core/
Author: angela
Date: Wed Aug 22 12:46:34 2012
New Revision: 1376022
URL: http://svn.apache.org/viewvc?rev=1376022&view=rev
Log:
OAK-51 : Implement JCR Access Control Management (work in progress)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/CompiledPermissionImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/CompiledPermissions.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestAcContext.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java?rev=1376022&r1=1376021&r2=1376022&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java Wed Aug 22 12:46:34 2012
@@ -20,6 +20,8 @@ import java.security.Principal;
import java.util.Set;
import org.apache.jackrabbit.oak.api.CoreValueFactory;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
@@ -82,7 +84,17 @@ public class AccessControlContextImpl im
}
@Override
- public boolean isGranted(String path, int permissions) {
+ public boolean isGranted(int permissions) {
+ return allowed;
+ }
+
+ @Override
+ public boolean isGranted(Tree tree, int permissions) {
+ return allowed;
+ }
+
+ @Override
+ public boolean isGranted(Tree parent, PropertyState property, int permissions) {
return allowed;
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/CompiledPermissionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/CompiledPermissionImpl.java?rev=1376022&r1=1376021&r2=1376022&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/CompiledPermissionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/CompiledPermissionImpl.java Wed Aug 22 12:46:34 2012
@@ -19,6 +19,8 @@ package org.apache.jackrabbit.oak.securi
import java.security.Principal;
import java.util.Set;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
import org.apache.jackrabbit.oak.spi.security.authorization.Permissions;
@@ -38,9 +40,21 @@ class CompiledPermissionImpl implements
}
@Override
- public boolean isGranted(String path, int permissions) {
+ public boolean isGranted(int permissions) {
// TODO
- return (permissions == Permissions.READ);
+ return false;
+ }
+
+ @Override
+ public boolean isGranted(Tree tree, int permissions) {
+ // TODO
+ return (permissions == Permissions.READ_NODE);
+ }
+
+ @Override
+ public boolean isGranted(Tree parent, PropertyState property, int permissions) {
+ // TODO
+ return (permissions == Permissions.READ_PROPERTY);
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java?rev=1376022&r1=1376021&r2=1376022&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java Wed Aug 22 12:46:34 2012
@@ -21,7 +21,7 @@ import javax.jcr.AccessDeniedException;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.PropertyState;
-import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.name.NamespaceConstants;
import org.apache.jackrabbit.oak.plugins.type.NodeTypeConstants;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
@@ -126,7 +126,7 @@ class PermissionValidator implements Val
permission = defaultPermission;
}
- checkPermissions(PathUtils.concat(parentPath, name), permission);
+ checkPermissions(parent.getTree(), property, permission);
}
private PermissionValidator checkPermissions(NodeUtil node, boolean isBefore, int defaultPermission) throws CommitFailedException {
@@ -153,19 +153,31 @@ class PermissionValidator implements Val
permission = defaultPermission;
}
- if (Permissions.isRepositoryPermissions(permission)) {
- checkPermissions(null, permission);
+ if (Permissions.isRepositoryPermission(permission)) {
+ checkPermissions(permission);
return null; // no need for further validation down the subtree
} else {
- checkPermissions(path, permission);
+ checkPermissions(node.getTree(), permission);
return (isBefore) ?
new PermissionValidator(compiledPermissions, node, null) :
new PermissionValidator(compiledPermissions, null, node);
}
}
- private void checkPermissions(String path, int permissions) throws CommitFailedException {
- if (!compiledPermissions.isGranted(path, permissions)) {
+ private void checkPermissions(int permissions) throws CommitFailedException {
+ if (!compiledPermissions.isGranted(permissions)) {
+ throw new CommitFailedException(new AccessDeniedException());
+ }
+ }
+
+ private void checkPermissions(Tree tree, int permissions) throws CommitFailedException {
+ if (!compiledPermissions.isGranted(tree, permissions)) {
+ throw new CommitFailedException(new AccessDeniedException());
+ }
+ }
+
+ private void checkPermissions(Tree parent, PropertyState property, int permissions) throws CommitFailedException {
+ if (!compiledPermissions.isGranted(parent, property, permissions)) {
throw new CommitFailedException(new AccessDeniedException());
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/CompiledPermissions.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/CompiledPermissions.java?rev=1376022&r1=1376021&r2=1376022&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/CompiledPermissions.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/CompiledPermissions.java Wed Aug 22 12:46:34 2012
@@ -16,6 +16,9 @@
*/
package org.apache.jackrabbit.oak.spi.security.authorization;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
+
/**
* CompiledPermissions... TODO
*/
@@ -23,6 +26,10 @@ public interface CompiledPermissions {
boolean canRead(String path, boolean isProperty);
- boolean isGranted(String path, int permissions);
+ boolean isGranted(int permissions);
+
+ boolean isGranted(Tree tree, int permissions);
+
+ boolean isGranted(Tree parent, PropertyState property, int permissions);
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java?rev=1376022&r1=1376021&r2=1376022&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java Wed Aug 22 12:46:34 2012
@@ -124,10 +124,10 @@ public final class Permissions {
}
}
- public static boolean isRepositoryPermissions(int permissions) {
- return permissions == NAMESPACE_MANAGEMENT ||
- permissions == NODE_TYPE_DEFINITION_MANAGEMENT ||
- permissions == PRIVILEGE_MANAGEMENT ||
- permissions == WORKSPACE_MANAGEMENT;
+ public static boolean isRepositoryPermission(int permission) {
+ return permission == NAMESPACE_MANAGEMENT ||
+ permission == NODE_TYPE_DEFINITION_MANAGEMENT ||
+ permission == PRIVILEGE_MANAGEMENT ||
+ permission == WORKSPACE_MANAGEMENT;
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestAcContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestAcContext.java?rev=1376022&r1=1376021&r2=1376022&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestAcContext.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestAcContext.java Wed Aug 22 12:46:34 2012
@@ -20,6 +20,8 @@ import java.security.Principal;
import java.util.Set;
import org.apache.jackrabbit.oak.api.CoreValueFactory;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.spi.commit.DefaultValidatorProvider;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
@@ -52,7 +54,17 @@ public class TestAcContext implements Ac
}
@Override
- public boolean isGranted(String path, int permissions) {
+ public boolean isGranted(int permissions) {
+ return true;
+ }
+
+ @Override
+ public boolean isGranted(Tree tree, int permissions) {
+ return true;
+ }
+
+ @Override
+ public boolean isGranted(Tree parent, PropertyState property, int permissions) {
return true;
}
};