You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/08/02 10:35:32 UTC
svn commit: r1368381 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/core/
main/java/org/apache/jackrabbit/oak/security/authorization/
main/java/org/apache/jackrabbit/oak/spi/security/authorization/
test/java/org/apache/jac...
Author: angela
Date: Thu Aug 2 08:35:31 2012
New Revision: 1368381
URL: http://svn.apache.org/viewvc?rev=1368381&view=rev
Log:
OAK-51 : Implement JCR Access Control Management (Work In Progress)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/CompiledPermissionImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContext.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/CompiledPermissions.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestAcContext.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/TreeImpl.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractOakTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/DefaultConflictHandlerTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java?rev=1368381&r1=1368380&r2=1368381&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java Thu Aug 2 08:35:31 2012
@@ -39,6 +39,7 @@ import org.apache.jackrabbit.oak.plugins
import org.apache.jackrabbit.oak.plugins.value.ConflictValidatorProvider;
import org.apache.jackrabbit.oak.query.QueryEngineImpl;
import org.apache.jackrabbit.oak.security.authentication.LoginContextProviderImpl;
+import org.apache.jackrabbit.oak.security.authorization.AccessControlContextImpl;
import org.apache.jackrabbit.oak.spi.QueryIndexProvider;
import org.apache.jackrabbit.oak.spi.commit.CommitEditor;
import org.apache.jackrabbit.oak.spi.commit.CompositeEditor;
@@ -46,6 +47,7 @@ import org.apache.jackrabbit.oak.spi.com
import org.apache.jackrabbit.oak.spi.commit.ValidatingEditor;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -143,7 +145,10 @@ public class ContentRepositoryImpl imple
LoginContext loginContext = loginContextProvider.getLoginContext(credentials, workspaceName);
loginContext.login();
- return new ContentSessionImpl(loginContext, workspaceName, nodeStore, queryEngine);
+ // TODO make configurable
+ AccessControlContext acContext = new AccessControlContextImpl();
+
+ return new ContentSessionImpl(loginContext, workspaceName, nodeStore, queryEngine, acContext);
}
//------------------------------------------------------------< ConflictValidator >---
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java?rev=1368381&r1=1368380&r2=1368381&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java Thu Aug 2 08:35:31 2012
@@ -28,6 +28,7 @@ import org.apache.jackrabbit.oak.api.Con
import org.apache.jackrabbit.oak.api.CoreValueFactory;
import org.apache.jackrabbit.oak.api.QueryEngine;
import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
import org.apache.jackrabbit.oak.spi.state.NodeStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -43,9 +44,11 @@ class ContentSessionImpl implements Cont
private final String workspaceName;
private final NodeStore store;
private final QueryEngine queryEngine;
+ private final AccessControlContext accessControlContext;
public ContentSessionImpl(LoginContext loginContext, String workspaceName,
- NodeStore store, QueryEngine queryEngine) {
+ NodeStore store, QueryEngine queryEngine,
+ AccessControlContext accessControlContext) {
assert queryEngine != null;
@@ -53,6 +56,9 @@ class ContentSessionImpl implements Cont
this.workspaceName = workspaceName;
this.store = store;
this.queryEngine = queryEngine;
+
+ this.accessControlContext = accessControlContext;
+ this.accessControlContext.initialize(getAuthInfo().getPrincipals());
}
@Nonnull
@@ -69,7 +75,7 @@ class ContentSessionImpl implements Cont
@Nonnull
@Override
public Root getCurrentRoot() {
- return new RootImpl(store, workspaceName);
+ return new RootImpl(store, workspaceName, accessControlContext);
}
@Override
@@ -97,4 +103,4 @@ class ContentSessionImpl implements Cont
public CoreValueFactory getCoreValueFactory() {
return store.getValueFactory();
}
-}
\ No newline at end of file
+}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java?rev=1368381&r1=1368380&r2=1368381&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java Thu Aug 2 08:35:31 2012
@@ -28,6 +28,8 @@ import org.apache.jackrabbit.oak.api.Com
import org.apache.jackrabbit.oak.api.ConflictHandler;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
+import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.oak.spi.state.NodeStateDiff;
@@ -36,7 +38,6 @@ import org.apache.jackrabbit.oak.spi.sta
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import static org.apache.jackrabbit.oak.commons.PathUtils.elements;
import static org.apache.jackrabbit.oak.commons.PathUtils.getName;
import static org.apache.jackrabbit.oak.commons.PathUtils.getParentPath;
@@ -57,6 +58,9 @@ public class RootImpl implements Root {
/** Current root {@code Tree} */
private TreeImpl rootTree;
+ private final AccessControlContext accessControlContext;
+ private CompiledPermissions permissions;
+
/**
* Number of {@link #purge()} occurred so since the lase
* purge.
