You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2015/10/29 18:59:54 UTC
svn commit: r1711313 [1/2] - in /jackrabbit/oak/trunk:
oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/
oak-core/src/main/java/org/apache/jackrabbit/oak/security/
oak-core/src/main/java/org/apache/jackr...
Author: angela
Date: Thu Oct 29 17:59:53 2015
New Revision: 1711313
URL: http://svn.apache.org/viewvc?rev=1711313&view=rev
Log:
OAK-1268 : Add support for composite authorization setup
Added:
jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/CompositeAuthorizationTest.java
- copied, changed from r1710980, jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/CompositeAuthorizationReadTest.java
Removed:
jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/CompositeAuthorizationReadTest.java
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest.java
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermission.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/Context.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/package-info.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/AbstractCompositeProviderTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderAllTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderCoverageTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderEmptyTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderFullScopeTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderNoScopeTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderScopeTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermissionTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/LimitedScopeProvider.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/CompositeConfigurationTest.java
jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest.java Thu Oct 29 17:59:53 2015
@@ -27,7 +27,6 @@ import javax.jcr.security.AccessControlM
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
-import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
@@ -111,9 +110,7 @@ public class AbstractCugTest extends Abs
@Override
protected ConfigurationParameters getSecurityConfigParameters() {
- return ConfigurationParameters.of(ImmutableMap.of(
- AuthorizationConfiguration.NAME, CUG_CONFIG)
- );
+ return ConfigurationParameters.of(AuthorizationConfiguration.NAME, CUG_CONFIG);
}
CugPermissionProvider createCugPermissionProvider(@Nonnull Set<String> supportedPaths, @Nonnull Principal... principals) {
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java Thu Oct 29 17:59:53 2015
@@ -23,22 +23,19 @@ import org.apache.jackrabbit.oak.securit
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import static com.google.common.base.Preconditions.checkNotNull;
+
final class CugSecurityProvider extends SecurityProviderImpl {
public CugSecurityProvider(@Nonnull ConfigurationParameters configuration) {
super(configuration);
AuthorizationConfiguration authorizationConfiguration = getConfiguration(AuthorizationConfiguration.class);
if (!(authorizationConfiguration instanceof CompositeAuthorizationConfiguration)) {
- CompositeAuthorizationConfiguration composite = new CompositeAuthorizationConfiguration(this);
- composite.setDefaultConfig(authorizationConfiguration);
- composite.addConfiguration(new CugConfiguration(this));
- composite.addConfiguration(authorizationConfiguration);
- this.bindAuthorizationConfiguration(composite);
+ throw new IllegalStateException();
+ } else {
+ AuthorizationConfiguration defConfig = checkNotNull(((CompositeAuthorizationConfiguration) authorizationConfiguration).getDefaultConfig());
+ bindAuthorizationConfiguration(new CugConfiguration(this));
+ bindAuthorizationConfiguration(defConfig);
}
}
-
- @Override
- protected void bindAuthorizationConfiguration(@Nonnull AuthorizationConfiguration reference) {
- super.bindAuthorizationConfiguration(reference);
- }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java Thu Oct 29 17:59:53 2015
@@ -21,6 +21,7 @@ import org.apache.jackrabbit.oak.osgi.Os
import org.apache.jackrabbit.oak.security.authentication.AuthenticationConfigurationImpl;
import org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl;
import org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl;
+import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
import org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeConfigurationImpl;
import org.apache.jackrabbit.oak.security.user.UserConfigurationImpl;
@@ -56,14 +57,14 @@ import static com.google.common.base.Pre
public class SecurityProviderImpl implements SecurityProvider, WhiteboardAware {
- private volatile AuthorizationConfiguration authorizationConfiguration;
-
private volatile AuthenticationConfiguration authenticationConfiguration;
private volatile PrivilegeConfiguration privilegeConfiguration;
private volatile UserConfiguration userConfiguration;
+ private final CompositeAuthorizationConfiguration authorizationConfiguration = new CompositeAuthorizationConfiguration(this);
+
private final CompositePrincipalConfiguration principalConfiguration = new CompositePrincipalConfiguration(this);
private final CompositeTokenConfiguration tokenConfiguration = new CompositeTokenConfiguration(this);
@@ -95,10 +96,10 @@ public class SecurityProviderImpl implem
this.configuration = configuration;
authenticationConfiguration = new AuthenticationConfigurationImpl(this);
- authorizationConfiguration = new AuthorizationConfigurationImpl(this);
userConfiguration = new UserConfigurationImpl(this);
privilegeConfiguration = new PrivilegeConfigurationImpl();
+ authorizationConfiguration.setDefaultConfig(new AuthorizationConfigurationImpl(this));
principalConfiguration.setDefaultConfig(new PrincipalConfigurationImpl(this));
tokenConfiguration.setDefaultConfig(new TokenConfigurationImpl(this));
}
@@ -201,14 +202,12 @@ public class SecurityProviderImpl implem
@SuppressWarnings("UnusedDeclaration")
protected void bindAuthorizationConfiguration(@Nonnull AuthorizationConfiguration reference) {
- authorizationConfiguration = initConfiguration(reference);
- // TODO (OAK-1268): authorizationConfiguration.addConfiguration(initConfiguration(reference));
+ authorizationConfiguration.addConfiguration(initConfiguration(reference));
}
@SuppressWarnings("UnusedDeclaration")
protected void unbindAuthorizationConfiguration(@Nonnull AuthorizationConfiguration reference) {
- authorizationConfiguration = new AuthorizationConfigurationImpl(this);
- // TODO (OAK-1268): authorizationConfiguration.removeConfiguration(reference);
+ authorizationConfiguration.removeConfiguration(reference);
}
//------------------------------------------------------------< private >---
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java Thu Oct 29 17:59:53 2015
@@ -48,7 +48,7 @@ import org.apache.jackrabbit.oak.spi.sec
class CompositePermissionProvider implements PermissionProvider {
private final Root root;
- private final List<AggregatedPermissionProvider> pps;
+ private final AggregatedPermissionProvider[] pps;
private final Context ctx;
private final RepositoryPermission repositoryPermission;
@@ -58,7 +58,7 @@ class CompositePermissionProvider implem
CompositePermissionProvider(@Nonnull Root root, @Nonnull List<AggregatedPermissionProvider> pps, @Nonnull Context acContext) {
this.root = root;
- this.pps = pps;
