You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/10/04 13:08:50 UTC
svn commit: r1393986 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/core/
oak-core/src/main/java/org/apache/jackrabbit/oak/security/
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/
oak-core/src/ma...
Author: angela
Date: Thu Oct 4 11:08:49 2012
New Revision: 1393986
URL: http://svn.apache.org/viewvc?rev=1393986&view=rev
Log:
OAK-91 - Implement Authentication Support (WIP)
OAK-90 - Principal Management (WIP)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalManagerImpl.java
- copied, changed from r1393939, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java
- copied, changed from r1393939, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/GuestLoginModule.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/RepositoryCallback.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java
Removed:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/GuestLoginModule.java
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerImpl.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/JaasLoginContext.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginContextProvider.java
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java Thu Oct 4 11:08:49 2012
@@ -40,6 +40,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.OakLoginContext;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.oak.spi.state.NodeStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -60,7 +61,7 @@ public class ContentRepositoryImpl imple
private final SecurityProvider securityProvider;
private final QueryIndexProvider indexProvider;
- private final KernelNodeStore nodeStore;
+ private final NodeStore nodeStore;
/**
* Utility constructor that creates a new in-memory repository with default
@@ -96,13 +97,12 @@ public class ContentRepositoryImpl imple
null);
}
- public ContentRepositoryImpl(
- MicroKernel microKernel, ValidatorProvider validatorProvider) {
+ public ContentRepositoryImpl(MicroKernel microKernel, ValidatorProvider validatorProvider) {
this(microKernel, null, validatorProvider);
}
/**
- * Creates an Oak repository instance based on the given, already
+ * Creates an content repository instance based on the given, already
* initialized components.
*
* @param microKernel underlying kernel instance
@@ -115,12 +115,23 @@ public class ContentRepositoryImpl imple
QueryIndexProvider indexProvider,
CommitHook commitHook,
SecurityProvider securityProvider) {
+ this(createNodeStore(microKernel, commitHook), indexProvider, securityProvider);
+ }
- nodeStore = new KernelNodeStore(microKernel);
- nodeStore.setHook(commitHook);
-
- this.indexProvider = indexProvider != null ? indexProvider
- : new CompositeQueryIndexProvider();
+ /**
+ * Creates an content repository instance based on the given, already
+ * initialized components.
+ *
+ * @param nodeStore the node store this repository is based upon.
+ * @param indexProvider index provider
+ * @param securityProvider The configured security provider or {@code null} if
+ * default implementations should be used.
+ */
+ public ContentRepositoryImpl(NodeStore nodeStore,
+ QueryIndexProvider indexProvider,
+ SecurityProvider securityProvider) {
+ this.nodeStore = nodeStore;
+ this.indexProvider = indexProvider != null ? indexProvider : new CompositeQueryIndexProvider();
// TODO: in order not to having failing tests we use SecurityProviderImpl as default
// - review if passing a security provider should be mandatory
@@ -141,7 +152,7 @@ public class ContentRepositoryImpl imple
throw new NoSuchWorkspaceException(workspaceName);
}
- LoginContextProvider lcProvider = securityProvider.getLoginContextProvider();
+ LoginContextProvider lcProvider = securityProvider.getLoginContextProvider(nodeStore);
OakLoginContext loginContext = lcProvider.getLoginContext(credentials, workspaceName);
loginContext.login();
@@ -149,4 +160,11 @@ public class ContentRepositoryImpl imple
return new ContentSessionImpl(loginContext, acProvider, workspaceName,
nodeStore, DEFAULT_CONFLICT_HANDLER_PROVIDER, indexProvider);
}
+
+ //--------------------------------------------------------------------------
+ private static NodeStore createNodeStore(MicroKernel microKernel, CommitHook commitHook) {
+ KernelNodeStore nodeStore = new KernelNodeStore(microKernel);
+ nodeStore.setHook(commitHook);
+ return nodeStore;
+ }
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java Thu Oct 4 11:08:49 2012
@@ -17,20 +17,40 @@
package org.apache.jackrabbit.oak.security;
import javax.annotation.Nonnull;
+import javax.jcr.Session;
+import javax.security.auth.login.Configuration;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.security.authentication.ConfigurationImpl;
import org.apache.jackrabbit.oak.security.authentication.LoginContextProviderImpl;
import org.apache.jackrabbit.oak.security.authorization.AccessControlProviderImpl;
+import org.apache.jackrabbit.oak.security.principal.PrincipalManagerImpl;
+import org.apache.jackrabbit.oak.security.principal.PrincipalProviderImpl;
import org.apache.jackrabbit.oak.security.user.UserContextImpl;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.OpenPrincipalProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