@@ -87,23 +91,28 @@ public class RootImpl implements Root {
* New instance bases on a given {@link NodeStore} and a workspace
* @param store node store
* @param workspaceName name of the workspace
+ * @param accessControlContext
* TODO: add support for multiple workspaces. See OAK-118
*/
@SuppressWarnings("UnusedParameters")
- public RootImpl(NodeStore store, String workspaceName) {
+ public RootImpl(NodeStore store, String workspaceName, AccessControlContext accessControlContext) {
this.store = store;
+ this.accessControlContext = accessControlContext;
+
branch = store.branch();
rootTree = TreeImpl.createRoot(this);
+ // TODO: define how permissions are bound to the current branch
+ permissions = accessControlContext.getPermissions();
}
//---------------------------------------------------------------< Root >---
@Override
public boolean move(String sourcePath, String destPath) {
- TreeImpl source = getChild(sourcePath);
+ TreeImpl source = rootTree.getTree(sourcePath);
if (source == null) {
return false;
}
- TreeImpl destParent = getChild(getParentPath(destPath));
+ TreeImpl destParent = rootTree.getTree(getParentPath(destPath));
if (destParent == null) {
return false;
}
@@ -126,7 +135,7 @@ public class RootImpl implements Root {
@Override
public Tree getTree(String path) {
- return getChild(path);
+ return rootTree.getTree(path);
}
@Override
@@ -144,6 +153,7 @@ public class RootImpl implements Root {
public void refresh() {
branch = store.branch();
rootTree = TreeImpl.createRoot(this);
+ permissions = this.accessControlContext.getPermissions();
}
@Override
@@ -207,6 +217,10 @@ public class RootImpl implements Root {
}
}
+ CompiledPermissions getPermissions() {
+ return permissions;
+ }
+
//------------------------------------------------------------< private >---
/**
@@ -226,21 +240,4 @@ public class RootImpl implements Root {
purgeListener.purged();
}
}
-
- /**
- * Get a tree for the child identified by {@code path}
- * @param path the path to the child
- * @return a {@link Tree} instance for the child
- * at {@code path} or {@code null} if no such item exits.
- */
- private TreeImpl getChild(String path) {
- TreeImpl child = rootTree;
- for (String name : elements(path)) {
- child = child.getChild(name);
- if (child == null) {
- return null;
- }
- }
- return child;
- }
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/TreeImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/TreeImpl.java?rev=1368381&r1=1368380&r2=1368381&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/TreeImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/TreeImpl.java Thu Aug 2 08:35:31 2012
@@ -37,9 +37,12 @@ import org.apache.jackrabbit.oak.spi.sta
import org.apache.jackrabbit.oak.spi.state.NodeStateDiff;
import com.google.common.base.Function;
+import com.google.common.base.Predicate;
import com.google.common.cache.CacheBuilder;
import com.google.common.collect.Iterables;
+
+import static org.apache.jackrabbit.oak.commons.PathUtils.elements;
import static org.apache.jackrabbit.oak.plugins.memory.MemoryNodeState.EMPTY_NODE;
public class TreeImpl implements Tree, PurgeListener {
@@ -113,20 +116,34 @@ public class TreeImpl implements Tree, P
@Override
public Tree getParent() {
- return parent;
+ if (parent != null && canRead(parent.getPath())) {
+ return parent;
+ } else {
+ return null;
+ }
}
@Override
public PropertyState getProperty(String name) {
- return getNodeBuilder().getProperty(name);
+ if (canReadProperty(buildChildPath(name))) {
+ return internalGetProperty(name);
+ } else {
+ return null;
+ }
}
@Override
public Status getPropertyStatus(String name) {
+ // TODO: see OAK-212
+ if (!canReadProperty(buildChildPath(name))) {
+ return null;
+ }
+
NodeState baseState = getBaseState();
+ boolean exists = internalGetProperty(name) != null;
if (baseState == null) {
// This instance is NEW...