+ this.pps = pps.toArray(new AggregatedPermissionProvider[pps.size()]);
this.ctx = acContext;
repositoryPermission = new CompositeRepositoryPermission();
@@ -142,12 +142,11 @@ class CompositePermissionProvider implem
public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreePermission parentPermission) {
ImmutableTree immutableTree = (ImmutableTree) PermissionUtil.getImmutableTree(tree, immutableRoot);
if (tree.isRoot()) {
- return new CompositeTreePermission(immutableTree, new CompositeTreePermission(pps));
+ return CompositeTreePermission.create(immutableTree, pps);
+ } else if (parentPermission instanceof CompositeTreePermission) {
+ return CompositeTreePermission.create(immutableTree, ((CompositeTreePermission) parentPermission));
} else {
- if (!(parentPermission instanceof CompositeTreePermission)) {
- throw new IllegalArgumentException("Illegal parent permission instance. Expected CompositeTreePermission.");
- }
- return new CompositeTreePermission(immutableTree, (CompositeTreePermission) parentPermission);
+ return parentPermission.getChildPermission(immutableTree.getName(), immutableTree.getNodeState());
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermission.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermission.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermission.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermission.java Thu Oct 29 17:59:53 2015
@@ -16,12 +16,9 @@
*/
package org.apache.jackrabbit.oak.security.authorization.composite;
-import java.util.LinkedHashMap;
-import java.util.Map;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
-import com.google.common.collect.ImmutableMap;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
@@ -36,60 +33,89 @@ import org.apache.jackrabbit.oak.spi.sta
final class CompositeTreePermission implements TreePermission {
private final ImmutableTree tree;
- private final Map<AggregatedPermissionProvider, TreePermission> map;
+ private final AggregatedPermissionProvider[] providers;
+ private final TreePermission[] treePermissions;
+ private final int childSize;
private Boolean canRead;
+ private Boolean canReadProperties;
- CompositeTreePermission(@Nonnull Iterable<AggregatedPermissionProvider> providers) {
- tree = null;
- ImmutableMap.Builder<AggregatedPermissionProvider, TreePermission> builder = ImmutableMap.builder();
- for (AggregatedPermissionProvider app : providers) {
- builder.put(app, TreePermission.EMPTY);
+ private CompositeTreePermission(@Nonnull ImmutableTree tree, @Nonnull AggregatedPermissionProvider[] providers, @Nonnull TreePermission[] treePermissions, int cnt) {
+ this.tree = tree;
+ this.providers = providers;
+ this.treePermissions = treePermissions;
+ this.childSize = providers.length - cnt;
+ }
+
+ static TreePermission create(@Nonnull ImmutableTree rootTree, @Nonnull AggregatedPermissionProvider[] providers) {
+ switch (providers.length) {
+ case 0 : return TreePermission.EMPTY;
+ case 1 : return providers[0].getTreePermission(rootTree, TreePermission.EMPTY);
+ default :
+ int cnt = 0;
+ TreePermission[] treePermissions = new TreePermission[providers.length];
+ for (int i = 0; i < providers.length; i++) {
+ TreePermission tp = providers[i].getTreePermission(rootTree, TreePermission.EMPTY);
+ if (!isValid(tp)) {
+ cnt++;
+ }
+ treePermissions[i] = tp;
+ }
+ return new CompositeTreePermission(rootTree, providers, treePermissions, cnt);
}
- map = builder.build();
}
- CompositeTreePermission(@Nonnull final ImmutableTree tree, @Nonnull CompositeTreePermission parentPermission) {
- this.tree = tree;
-
- TreePermission parent;
- AggregatedPermissionProvider provider;
+ static TreePermission create(@Nonnull final ImmutableTree tree, @Nonnull CompositeTreePermission parentPermission) {
+ return create(new LazyTree() {
+ @Override
+ ImmutableTree get() {
+ return tree;
+ }
+ }, tree.getName(), tree.getNodeState(), parentPermission);
+ }
- int size = parentPermission.map.size();
- switch (size) {
- case 0:
- map = ImmutableMap.of();
- break;
+ private static TreePermission create(@Nonnull LazyTree lazyTree, @Nonnull String childName, @Nonnull NodeState childState, @Nonnull CompositeTreePermission parentPermission) {
+ switch (parentPermission.childSize) {
+ case 0: return TreePermission.EMPTY;
case 1:
- provider = parentPermission.map.keySet().iterator().next();
- parent = getParentPermission(parentPermission, provider);
- if (NO_RECOURSE != parent) {
- map = ImmutableMap.of(provider, provider.getTreePermission(tree, parent));
- } else {
- map = ImmutableMap.of();
- }
- break;
+ TreePermission parent = null;
+ for (TreePermission tp : parentPermission.treePermissions) {
+ if (isValid(tp)) {
+ parent = tp;
+ break;
+ }
+ }
+ return (parent == null) ? TreePermission.EMPTY : parent.getChildPermission(childName, childState);
default:
- map = new LinkedHashMap<AggregatedPermissionProvider, TreePermission>(size);
- for (AggregatedPermissionProvider app : parentPermission.map.keySet()) {
- parent = getParentPermission(parentPermission, app);
- if (NO_RECOURSE != parent) {
- TreePermission tp = app.getTreePermission(tree, parent);
- map.put(app, tp);
+ AggregatedPermissionProvider[] pvds = new AggregatedPermissionProvider[parentPermission.childSize];
+ TreePermission[] tps = new TreePermission[parentPermission.childSize];
+ int cnt = 0;
+ for (int i = 0, j = 0; i < parentPermission.providers.length; i++) {
+ parent = parentPermission.treePermissions[i];
+ if (isValid(parent)) {
+ TreePermission tp = parent.getChildPermission(childName, childState);
+ if (!isValid(tp)) {
+ cnt++;
+ }
+ tps[j] = tp;
+ pvds[j] = parentPermission.providers[i];
+ j++;
}
}
+ return new CompositeTreePermission(lazyTree.get(), pvds, tps, cnt);
}
}
//-----------------------------------------------------< TreePermission >---
@Nonnull
@Override
- public TreePermission getChildPermission(@Nonnull String childName, @Nonnull NodeState childState) {
- if (tree == null) {
- throw new IllegalStateException();
- }
- ImmutableTree childTree = new ImmutableTree(tree, childName, childState);
- return new CompositeTreePermission(childTree, this);
+ public TreePermission getChildPermission(final @Nonnull String childName, final @Nonnull NodeState childState) {
+ return create(new LazyTree() {
+ @Override
+ ImmutableTree get() {
+ return new ImmutableTree(tree, childName, childState);
+ }
+ }, childName, childState, this);
}
@Override
@@ -112,7 +138,21 @@ final class CompositeTreePermission impl
@Override
public boolean canReadProperties() {
- return false;
+ if (canReadProperties == null) {
+ boolean readable = false;
+ for (int i = 0; i < providers.length; i++) {
+ TreePermission tp = treePermissions[i];
+ long supported = providers[i].supportedPermissions(tp, null, Permissions.READ_PROPERTY);
+ if (doEvaluate(supported)) {
+ readable = tp.canReadProperties();
+ if (!readable) {
+ break;
+ }
+ }
+ }
+ canReadProperties = readable;
+ }
+ return canReadProperties;
}
@Override
@@ -131,9 +171,9 @@ final class CompositeTreePermission impl
boolean isGranted = false;
long coveredPermissions = Permissions.NO_PERMISSION;
- for (Map.Entry<AggregatedPermissionProvider, TreePermission> entry : map.entrySet()) {
- TreePermission tp = entry.getValue();
- long supported = entry.getKey().supportedPermissions(tp, property, permissions);
+ for (int i = 0; i < providers.length; i++) {
+ TreePermission tp = treePermissions[i];
+ long supported = providers[i].supportedPermissions(tp, property, permissions);
if (doEvaluate(supported)) {
isGranted = (property == null) ? tp.isGranted(supported) : tp.isGranted(supported, property);
coveredPermissions |= supported;
@@ -148,9 +188,9 @@ final class CompositeTreePermission impl
private boolean grantsRead(@Nullable PropertyState property) {
boolean readable = false;
- for (Map.Entry<AggregatedPermissionProvider, TreePermission> entry : map.entrySet()) {
- TreePermission tp = entry.getValue();
- long supported = entry.getKey().supportedPermissions(tp, property, (property == null) ? Permissions.READ_NODE : Permissions.READ_PROPERTY);
+ for (int i = 0; i < providers.length; i++) {
+ TreePermission tp = treePermissions[i];
+ long supported = providers[i].supportedPermissions(tp, property, (property == null) ? Permissions.READ_NODE : Permissions.READ_PROPERTY);
if (doEvaluate(supported)) {
readable = (property == null) ? tp.canRead() : tp.canRead(property);
if (!readable) {
@@ -165,10 +205,11 @@ final class CompositeTreePermission impl
return CompositePermissionProvider.doEvaluate(supportedPermissions);
}
- @Nonnull
- private static TreePermission getParentPermission(@Nonnull CompositeTreePermission compositeParent,
- @Nonnull AggregatedPermissionProvider provider) {
- TreePermission parent = compositeParent.map.get(provider);
- return (parent == null) ? TreePermission.EMPTY : parent;
+ private static boolean isValid(@Nonnull TreePermission tp) {
+ return NO_RECOURSE != tp;
+ }
+
+ private abstract static class LazyTree {
+ abstract ImmutableTree get();
}
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java Thu Oct 29 17:59:53 2015
@@ -22,16 +22,19 @@ import java.security.Principal;
import java.util.List;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArrayList;
-
+import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
import com.google.common.base.Function;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
import com.google.common.collect.Lists;
-
+import com.google.common.collect.ObjectArrays;
+import com.google.common.collect.Sets;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
@@ -40,7 +43,6 @@ import org.apache.jackrabbit.oak.spi.lif
import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
-import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
/**
* Abstract base implementation for {@link SecurityConfiguration}s that can
@@ -65,6 +67,7 @@ public abstract class CompositeConfigura
private final String name;
private final SecurityProvider securityProvider;
+ private final CompositeContext ctx = new CompositeContext();
private T defaultConfig;
@@ -73,8 +76,14 @@ public abstract class CompositeConfigura
this.securityProvider = securityProvider;
}
+ @CheckForNull
+ public T getDefaultConfig() {
+ return defaultConfig;
+ }
+
public void setDefaultConfig(@Nonnull T defaultConfig) {
this.defaultConfig = defaultConfig;
+ ctx.defaultCtx = defaultConfig.getContext();
}
public void addConfiguration(@Nonnull T configuration) {
@@ -93,10 +102,12 @@ public abstract class CompositeConfigura
}
configurations.add(i, configuration);
}
+ ctx.add(configuration);
}
public void removeConfiguration(@Nonnull T configuration) {
configurations.remove(configuration);
+ ctx.refresh(configurations);
}
protected List<T> getConfigurations() {
@@ -187,48 +198,104 @@ public abstract class CompositeConfigura
@Nonnull
@Override
public Context getContext() {
- final List<T> configs = getConfigurations();
- return new Context() {
+ return ctx;
+ }
- @Override
- public boolean definesProperty(@Nonnull Tree parent, @Nonnull PropertyState property) {
- for (SecurityConfiguration sc : configs) {
- if (sc.getContext().definesProperty(parent, property)) {
- return true;
- }
+ private static final class CompositeContext implements Context {
+
+ @Nonnull
+ private Context defaultCtx = DEFAULT;
+ @Nullable
+ private Context[] delegatees = null;
+
+ private void refresh(@Nonnull List<? extends SecurityConfiguration> configurations) {
+ Set<Context> s = Sets.newLinkedHashSetWithExpectedSize(configurations.size());
+ for (Context c : Iterables.transform(configurations, ContextFunction.INSTANCE)) {
+ if (DEFAULT != c) {
+ s.add(c);
}
- return false;
}
+ delegatees = (s.isEmpty()) ? null : s.toArray(new Context[s.size()]);
+ }
- @Override
- public boolean definesContextRoot(@Nonnull Tree tree) {
- for (SecurityConfiguration sc : configs) {
- if (sc.getContext().definesContextRoot(tree)) {
- return true;
+ private void add(@Nonnull SecurityConfiguration configuration) {
+ Context c = configuration.getContext();
+ if (DEFAULT != c) {
+ if (delegatees == null) {
+ delegatees = new Context[] {c};
+ } else {
+ for (Context ctx : delegatees) {
+ if (ctx.equals(c)) {
+ return;
+ }
}
+ delegatees = ObjectArrays.concat(delegatees, c);
}
- return false;
}
+ }
- @Override
- public boolean definesTree(@Nonnull Tree tree) {
- for (SecurityConfiguration sc : configs) {
- if (sc.getContext().definesTree(tree)) {
- return true;
- }
+ @Override
+ public boolean definesProperty(@Nonnull Tree parent, @Nonnull PropertyState property) {
+ if (delegatees == null) {
+ return defaultCtx.definesProperty(parent, property);
+ }
+ for (Context ctx : delegatees) {
+ if (ctx.definesProperty(parent, property)) {
+ return true;
}
- return false;
}
+ return false;
+ }
- @Override
- public boolean definesLocation(@Nonnull TreeLocation location) {
- for (SecurityConfiguration sc : configs) {
- if (sc.getContext().definesLocation(location)) {
- return true;
- }
+ @Override
+ public boolean definesContextRoot(@Nonnull Tree tree) {
+ if (delegatees == null) {
+ return defaultCtx.definesContextRoot(tree);
+ }
+ for (Context ctx : delegatees) {
+ if (ctx.definesContextRoot(tree)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public boolean definesTree(@Nonnull Tree tree) {
+ if (delegatees == null) {
+ return defaultCtx.definesTree(tree);
+ }
+ for (Context ctx : delegatees) {
+ if (ctx.definesTree(tree)) {
+ return true;
}
- return false;
}
- };
+ return false;
+ }
+
+ @Override
+ public boolean definesLocation(@Nonnull TreeLocation location) {
+ if (delegatees == null) {
+ return defaultCtx.definesLocation(location);
+ }
+ for (Context ctx : delegatees) {
+ if (ctx.definesLocation(location)) {
+ return true;
+ }
+ }
+ return false;
+ }
+ }
+
+ private static final class ContextFunction implements Function<SecurityConfiguration, Context> {
+
+ private static final ContextFunction INSTANCE = new ContextFunction();
+
+ private ContextFunction() {}
+
+ @Override
+ public Context apply(SecurityConfiguration input) {
+ return input.getContext();
+ }
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/Context.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/Context.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/Context.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/Context.java Thu Oct 29 17:59:53 2015
@@ -74,11 +74,14 @@ public interface Context {
*/
boolean definesLocation(@Nonnull TreeLocation location);
+ Context DEFAULT = new Default();
+
/**
* Default implementation of the {@code Context} interface that always returns
* {@code false}.