- if (hasProperty(name)) {
+ if (exists) {
// ...so all children are new
return Status.NEW;
} else {
@@ -134,7 +151,7 @@ public class TreeImpl implements Tree, P
return null;
}
} else {
- if (hasProperty(name)) {
+ if (exists) {
// We have the property...
if (baseState.getProperty(name) == null) {
// ...but didn't have it before. So its NEW.
@@ -171,28 +188,32 @@ public class TreeImpl implements Tree, P
@Override
public long getPropertyCount() {
+ // TODO: make sure cnt respects access control
return getNodeBuilder().getPropertyCount();
}
@Override
public Iterable<? extends PropertyState> getProperties() {
- return getNodeBuilder().getProperties();
+ return Iterables.filter(getNodeBuilder().getProperties(),
+ new Predicate<PropertyState>() {
+ @Override
+ public boolean apply(PropertyState propertyState) {
+ if (propertyState != null) {
+ return canReadProperty(buildChildPath(propertyState.getName()));
+ } else {
+ return false;
+ }
+ }
+ });
}
@Override
public TreeImpl getChild(String name) {
- TreeImpl child = children.get(name);
- if (child != null) {
- return child;
- }
-
- if (!hasChild(name)) {
+ if (canRead(buildChildPath(name))) {
+ return internalGetChild(name);
+ } else {
return null;
}
-
- child = new TreeImpl(root, this, name);
- children.put(name, child);
- return child;
}
@Override
@@ -219,17 +240,18 @@ public class TreeImpl implements Tree, P
@Override
public boolean hasChild(String name) {
- return getNodeBuilder().hasChildNode(name);
+ return getChild(name) != null;
}
@Override
public long getChildrenCount() {
+ // TODO: make sure cnt respects access control
return getNodeBuilder().getChildNodeCount();
}
@Override
public Iterable<Tree> getChildren() {
- return Iterables.transform(
+ return Iterables.filter(Iterables.transform(
getNodeBuilder().getChildNodeNames(),
new Function<String, Tree>() {
@Override
@@ -241,6 +263,16 @@ public class TreeImpl implements Tree, P
}
return child;
}
+ }),
+ new Predicate<Tree>() {
+ @Override
+ public boolean apply(Tree tree) {
+ if (tree != null) {
+ return canRead(tree.getPath());
+ } else {
+ return false;
+ }
+ }
});
}
@@ -362,8 +394,44 @@ public class TreeImpl implements Tree, P
return getNodeBuilder().getNodeState();
}
+ /**
+ * Get a tree for the tree identified by {@code path}.
+ *
+ * @param path the path to the child
+ * @return a {@link Tree} instance for the child at {@code path} or
+ * {@code null} if no such tree exits or if the tree is not accessible.