*/
class Default implements Context {
+
@Override
public boolean definesProperty(@Nonnull Tree parent, @Nonnull PropertyState property) {
return false;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java Thu Oct 29 17:59:53 2015
@@ -162,7 +162,7 @@ public interface SecurityConfiguration {
@Nonnull
@Override
public Context getContext() {
- return new Context.Default();
+ return Context.DEFAULT;
}
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java Thu Oct 29 17:59:53 2015
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("1.2.0")
+@Version("1.3.0")
@Export(optional = "provide:=true")
package org.apache.jackrabbit.oak.spi.security.authentication.token;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/TreePermission.java Thu Oct 29 17:59:53 2015
@@ -145,6 +145,11 @@ public interface TreePermission {
public boolean isGranted(long permissions, @Nonnull PropertyState property) {
return false;
}
+
+ @Override
+ public String toString() {
+ return "TreePermission.EMPTY";
+ }
};
/**
@@ -187,6 +192,11 @@ public interface TreePermission {
public boolean isGranted(long permissions, @Nonnull PropertyState property) {
return true;
}
+
+ @Override
+ public String toString() {
+ return "TreePermission.ALL";
+ }
};
TreePermission NO_RECOURSE = new TreePermission() {
@@ -226,5 +236,10 @@ public interface TreePermission {
public boolean isGranted(long permissions, @Nonnull PropertyState property) {
throw new UnsupportedOperationException();
}
+
+ @Override
+ public String toString() {
+ return "TreePermission.NO_RECOURSE";
+ }
};
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/package-info.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/package-info.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/package-info.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/package-info.java Thu Oct 29 17:59:53 2015
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("1.1.0")
+@Version("1.2.0")
@Export(optional = "provide:=true")
package org.apache.jackrabbit.oak.spi.security;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java Thu Oct 29 17:59:53 2015
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("1.1.0")
+@Version("1.2.0")
@Export(optional = "provide:=true")
package org.apache.jackrabbit.oak.spi.security.principal;
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/AbstractCompositeProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/AbstractCompositeProviderTest.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/AbstractCompositeProviderTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/AbstractCompositeProviderTest.java Thu Oct 29 17:59:53 2015
@@ -34,6 +34,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
@@ -54,6 +55,7 @@ import org.apache.jackrabbit.util.Text;
import org.junit.Test;
import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
public abstract class AbstractCompositeProviderTest extends AbstractSecurityTest implements NodeTypeConstants, PrivilegeConstants {
@@ -94,6 +96,8 @@ public abstract class AbstractCompositeP
Map<String, Set<String>> defPrivileges;
Map<String, String[]> defActionsGranted;
+ Root readOnlyRoot;
+
@Override
public void before() throws Exception {
super.before();
@@ -175,6 +179,8 @@ public abstract class AbstractCompositeP
put(TEST_A_B_C_PATH + "/jcr:primaryType", new String[] {Session.ACTION_READ, JackrabbitSession.ACTION_VERSIONING}).
put(TEST_A_B_C_PATH, new String[] {Session.ACTION_ADD_NODE, JackrabbitSession.ACTION_ADD_PROPERTY, JackrabbitSession.ACTION_VERSIONING}).
build();
+
+ readOnlyRoot = RootFactory.createReadOnlyRoot(root);
}
@Override
@@ -252,7 +258,7 @@ public abstract class AbstractCompositeP
public void testHasPrivilegesJcrAll() throws Exception {
PermissionProvider pp = createPermissionProvider();
for (String p : NODE_PATHS) {
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertFalse(p, pp.hasPrivileges(tree, JCR_ALL));
}
@@ -262,7 +268,7 @@ public abstract class AbstractCompositeP
public void testHasPrivilegesNone() throws Exception {
PermissionProvider pp = createPermissionProvider();
for (String p : NODE_PATHS) {
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertTrue(p, pp.hasPrivileges(tree));
}
@@ -285,7 +291,7 @@ public abstract class AbstractCompositeP
PermissionProvider pp = createPermissionProvider();
for (String p : NODE_PATHS) {
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
PropertyState ps = tree.getProperty(JcrConstants.JCR_PRIMARYTYPE);
assertFalse(p, pp.isGranted(tree, null, Permissions.ALL));
@@ -298,7 +304,7 @@ public abstract class AbstractCompositeP
PermissionProvider pp = createPermissionProvider();
for (String p : NODE_PATHS) {
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
PropertyState ps = tree.getProperty(JcrConstants.JCR_PRIMARYTYPE);
assertFalse(p, pp.isGranted(tree, null, Permissions.NO_PERMISSION));
@@ -311,7 +317,7 @@ public abstract class AbstractCompositeP
PermissionProvider pp = createPermissionProvider();
for (String p : NODE_PATHS) {
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
PropertyState ps = tree.getProperty(JcrConstants.JCR_PRIMARYTYPE);
assertFalse(p, pp.isGranted(tree, null, Permissions.MODIFY_ACCESS_CONTROL));
@@ -353,20 +359,15 @@ public abstract class AbstractCompositeP
}
@Test
- public void testGetTreePermissionInstance() throws Exception {
- PermissionProvider pp = createPermissionProvider();
- TreePermission parentPermission = TreePermission.EMPTY;
-
- for (String path : TP_PATHS) {
- TreePermission tp = pp.getTreePermission(root.getTree(path), parentPermission);
- assertTrue(tp.getClass().getName().endsWith("CompositeTreePermission"));
- parentPermission = tp;
- }
+ public void testGetTreePermissionAllParent() throws Exception {
+ TreePermission tp = createPermissionProvider().getTreePermission(readOnlyRoot.getTree(TEST_PATH), TreePermission.ALL);
+ assertSame(TreePermission.ALL, tp);
}
- @Test(expected = IllegalArgumentException.class)
- public void testGetTreePermissionInvalidParent() throws Exception {
- TreePermission tp = createPermissionProvider().getTreePermission(root.getTree(TEST_PATH), TreePermission.ALL);
+ @Test
+ public void testGetTreePermissionEmptyParent() throws Exception {
+ TreePermission tp = createPermissionProvider().getTreePermission(readOnlyRoot.getTree(TEST_PATH), TreePermission.EMPTY);
+ assertSame(TreePermission.EMPTY, tp);
}
@Test
@@ -377,7 +378,7 @@ public abstract class AbstractCompositeP
PropertyState ps = PropertyStates.createProperty("propName", "val");
for (String path : TP_PATHS) {
- Tree t = root.getTree(path);
+ Tree t = readOnlyRoot.getTree(path);
TreePermission tp = pp.getTreePermission(t, parentPermission);
assertFalse(tp.isGranted(Permissions.ALL));
@@ -395,7 +396,7 @@ public abstract class AbstractCompositeP
PropertyState ps = PropertyStates.createProperty("propName", "val");
for (String path : TP_PATHS) {
- Tree t = root.getTree(path);
+ Tree t = readOnlyRoot.getTree(path);
TreePermission tp = pp.getTreePermission(t, parentPermission);
assertFalse(tp.isGranted(Permissions.NO_PERMISSION));
@@ -413,7 +414,7 @@ public abstract class AbstractCompositeP
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
- TreePermission tp = pp.getTreePermission(root.getTree(path), parentPermission);
+ TreePermission tp = pp.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
assertFalse(tp.canReadAll());
parentPermission = tp;
@@ -426,7 +427,7 @@ public abstract class AbstractCompositeP
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
- TreePermission tp = pp.getTreePermission(root.getTree(path), parentPermission);
+ TreePermission tp = pp.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
assertFalse(tp.canReadProperties());
parentPermission = tp;
@@ -434,16 +435,29 @@ public abstract class AbstractCompositeP
}
@Test
+ public void testGetTreePermissionInstance() throws Exception {
+ PermissionProvider pp = createPermissionProvider();
+ TreePermission parentPermission = TreePermission.EMPTY;
+
+ for (String path : TP_PATHS) {
+ TreePermission tp = pp.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
+ assertTrue(tp instanceof CompositeTreePermission);
+ parentPermission = tp;
+ }
+ }
+
+ @Test
public void testTreePermissionGetChild() throws Exception {
List<String> childNames = ImmutableList.of("test", "a", "b", "c", "nonexisting");
- NodeState ns = ((ImmutableTree) RootFactory.createReadOnlyRoot(root).getTree(ROOT_PATH)).getNodeState();
- TreePermission tp = createPermissionProvider().getTreePermission(root.getTree(ROOT_PATH), TreePermission.EMPTY);
+ Tree rootTree = readOnlyRoot.getTree(ROOT_PATH);
+ NodeState ns = ((ImmutableTree) rootTree).getNodeState();
+ TreePermission tp = createPermissionProvider().getTreePermission(rootTree, TreePermission.EMPTY);
for (String cName : childNames) {
ns = ns.getChildNode(cName);
tp = tp.getChildPermission(cName, ns);
- assertTrue(tp.getClass().getName().endsWith("CompositeTreePermission"));
+ assertTrue(tp instanceof CompositeTreePermission);
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderAllTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderAllTest.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderAllTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderAllTest.java Thu Oct 29 17:59:53 2015
@@ -111,7 +111,7 @@ public class CompositeProviderAllTest ex
public void testIsGranted() throws Exception {
for (String p : defPermissions.keySet()) {
long expected = defPermissions.get(p);
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertTrue(p, cpp.isGranted(tree, null, expected));
}
@@ -121,7 +121,7 @@ public class CompositeProviderAllTest ex
public void testIsGrantedProperty() throws Exception {
for (String p : defPermissions.keySet()) {
long expected = defPermissions.get(p);
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertTrue(p, cpp.isGranted(tree, PROPERTY_STATE, expected));
}
@@ -179,7 +179,7 @@ public class CompositeProviderAllTest ex
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
- TreePermission tp = cpp.getTreePermission(root.getTree(path), parentPermission);
+ TreePermission tp = cpp.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
Long toTest = (defPermissions.containsKey(path)) ? defPermissions.get(path) : defPermissions.get(PathUtils.getAncestorPath(path, 1));
if (toTest != null) {
assertTrue(tp.isGranted(toTest, PROPERTY_STATE));
@@ -200,9 +200,8 @@ public class CompositeProviderAllTest ex
build();
TreePermission parentPermission = TreePermission.EMPTY;
- TreePermission parentPermission2 = TreePermission.EMPTY;
for (String nodePath : readMap.keySet()) {
- Tree tree = root.getTree(nodePath);
+ Tree tree = readOnlyRoot.getTree(nodePath);
TreePermission tp = cpp.getTreePermission(tree, parentPermission);
boolean expectedResult = readMap.get(nodePath);
@@ -224,9 +223,8 @@ public class CompositeProviderAllTest ex
build();
TreePermission parentPermission = TreePermission.EMPTY;
- TreePermission parentPermission2 = TreePermission.EMPTY;
for (String nodePath : readMap.keySet()) {
- Tree tree = root.getTree(nodePath);
+ Tree tree = readOnlyRoot.getTree(nodePath);
TreePermission tp = cpp.getTreePermission(tree, parentPermission);
@@ -315,5 +313,5 @@ public class CompositeProviderAllTest ex
public boolean isGranted(@Nonnull String oakPath, @Nonnull String jcrActions) {
return BASE.isGranted(oakPath, jcrActions);
}
- };
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderCoverageTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderCoverageTest.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderCoverageTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderCoverageTest.java Thu Oct 29 17:59:53 2015
@@ -31,12 +31,16 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
+import org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
+import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
@@ -77,10 +81,38 @@ public class CompositeProviderCoverageTe
return ImmutableList.of(getTestPermissionProvider());
}
+ @Override
+ @Test
+ public void testGetTreePermissionInstance() throws Exception {
+ PermissionProvider pp = createPermissionProvider(EveryonePrincipal.getInstance());
+ TreePermission parentPermission = TreePermission.EMPTY;
+
+ for (String path : TP_PATHS) {
+ TreePermission tp = pp.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
+ assertTrue(tp instanceof LimitedTreePermission);
+ parentPermission = tp;
+ }
+ }
+
+ @Test
+ public void testTreePermissionGetChild() throws Exception {
+ List<String> childNames = ImmutableList.of("test", "a", "b", "c", "nonexisting");
+
+ Tree rootTree = readOnlyRoot.getTree(ROOT_PATH);
+ NodeState ns = ((ImmutableTree) rootTree).getNodeState();
+ TreePermission tp = createPermissionProvider().getTreePermission(rootTree, TreePermission.EMPTY);
+
+ for (String cName : childNames) {
+ ns = ns.getChildNode(cName);
+ tp = tp.getChildPermission(cName, ns);
+ assertTrue(tp instanceof LimitedTreePermission);
+ }
+ }
+
@Test
public void testGetPrivileges() throws Exception {
for (String p : NODE_PATHS) {
- assertEquals(ImmutableSet.of(REP_READ_NODES), cpp.getPrivileges(root.getTree(p)));
+ assertEquals(ImmutableSet.of(REP_READ_NODES), cpp.getPrivileges(readOnlyRoot.getTree(p)));
}
}
@@ -92,7 +124,7 @@ public class CompositeProviderCoverageTe
@Test
public void testHasPrivileges() throws Exception {
for (String p : NODE_PATHS) {
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertTrue(cpp.hasPrivileges(tree, REP_READ_NODES));
assertFalse(cpp.hasPrivileges(tree, JCR_READ));
@@ -112,7 +144,7 @@ public class CompositeProviderCoverageTe
@Test
public void testIsGranted() throws Exception {
for (String p : NODE_PATHS) {
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertTrue(cpp.isGranted(tree, null, Permissions.READ_NODE));
assertFalse(cpp.isGranted(tree, null, Permissions.LOCK_MANAGEMENT));
@@ -124,7 +156,7 @@ public class CompositeProviderCoverageTe
@Test
public void testIsGrantedProperty() throws Exception {
for (String p : NODE_PATHS) {
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertTrue(cpp.isGranted(tree, PROPERTY_STATE, Permissions.READ_NODE));
assertFalse(cpp.isGranted(tree, PROPERTY_STATE, Permissions.READ_PROPERTY));