+ */
+ @CheckForNull
+ TreeImpl getTree(String path) {
+ TreeImpl tree = null;
+ if (canRead(buildChildPath(path))) {
+ TreeImpl child = this;
+ for (String name : elements(path)) {
+ child = child.internalGetChild(name);
+ if (child == null) {
+ return null;
+ }
+ }
+ tree = child;
+ }
+ return tree;
+ }
+
//------------------------------------------------------------< private >---
+ private TreeImpl internalGetChild(String childName) {
+ TreeImpl child = children.get(childName);
+ if (child == null && getNodeBuilder().hasChildNode(childName)) {
+ child = new TreeImpl(root, this, childName);
+ children.put(childName, child);
+ }
+ return child;
+ }
+
+ private PropertyState internalGetProperty(String propertyName) {
+ return getNodeBuilder().getProperty(propertyName);
+ }
+
private boolean isRemoved() {
return parent == this;
}
@@ -382,6 +450,22 @@ public class TreeImpl implements Tree, P
}
}
+ private String buildChildPath(String relPath) {
+ StringBuilder sb = new StringBuilder();
+ buildPath(sb);
+ sb.append('/');
+ sb.append(relPath);
+ return sb.toString();
+ }
+
+ private boolean canRead(String path) {
+ return root.getPermissions().canRead(path, false);
+ }
+
+ private boolean canReadProperty(String path) {
+ return root.getPermissions().canRead(path, true);
+ }
+
private static boolean isSame(NodeState state1, NodeState state2) {
final boolean[] isDirty = {false};
state2.compareAgainstBaseState(state1, new NodeStateDiff() {
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java?rev=1368381&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java Thu Aug 2 08:35:31 2012
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization;
+
+import java.security.Principal;
+import java.util.Set;
+
+import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
+import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
+
+/**
+ * PermissionProviderImpl... TODO
+ */
+public class AccessControlContextImpl implements AccessControlContext {
+
+ private static final CompiledPermissions NO_PERMISSIONS = new SimplePermissions(false);
+ private static final CompiledPermissions ADMIN_PERMISSIONS = new SimplePermissions(true);
+
+ private Set<Principal> principals;
+
+ @Override
+ public void initialize(Set<Principal> principals) {
+ this.principals = principals;
+ }
+
+ @Override
+ public CompiledPermissions getPermissions() {
+ if (principals == null || principals.isEmpty()) {
+ return NO_PERMISSIONS;
+ } else if (principals.contains(AdminPrincipal.INSTANCE)) {
+ return ADMIN_PERMISSIONS;
+ } else {
+ // TODO: replace with permissions based on ac evaluation
+ return new CompiledPermissionImpl(principals);
+ }
+ }
+
+ /**
+ * Trivial implementation of the {@code CompiledPermissions} interface that
+ * either allows or denies all permissions.
+ */
+ private static final class SimplePermissions implements CompiledPermissions {
+
+ private final boolean allowed;
+
+ private SimplePermissions(boolean allowed) {
+ this.allowed = allowed;
+ }
+
+ @Override
+ public boolean canRead(String path, boolean isProperty) {
+ return allowed;
+ }
+
+ @Override
+ public boolean isGranted(String path, boolean isProperty, int permissions) {
+ return allowed;
+ }
+
+ }
+}
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/CompiledPermissionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/CompiledPermissionImpl.java?rev=1368381&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/CompiledPermissionImpl.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/CompiledPermissionImpl.java Thu Aug 2 08:35:31 2012
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization;
+
+import java.security.Principal;
+import java.util.Set;
+
+import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
+import org.apache.jackrabbit.oak.spi.security.authorization.Permissions;
+
+/**
+ * TODO
+ */
+class CompiledPermissionImpl implements CompiledPermissions {
+
+ CompiledPermissionImpl(Set<Principal> principals) {
+
+ }
+
+ @Override
+ public boolean canRead(String path, boolean isProperty) {
+ // TODO
+ return true;
+ }
+
+ @Override
+ public boolean isGranted(String path, boolean isProperty, int permissions) {
+ // TODO
+ return (permissions == Permissions.READ);
+ }
+
+}
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContext.java?rev=1368381&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContext.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContext.java Thu Aug 2 08:35:31 2012
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization;
+
+import java.security.Principal;