@@ -166,7 +198,7 @@ public class CompositeProviderCoverageTe
public void testTreePermissionIsGranted() throws Exception {
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
- TreePermission tp = cpp.getTreePermission(root.getTree(path), parentPermission);
+ TreePermission tp = cpp.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
assertTrue(tp.isGranted(Permissions.READ_NODE));
assertFalse(tp.isGranted(Permissions.REMOVE_NODE));
@@ -182,7 +214,7 @@ public class CompositeProviderCoverageTe
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
- TreePermission tp = cpp.getTreePermission(root.getTree(path), parentPermission);
+ TreePermission tp = cpp.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
assertFalse(tp.isGranted(Permissions.READ_PROPERTY, PROPERTY_STATE));
assertFalse(tp.isGranted(Permissions.REMOVE_PROPERTY, PROPERTY_STATE));
@@ -198,7 +230,7 @@ public class CompositeProviderCoverageTe
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
- Tree t = root.getTree(path);
+ Tree t = readOnlyRoot.getTree(path);
TreePermission tp = cpp.getTreePermission(t, parentPermission);
assertTrue(tp.canRead());
@@ -212,7 +244,7 @@ public class CompositeProviderCoverageTe
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
- Tree t = root.getTree(path);
+ Tree t = readOnlyRoot.getTree(path);
TreePermission tp = cpp.getTreePermission(t, parentPermission);
assertFalse(tp.canRead(PROPERTY_STATE));
@@ -256,7 +288,7 @@ public class CompositeProviderCoverageTe
@Override
public boolean isGranted(@Nonnull TreeLocation location, long permissions) {
- return true;
+ return permissions == Permissions.READ_NODE;
}
@Override
@@ -277,18 +309,23 @@ public class CompositeProviderCoverageTe
@Nonnull
@Override
public RepositoryPermission getRepositoryPermission() {
- return RepositoryPermission.ALL;
+ return new RepositoryPermission() {
+ @Override
+ public boolean isGranted(long repositoryPermissions) {
+ return Permissions.NAMESPACE_MANAGEMENT == repositoryPermissions;
+ }
+ };
}
@Nonnull
@Override
public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreePermission parentPermission) {
- return TreePermission.ALL;
+ return new LimitedTreePermission();
}
@Override
public boolean isGranted(@Nonnull Tree tree, @Nullable PropertyState property, long permissions) {
- return true;
+ return permissions == Permissions.READ_NODE;
}
@Override
@@ -296,4 +333,42 @@ public class CompositeProviderCoverageTe
return true;
}
}
+
+ private static final class LimitedTreePermission implements TreePermission {
+ @Nonnull
+ @Override
+ public TreePermission getChildPermission(@Nonnull String childName, @Nonnull NodeState childState) {
+ return this;
+ }
+
+ @Override
+ public boolean canRead() {
+ return true;
+ }
+
+ @Override
+ public boolean canRead(@Nonnull PropertyState property) {
+ return false;
+ }
+
+ @Override
+ public boolean canReadAll() {
+ return false;
+ }
+
+ @Override
+ public boolean canReadProperties() {
+ return false;
+ }
+
+ @Override
+ public boolean isGranted(long permissions) {
+ return Permissions.READ_NODE == permissions;
+ }
+
+ @Override
+ public boolean isGranted(long permissions, @Nonnull PropertyState property) {
+ return false;
+ }
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderEmptyTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderEmptyTest.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderEmptyTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderEmptyTest.java Thu Oct 29 17:59:53 2015
@@ -72,7 +72,7 @@ public class CompositeProviderEmptyTest
@Test
public void testGetPrivileges() throws Exception {
for (String p : NODE_PATHS) {
- assertTrue(cpp.getPrivileges(root.getTree(p)).isEmpty());
+ assertTrue(cpp.getPrivileges(readOnlyRoot.getTree(p)).isEmpty());
}
}
@@ -84,7 +84,7 @@ public class CompositeProviderEmptyTest
@Test
public void testHasPrivileges() throws Exception {
for (String p : NODE_PATHS) {
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertFalse(cpp.hasPrivileges(tree, JCR_READ));
assertFalse(cpp.hasPrivileges(tree, JCR_WRITE));
@@ -101,7 +101,7 @@ public class CompositeProviderEmptyTest
@Test
public void testIsGranted() throws Exception {
for (String p : NODE_PATHS) {
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertFalse(cpp.isGranted(tree, null, Permissions.READ_NODE));
assertFalse(cpp.isGranted(tree, null, Permissions.READ_NODE | Permissions.MODIFY_CHILD_NODE_COLLECTION));
@@ -112,7 +112,7 @@ public class CompositeProviderEmptyTest
@Test
public void testIsGrantedProperty() throws Exception {
for (String p : NODE_PATHS) {
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertFalse(cpp.isGranted(tree, PROPERTY_STATE, Permissions.READ_PROPERTY));
assertFalse(cpp.isGranted(tree, PROPERTY_STATE, Permissions.MODIFY_PROPERTY));
@@ -149,7 +149,7 @@ public class CompositeProviderEmptyTest
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
- TreePermission tp = cpp.getTreePermission(root.getTree(path), parentPermission);
+ TreePermission tp = cpp.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
assertFalse(tp.isGranted(Permissions.READ_NODE));
assertFalse(tp.isGranted(Permissions.REMOVE_NODE));
@@ -165,7 +165,7 @@ public class CompositeProviderEmptyTest
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
- TreePermission tp = cpp.getTreePermission(root.getTree(path), parentPermission);
+ TreePermission tp = cpp.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
assertFalse(tp.isGranted(Permissions.READ_PROPERTY, PROPERTY_STATE));
assertFalse(tp.isGranted(Permissions.REMOVE_PROPERTY, PROPERTY_STATE));
@@ -179,7 +179,7 @@ public class CompositeProviderEmptyTest
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
- Tree t = root.getTree(path);
+ Tree t = readOnlyRoot.getTree(path);
TreePermission tp = cpp.getTreePermission(t, parentPermission);
assertFalse(tp.canRead());
@@ -192,7 +192,7 @@ public class CompositeProviderEmptyTest
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
- Tree t = root.getTree(path);
+ Tree t = readOnlyRoot.getTree(path);
TreePermission tp = cpp.getTreePermission(t, parentPermission);
assertFalse(tp.canRead(PROPERTY_STATE));
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderFullScopeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderFullScopeTest.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderFullScopeTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderFullScopeTest.java Thu Oct 29 17:59:53 2015
@@ -69,18 +69,18 @@ public class CompositeProviderFullScopeT
@Override
protected AggregatedPermissionProvider getTestPermissionProvider() {
- return new FullScopeProvider(root);
+ return new FullScopeProvider(readOnlyRoot);
}
@Test
public void testGetPrivileges() throws Exception {
- PrivilegeBitsProvider pbp = new PrivilegeBitsProvider(root);
+ PrivilegeBitsProvider pbp = new PrivilegeBitsProvider(readOnlyRoot);
PrivilegeBits readNodes = pbp.getBits(REP_READ_NODES);
Set<String> expected = ImmutableSet.of(REP_READ_NODES);
for (String path : defPrivileges.keySet()) {
Set<String> defaultPrivs = defPrivileges.get(path);
- Tree tree = root.getTree(path);
+ Tree tree = readOnlyRoot.getTree(path);
Set<String> privNames = cppTestUser.getPrivileges(tree);
if (pbp.getBits(defaultPrivs).includes(readNodes)) {
@@ -93,11 +93,10 @@ public class CompositeProviderFullScopeT
@Test
public void testGetPrivilegesAdmin() throws Exception {
- PrivilegeBitsProvider pbp = new PrivilegeBitsProvider(root);
Set<String> expected = ImmutableSet.of(REP_READ_NODES);
for (String path : NODE_PATHS) {
- Tree tree = root.getTree(path);
+ Tree tree = readOnlyRoot.getTree(path);
assertEquals(expected, cppAdminUser.getPrivileges(tree));
}
}
@@ -116,13 +115,13 @@ public class CompositeProviderFullScopeT
@Test
public void testHasPrivileges() throws Exception {
- PrivilegeBitsProvider pbp = new PrivilegeBitsProvider(root);
+ PrivilegeBitsProvider pbp = new PrivilegeBitsProvider(readOnlyRoot);
PrivilegeBits readNodes = pbp.getBits(REP_READ_NODES);
for (String path : defPrivileges.keySet()) {
Set<String> defaultPrivs = defPrivileges.get(path);
PrivilegeBits defaultBits = pbp.getBits(defaultPrivs);
- Tree tree = root.getTree(path);
+ Tree tree = readOnlyRoot.getTree(path);
if (defaultPrivs.isEmpty()) {
assertFalse(path, cppTestUser.hasPrivileges(tree, REP_READ_NODES));
@@ -141,7 +140,7 @@ public class CompositeProviderFullScopeT
@Test
public void testHasPrivilegesAdmin() throws Exception {
for (String path : NODE_PATHS) {
- Tree tree = root.getTree(path);
+ Tree tree = readOnlyRoot.getTree(path);
assertTrue(cppAdminUser.hasPrivileges(tree, REP_READ_NODES));
@@ -178,7 +177,7 @@ public class CompositeProviderFullScopeT
public void testIsGranted() throws Exception {
for (String p : defPermissions.keySet()) {
long defaultPerms = defPermissions.get(p);
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
if (Permissions.READ_NODE != defaultPerms) {
assertFalse(p, cppTestUser.isGranted(tree, null, defaultPerms));
@@ -192,7 +191,7 @@ public class CompositeProviderFullScopeT
@Test
public void testIsGrantedAdmin() throws Exception {
for (String p : NODE_PATHS) {
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertTrue(p, cppAdminUser.isGranted(tree, null, Permissions.READ_NODE));
@@ -205,7 +204,7 @@ public class CompositeProviderFullScopeT
@Test
public void testIsGrantedProperty() throws Exception {
for (String p : NODE_PATHS) {
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertFalse(p, cppTestUser.isGranted(tree, PROPERTY_STATE, Permissions.READ_PROPERTY));
assertFalse(p, cppTestUser.isGranted(tree, PROPERTY_STATE, Permissions.SET_PROPERTY));
@@ -215,7 +214,7 @@ public class CompositeProviderFullScopeT
@Test
public void testIsGrantedPropertyAdmin() throws Exception {
for (String p : NODE_PATHS) {
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertFalse(p, cppAdminUser.isGranted(tree, PROPERTY_STATE, Permissions.READ_PROPERTY));
assertFalse(p, cppAdminUser.isGranted(tree, PROPERTY_STATE, Permissions.SET_PROPERTY));
@@ -229,7 +228,7 @@ public class CompositeProviderFullScopeT
String[] actions = defActionsGranted.get(p);
if (ImmutableList.copyOf(actions).contains(Session.ACTION_READ)) {
- TreeLocation tl = TreeLocation.create(root, p);
+ TreeLocation tl = TreeLocation.create(readOnlyRoot, p);
assertEquals(p, tl.getTree() != null, cppTestUser.isGranted(p, Session.ACTION_READ));
} else {
assertFalse(p, cppTestUser.isGranted(p, Session.ACTION_READ));
@@ -261,7 +260,7 @@ public class CompositeProviderFullScopeT
@Test
public void testIsGrantedActionAdmin() throws Exception {
for (String p : defActionsGranted.keySet()) {
- boolean expectedRead = root.getTree(p).exists();
+ boolean expectedRead = readOnlyRoot.getTree(p).exists();
assertEquals(p, expectedRead, cppAdminUser.isGranted(p, Session.ACTION_READ));
assertFalse(p, cppAdminUser.isGranted(p, getActionString(ALL_ACTIONS)));
}
@@ -294,7 +293,7 @@ public class CompositeProviderFullScopeT
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
- TreePermission tp = cppTestUser.getTreePermission(root.getTree(path), parentPermission);
+ TreePermission tp = cppTestUser.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
Long toTest = (defPermissions.containsKey(path)) ? defPermissions.get(path) : defPermissions.get(PathUtils.getAncestorPath(path, 1));
if (toTest != null) {
if (Permissions.READ_NODE == toTest) {
@@ -314,7 +313,7 @@ public class CompositeProviderFullScopeT
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
- TreePermission tp = cppTestUser.getTreePermission(root.getTree(path), parentPermission);
+ TreePermission tp = cppTestUser.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
Long toTest = (defPermissions.containsKey(path)) ? defPermissions.get(path) : defPermissions.get(PathUtils.getAncestorPath(path, 1));
if (toTest != null) {
boolean granted = (toTest == Permissions.READ_NODE);
@@ -338,7 +337,7 @@ public class CompositeProviderFullScopeT
TreePermission parentPermission = TreePermission.EMPTY;
for (String nodePath : readMap.keySet()) {
- Tree tree = root.getTree(nodePath);
+ Tree tree = readOnlyRoot.getTree(nodePath);
TreePermission tp = cppTestUser.getTreePermission(tree, parentPermission);
boolean expectedResult = readMap.get(nodePath);
@@ -352,7 +351,7 @@ public class CompositeProviderFullScopeT
public void testTreePermissionCanReadProperty() throws Exception {
TreePermission parentPermission = TreePermission.EMPTY;
for (String nodePath : TP_PATHS) {
- Tree tree = root.getTree(nodePath);
+ Tree tree = readOnlyRoot.getTree(nodePath);
TreePermission tp = cppTestUser.getTreePermission(tree, parentPermission);
assertFalse(nodePath, tp.canRead(PROPERTY_STATE));
@@ -366,7 +365,7 @@ public class CompositeProviderFullScopeT
TreePermission parentPermission = TreePermission.EMPTY;
for (String nodePath : TP_PATHS) {
- Tree tree = root.getTree(nodePath);
+ Tree tree = readOnlyRoot.getTree(nodePath);
TreePermission tp = cppAdminUser.getTreePermission(tree, parentPermission);
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderNoScopeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderNoScopeTest.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderNoScopeTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderNoScopeTest.java Thu Oct 29 17:59:53 2015
@@ -30,7 +30,6 @@ import org.apache.jackrabbit.api.Jackrab
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
-import org.apache.jackrabbit.oak.plugins.tree.RootFactory;
import org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
@@ -91,11 +90,42 @@ public class CompositeProviderNoScopeTes
return new NoScopeProvider();
}
+ @Override
+ @Test
+ public void testGetTreePermissionInstance() throws Exception {
+ PermissionProvider pp = createPermissionProvider();
+ TreePermission parentPermission = TreePermission.EMPTY;
+
+ for (String path : TP_PATHS) {
+ Tree t = readOnlyRoot.getTree(path);
+ TreePermission tp = pp.getTreePermission(t, parentPermission);
+ assertEquals(t.isRoot(), tp instanceof CompositeTreePermission);
+ parentPermission = tp;
+ }
+ }
+
+ @Override
+ @Test
+ public void testTreePermissionGetChild() throws Exception {