+import java.util.Set;
+
+/**
+ * PermissionProvider... TODO
+ */
+public interface AccessControlContext {
+
+ void initialize(Set<Principal> principals);
+
+ CompiledPermissions getPermissions();
+}
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/CompiledPermissions.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/CompiledPermissions.java?rev=1368381&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/CompiledPermissions.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/CompiledPermissions.java Thu Aug 2 08:35:31 2012
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization;
+
+/**
+ * CompiledPermissions... TODO
+ */
+public interface CompiledPermissions {
+
+ boolean canRead(String path, boolean isProperty);
+
+ boolean isGranted(String path, boolean isProperty, int permissions);
+
+}
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java?rev=1368381&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/Permissions.java Thu Aug 2 08:35:31 2012
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization;
+
+/**
+ * Permissions... TODO
+ */
+public final class Permissions {
+
+ public static final int NO_PERMISSION = 0;
+
+ public static final int READ = 1;
+
+ public static final int ADD_PROPERTY = READ << 1;
+
+ public static final int MODIFY_PROPERTY = ADD_PROPERTY << 1;
+
+ public static final int REMOVE_PROPERTY = MODIFY_PROPERTY << 1;
+
+ public static final int ADD_NODE = REMOVE_PROPERTY << 1;
+
+ public static final int REMOVE_NODE = ADD_NODE << 1;
+
+ public static final int READ_ACCESS_CONTROL = REMOVE_NODE << 1;
+
+ public static final int MODIFY_ACCESS_CONTROL = READ_ACCESS_CONTROL << 1;
+
+ public static final int NODE_TYPE_MANAGEMENT = MODIFY_ACCESS_CONTROL << 1;
+
+ public static final int VERSION_MANAGEMENT = NODE_TYPE_MANAGEMENT << 1;
+
+ public static final int LOCK_MANAGEMENT = VERSION_MANAGEMENT << 1;
+
+ public static final int MODIFY_CHILD_NODE_COLLECTION = LOCK_MANAGEMENT << 1;
+
+ public static final int NODE_TYPE_DEFINITION_MANAGEMENT = MODIFY_CHILD_NODE_COLLECTION << 1;
+
+ public static final int NAMESPACE_MANAGEMENT = NODE_TYPE_DEFINITION_MANAGEMENT << 1;
+
+ public static final int WORKSPACE_MANAGEMENT = NAMESPACE_MANAGEMENT << 1;
+
+ public static final int PRIVILEGE_MANAGEMENT = WORKSPACE_MANAGEMENT << 1;
+
+ public static final int ALL = (READ | ADD_PROPERTY | MODIFY_PROPERTY
+ | ADD_NODE | REMOVE_NODE
+ | REMOVE_PROPERTY | READ_ACCESS_CONTROL | MODIFY_ACCESS_CONTROL | NODE_TYPE_MANAGEMENT
+ | VERSION_MANAGEMENT | LOCK_MANAGEMENT | MODIFY_CHILD_NODE_COLLECTION
+ | NODE_TYPE_DEFINITION_MANAGEMENT | NAMESPACE_MANAGEMENT | WORKSPACE_MANAGEMENT | PRIVILEGE_MANAGEMENT);
+}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractOakTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractOakTest.java?rev=1368381&r1=1368380&r2=1368381&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractOakTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractOakTest.java Thu Aug 2 08:35:31 2012
@@ -20,6 +20,7 @@ import org.apache.jackrabbit.mk.api.Micr
import org.apache.jackrabbit.mk.core.MicroKernelImpl;
import org.apache.jackrabbit.oak.api.CoreValueFactory;
import org.apache.jackrabbit.oak.kernel.KernelNodeStore;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.junit.Before;
import org.slf4j.Logger;
@@ -38,6 +39,7 @@ public abstract class AbstractOakTest {
// TODO: use regular oak-repo setup
protected KernelNodeStore store;
protected CoreValueFactory valueFactory;
+ protected AccessControlContext acContext;
protected NodeState state;
@@ -46,9 +48,14 @@ public abstract class AbstractOakTest {
MicroKernel microKernel = new MicroKernelImpl();
store = new KernelNodeStore(microKernel);
valueFactory = store.getValueFactory();
+ acContext = new TestAcContext();
+
state = createInitialState(microKernel);
}
protected abstract NodeState createInitialState(MicroKernel microKernel);
+ protected RootImpl createRootImpl(String workspaceName) {
+ return new RootImpl(store, workspaceName, acContext);
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/DefaultConflictHandlerTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/DefaultConflictHandlerTest.java?rev=1368381&r1=1368380&r2=1368381&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/DefaultConflictHandlerTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/DefaultConflictHandlerTest.java Thu Aug 2 08:35:31 2012
@@ -42,8 +42,8 @@ public class DefaultConflictHandlerTest
String jsop = "^\"a\":1 ^\"b\":2 ^\"c\":3 +\"x\":{} +\"y\":{} +\"z\":{}";