+ List<String> childNames = ImmutableList.of("test", "a", "b", "c", "nonexisting");
+
+ Tree rootTree = readOnlyRoot.getTree(ROOT_PATH);
+ NodeState ns = ((ImmutableTree) rootTree).getNodeState();
+ TreePermission tp = createPermissionProvider().getTreePermission(rootTree, TreePermission.EMPTY);
+ assertTrue(tp instanceof CompositeTreePermission);
+
+ for (String cName : childNames) {
+ ns = ns.getChildNode(cName);
+ tp = tp.getChildPermission(cName, ns);
+ assertFalse(tp instanceof CompositeTreePermission);
+ }
+ }
+
@Test
public void testGetPrivileges() throws Exception {
for (String p : defPrivileges.keySet()) {
Set<String> expected = defPrivileges.get(p);
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertEquals(p, expected, cppTestUser.getPrivileges(tree));
assertEquals(p, defTestUser.getPrivileges(tree), cppTestUser.getPrivileges(tree));
@@ -106,7 +136,7 @@ public class CompositeProviderNoScopeTes
public void testGetPrivilegesAdmin() throws Exception {
Set<String> expected = ImmutableSet.of(JCR_ALL);
for (String p : NODE_PATHS) {
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertEquals(p, expected, cppAdminUser.getPrivileges(tree));
assertEquals(p, defAdminUser.getPrivileges(tree), cppAdminUser.getPrivileges(tree));
@@ -134,7 +164,7 @@ public class CompositeProviderNoScopeTes
public void testHasPrivileges() throws Exception {
for (String p : defPrivileges.keySet()) {
Set<String> expected = defPrivileges.get(p);
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
String[] privNames = expected.toArray(new String[expected.size()]);
assertTrue(p, cppTestUser.hasPrivileges(tree, privNames));
@@ -145,7 +175,7 @@ public class CompositeProviderNoScopeTes
@Test
public void testHasPrivilegesAdmin() throws Exception {
for (String p : NODE_PATHS) {
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertTrue(p, cppAdminUser.hasPrivileges(tree, JCR_ALL));
assertTrue(p, defAdminUser.hasPrivileges(tree, JCR_ALL));
@@ -174,7 +204,7 @@ public class CompositeProviderNoScopeTes
public void testIsGranted() throws Exception {
for (String p : defPermissions.keySet()) {
long expected = defPermissions.get(p);
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertTrue(p, cppTestUser.isGranted(tree, null, expected));
assertTrue(p, defTestUser.isGranted(tree, null, expected));
@@ -184,7 +214,7 @@ public class CompositeProviderNoScopeTes
@Test
public void testIsGrantedAdmin() throws Exception {
for (String p : defPermissions.keySet()) {
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertTrue(p, cppAdminUser.isGranted(tree, null, Permissions.ALL));
assertTrue(p, defAdminUser.isGranted(tree, null, Permissions.ALL));
@@ -195,7 +225,7 @@ public class CompositeProviderNoScopeTes
public void testIsGrantedProperty() throws Exception {
for (String p : defPermissions.keySet()) {
long expected = defPermissions.get(p);
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertTrue(p, cppTestUser.isGranted(tree, PROPERTY_STATE, expected));
assertTrue(p, defTestUser.isGranted(tree, PROPERTY_STATE, expected));
@@ -205,7 +235,7 @@ public class CompositeProviderNoScopeTes
@Test
public void testIsGrantedPropertyAdmin() throws Exception {
for (String p : defPermissions.keySet()) {
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
assertTrue(p, cppAdminUser.isGranted(tree, PROPERTY_STATE, Permissions.ALL));
assertTrue(p, defAdminUser.isGranted(tree, PROPERTY_STATE, Permissions.ALL));
@@ -270,7 +300,7 @@ public class CompositeProviderNoScopeTes
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
- TreePermission tp = cppTestUser.getTreePermission(root.getTree(path), parentPermission);
+ TreePermission tp = cppTestUser.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
Long toTest = (defPermissions.containsKey(path)) ? defPermissions.get(path) : defPermissions.get(PathUtils.getAncestorPath(path, 1));
if (toTest != null) {
assertTrue(tp.isGranted(toTest));
@@ -284,7 +314,7 @@ public class CompositeProviderNoScopeTes
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
- TreePermission tp = cppTestUser.getTreePermission(root.getTree(path), parentPermission);
+ TreePermission tp = cppTestUser.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
Long toTest = (defPermissions.containsKey(path)) ? defPermissions.get(path) : defPermissions.get(PathUtils.getAncestorPath(path, 1));
if (toTest != null) {
assertTrue(tp.isGranted(toTest, PROPERTY_STATE));
@@ -307,7 +337,7 @@ public class CompositeProviderNoScopeTes
TreePermission parentPermission = TreePermission.EMPTY;
TreePermission parentPermission2 = TreePermission.EMPTY;
for (String nodePath : readMap.keySet()) {
- Tree tree = root.getTree(nodePath);
+ Tree tree = readOnlyRoot.getTree(nodePath);
TreePermission tp = cppTestUser.getTreePermission(tree, parentPermission);
TreePermission tp2 = defTestUser.getTreePermission(tree, parentPermission2);
@@ -334,7 +364,7 @@ public class CompositeProviderNoScopeTes
TreePermission parentPermission = TreePermission.EMPTY;
TreePermission parentPermission2 = TreePermission.EMPTY;
for (String nodePath : readMap.keySet()) {
- Tree tree = root.getTree(nodePath);
+ Tree tree = readOnlyRoot.getTree(nodePath);
TreePermission tp = cppTestUser.getTreePermission(tree, parentPermission);
TreePermission tp2 = defTestUser.getTreePermission(tree, parentPermission2);
@@ -354,7 +384,7 @@ public class CompositeProviderNoScopeTes
TreePermission parentPermission2 = TreePermission.EMPTY;
for (String nodePath : TP_PATHS) {
- Tree tree = root.getTree(nodePath);
+ Tree tree = readOnlyRoot.getTree(nodePath);
TreePermission tp = cppAdminUser.getTreePermission(tree, parentPermission);
TreePermission tp2 = defAdminUser.getTreePermission(tree, parentPermission2);
@@ -371,21 +401,22 @@ public class CompositeProviderNoScopeTes
}
@Test
- public void testTreePermissionMapSize() throws Exception {
- Field mapField = CompositeTreePermission.class.getDeclaredField("map");
- mapField.setAccessible(true);
+ public void testTreePermissionSize() throws Exception {
+ Field tpField = CompositeTreePermission.class.getDeclaredField("treePermissions");
+ tpField.setAccessible(true);
- NodeState ns = ((ImmutableTree) RootFactory.createReadOnlyRoot(root).getTree(ROOT_PATH)).getNodeState();
- TreePermission tp = cppTestUser.getTreePermission(root.getTree(ROOT_PATH), TreePermission.EMPTY);
- assertEquals(2, ((Map<AggregatedPermissionProvider, TreePermission>) mapField.get(tp)).size());
+ Tree rootTree = readOnlyRoot.getTree(ROOT_PATH);
+ NodeState ns = ((ImmutableTree) rootTree).getNodeState();
+ TreePermission tp = cppTestUser.getTreePermission(rootTree, TreePermission.EMPTY);
+ assertEquals(2, ((TreePermission[]) tpField.get(tp)).length);
List<String> childNames = ImmutableList.of("test", "a", "b", "c", "nonexisting");
for (String cName : childNames) {
ns = ns.getChildNode(cName);
tp = tp.getChildPermission(cName, ns);
- assertEquals(1, ((Map<AggregatedPermissionProvider, TreePermission>) mapField.get(tp)).size());
+ assertFalse(tp instanceof CompositeTreePermission);
}
}
}
\ No newline at end of file