microKernel.commit("/", jsop, microKernel.getHeadRevision(), "test data");
- ourRoot = new RootImpl(store, "");
- theirRoot = new RootImpl(store, "");
+ ourRoot = createRootImpl("");
+ theirRoot = createRootImpl("");
ourValue = valueFactory.createValue("foo");
theirValue = valueFactory.createValue("bar");
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java?rev=1368381&r1=1368380&r2=1368381&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java Thu Aug 2 08:35:31 2012
@@ -78,12 +78,12 @@ public class RootImplFuzzIT {
store1 = new KernelNodeStore(mk1);
vf = store1.getValueFactory();
mk1.commit("", "+\"/root\":{}", mk1.getHeadRevision(), "");
- root1 = new RootImpl(store1, null);
+ root1 = new RootImpl(store1, null, new TestAcContext());
MicroKernel mk2 = new MicroKernelImpl("./target/mk2/" + random.nextInt());
store2 = new KernelNodeStore(mk2);
mk2.commit("", "+\"/root\":{}", mk2.getHeadRevision(), "");
- root2 = new RootImpl(store2, null);
+ root2 = new RootImpl(store2, null, new TestAcContext());
}
@Test
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplTest.java?rev=1368381&r1=1368380&r2=1368381&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplTest.java Thu Aug 2 08:35:31 2012
@@ -52,7 +52,7 @@ public class RootImplTest extends Abstra
@Test
public void getChild() {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree tree = root.getTree("/");
Tree child = tree.getChild("any");
@@ -64,7 +64,7 @@ public class RootImplTest extends Abstra
@Test
public void getProperty() {
- RootImpl root = new RootImpl(store, "test");
+ RootImpl root = createRootImpl("test");
Tree tree = root.getTree("/");
PropertyState propertyState = tree.getProperty("any");
@@ -79,7 +79,7 @@ public class RootImplTest extends Abstra
@Test
public void getChildren() {
- RootImpl root = new RootImpl(store, "test");
+ RootImpl root = createRootImpl("test");
Tree tree = root.getTree("/");
Iterable<Tree> children = tree.getChildren();
@@ -97,7 +97,7 @@ public class RootImplTest extends Abstra
@Test
public void getProperties() {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree tree = root.getTree("/");
Map<String, CoreValue> expectedProperties = new HashMap<String, CoreValue>();
@@ -120,7 +120,7 @@ public class RootImplTest extends Abstra
@Test
public void addChild() throws CommitFailedException {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree tree = root.getTree("/");
assertFalse(tree.hasChild("new"));
@@ -140,7 +140,7 @@ public class RootImplTest extends Abstra
@Test
public void addExistingChild() throws CommitFailedException {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree tree = root.getTree("/");
assertFalse(tree.hasChild("new"));
@@ -157,7 +157,7 @@ public class RootImplTest extends Abstra
@Test
public void removeChild() throws CommitFailedException {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree tree = root.getTree("/");
assertTrue(tree.hasChild("x"));
@@ -172,7 +172,7 @@ public class RootImplTest extends Abstra
@Test
public void setProperty() throws CommitFailedException {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree tree = root.getTree("/");
assertFalse(tree.hasProperty("new"));
@@ -194,7 +194,7 @@ public class RootImplTest extends Abstra
@Test
public void removeProperty() throws CommitFailedException {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree tree = root.getTree("/");
assertTrue(tree.hasProperty("a"));
@@ -209,7 +209,7 @@ public class RootImplTest extends Abstra
@Test
public void move() throws CommitFailedException {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree tree = root.getTree("/");
Tree y = tree.getChild("y");
@@ -229,7 +229,7 @@ public class RootImplTest extends Abstra
@Test
public void move2() {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree r = root.getTree("");
Tree x = r.getChild("x");
Tree y = r.getChild("y");
@@ -246,7 +246,7 @@ public class RootImplTest extends Abstra
* Regression test for OAK-208
*/
public void removeMoved() throws CommitFailedException {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree r = root.getTree("");
r.addChild("a");
r.addChild("b");
@@ -266,7 +266,7 @@ public class RootImplTest extends Abstra
@Test
public void rename() throws CommitFailedException {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree tree = root.getTree("/");
assertTrue(tree.hasChild("x"));
@@ -283,7 +283,7 @@ public class RootImplTest extends Abstra
@Test
public void copy() throws CommitFailedException {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree tree = root.getTree("/");
Tree y = tree.getChild("y");
@@ -303,7 +303,7 @@ public class RootImplTest extends Abstra
@Test
public void deepCopy() throws CommitFailedException {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree tree = root.getTree("/");
Tree y = tree.getChild("y");
@@ -328,7 +328,7 @@ public class RootImplTest extends Abstra
@Test
public void getChildrenCount() {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree tree = root.getTree("/");
assertEquals(3, tree.getChildrenCount());
@@ -345,7 +345,7 @@ public class RootImplTest extends Abstra
@Test
public void getPropertyCount() {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree tree = root.getTree("/");
assertEquals(3, tree.getPropertyCount());
@@ -366,7 +366,7 @@ public class RootImplTest extends Abstra
@Test
public void addAndRemoveProperty() throws CommitFailedException {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree tree = root.getTree("/");
tree.setProperty("P0", valueFactory.createValue("V1"));
@@ -382,7 +382,7 @@ public class RootImplTest extends Abstra
@Test
public void nodeStatus() throws CommitFailedException {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree tree = root.getTree("/");
tree.addChild("new");
@@ -409,7 +409,7 @@ public class RootImplTest extends Abstra
@Test
public void propertyStatus() throws CommitFailedException {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree tree = root.getTree("/");
CoreValue value1 = valueFactory.createValue("V1");
CoreValue value2 = valueFactory.createValue("V2");
@@ -436,7 +436,7 @@ public class RootImplTest extends Abstra
@Test
public void noTransitiveModifiedStatus() throws CommitFailedException {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree tree = root.getTree("/");
tree.addChild("one").addChild("two");
root.commit(DefaultConflictHandler.OURS);
@@ -449,8 +449,8 @@ public class RootImplTest extends Abstra
@Test
public void rebase() throws CommitFailedException {
- RootImpl root1 = new RootImpl(store, null);
- RootImpl root2 = new RootImpl(store, null);
+ RootImpl root1 = createRootImpl(null);
+ RootImpl root2 = createRootImpl(null);
checkEqual(root1.getTree("/"), root2.getTree("/"));
@@ -473,7 +473,7 @@ public class RootImplTest extends Abstra
@Test
public void largeChildList() throws CommitFailedException {
- RootImpl root = new RootImpl(store, null);
+ RootImpl root = createRootImpl(null);
Tree tree = root.getTree("/");
Set<String> added = new HashSet<String>();
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestAcContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestAcContext.java?rev=1368381&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestAcContext.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestAcContext.java Thu Aug 2 08:35:31 2012
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.core;
+
+import java.security.Principal;
+import java.util.Set;
+
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
+import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Dummy implementation that omits any permission checks
+ */
+public class TestAcContext implements AccessControlContext {
+
+ /**
+ * logger instance
+ */
+ private static final Logger log = LoggerFactory.getLogger(TestAcContext.class);
+
+ @Override
+ public void initialize(Set<Principal> principals) {
+ // nop
+
+ }
+
+ @Override
+ public CompiledPermissions getPermissions() {
+ return new CompiledPermissions() {
+ @Override
+ public boolean canRead(String path, boolean isProperty) {
+ return true;
+ }
+
+ @Override
+ public boolean isGranted(String path, boolean isProperty, int permissions) {
+ return true;
+ }
+ };
+ }
+}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java?rev=1368381&r1=1368380&r2=1368381&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java Thu Aug 2 08:35:31 2012
@@ -27,6 +27,7 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.core.DefaultConflictHandler;
import org.apache.jackrabbit.oak.core.RootImpl;
+import org.apache.jackrabbit.oak.core.TestAcContext;
import org.apache.jackrabbit.oak.kernel.KernelNodeStore;
import org.apache.jackrabbit.oak.plugins.memory.MemoryValueFactory;
import org.apache.jackrabbit.oak.query.ast.Operator;
@@ -45,7 +46,7 @@ public class LuceneEditorTest {
KernelNodeStore store = new KernelNodeStore(new MicroKernelImpl());
store.setEditor(new LuceneEditor(indexInfo.getPath()));
- Root root = new RootImpl(store, "");
+ Root root = new RootImpl(store, "", new TestAcContext());
Tree tree = root.getTree("/");
tree.setProperty("foo", MemoryValueFactory.INSTANCE.createValue("bar"));