+import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
import org.apache.jackrabbit.oak.spi.security.user.UserContext;
+import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
+import org.apache.jackrabbit.oak.spi.state.NodeStore;
public class SecurityProviderImpl implements SecurityProvider {
+
@Nonnull
@Override
- public LoginContextProvider getLoginContextProvider() {
- return new LoginContextProviderImpl();
+ public LoginContextProvider getLoginContextProvider(NodeStore nodeStore) {
+ // TODO: use configurable authentication config
+ Configuration configuration = new ConfigurationImpl();
+ // TODO: use getPrincipalProvider instead
+ PrincipalProvider principalProvider = new OpenPrincipalProvider();
+ return new LoginContextProviderImpl(configuration, nodeStore, principalProvider);
}
@Nonnull
@@ -44,4 +64,26 @@ public class SecurityProviderImpl implem
public UserContext getUserContext() {
return new UserContextImpl();
}
+
+ @Nonnull
+ @Override
+ public PrincipalConfiguration getPrincipalConfiguration() {
+ return new PrincipalConfiguration() {
+ @Nonnull
+ @Override
+ public PrincipalManager getPrincipalManager(Session session, ContentSession contentSession, Root root, NamePathMapper namePathMapper) {
+ PrincipalProvider principalProvider = getPrincipalProvider(contentSession, root, namePathMapper);
+ return new PrincipalManagerImpl(principalProvider);
+ }
+
+ @Nonnull
+ @Override
+ public PrincipalProvider getPrincipalProvider(ContentSession contentSession, Root root, NamePathMapper namePathMapper) {
+ UserContext userContext = getUserContext();
+ UserProvider userProvider = userContext.getUserProvider(contentSession, root);
+ MembershipProvider msProvider = userContext.getMembershipProvider(contentSession, root);
+ return new PrincipalProviderImpl(userProvider, msProvider, namePathMapper);
+ }
+ };
+ }
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/CallbackHandlerImpl.java Thu Oct 4 11:08:49 2012
@@ -16,12 +16,7 @@
*/
package org.apache.jackrabbit.oak.security.authentication;
-import org.apache.jackrabbit.oak.spi.security.authentication.CredentialsCallback;
-import org.apache.jackrabbit.oak.spi.security.authentication.PrincipalProviderCallback;
-import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
+import java.io.IOException;
import javax.jcr.Credentials;
import javax.jcr.SimpleCredentials;
import javax.security.auth.callback.Callback;
@@ -29,7 +24,14 @@ import javax.security.auth.callback.Call
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
-import java.io.IOException;
+
+import org.apache.jackrabbit.oak.spi.security.authentication.CredentialsCallback;
+import org.apache.jackrabbit.oak.spi.security.authentication.RepositoryCallback;
+import org.apache.jackrabbit.oak.spi.security.authentication.PrincipalProviderCallback;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
+import org.apache.jackrabbit.oak.spi.state.NodeStore;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* Default implementation of the {@link CallbackHandler} interface. It currently
@@ -50,10 +52,15 @@ public class CallbackHandlerImpl impleme
private static final Logger log = LoggerFactory.getLogger(CallbackHandlerImpl.class);
private final Credentials credentials;
+ private final String workspaceName;
+ private final NodeStore nodeStore;
private final PrincipalProvider principalProvider;
- public CallbackHandlerImpl(Credentials credentials, PrincipalProvider principalProvider) {
+ public CallbackHandlerImpl(Credentials credentials, String workspaceName,
+ NodeStore nodeStore, PrincipalProvider principalProvider) {
this.credentials = credentials;
+ this.workspaceName = workspaceName;
+ this.nodeStore = nodeStore;
this.principalProvider = principalProvider;
}
@@ -69,6 +76,10 @@ public class CallbackHandlerImpl impleme
((PasswordCallback) callback).setPassword(getPassword());
} else if (callback instanceof PrincipalProviderCallback) {
((PrincipalProviderCallback) callback).setPrincipalProvider(principalProvider);
+ } else if (callback instanceof RepositoryCallback) {
+ RepositoryCallback repositoryCallback = (RepositoryCallback) callback;
+ repositoryCallback.setNodeStore(nodeStore);
+ repositoryCallback.setWorkspaceName(workspaceName);
} else {
throw new UnsupportedCallbackException(callback);
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java Thu Oct 4 11:08:49 2012
@@ -27,8 +27,8 @@ import javax.security.auth.login.LoginEx
import org.apache.jackrabbit.oak.spi.security.authentication.JaasLoginContext;
import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.OakLoginContext;
-import org.apache.jackrabbit.oak.spi.security.principal.OpenPrincipalProvider;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
+import org.apache.jackrabbit.oak.spi.state.NodeStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -41,30 +41,33 @@ public class LoginContextProviderImpl im
private static final String APP_NAME = "jackrabbit.oak";
- private final Configuration authConfig;
+ private final Configuration configuration;
+ private final NodeStore nodeStore;
private final PrincipalProvider principalProvider;
- public LoginContextProviderImpl() {
- // TODO: use configurable authentication config and principal provider
- authConfig = new ConfigurationImpl();
- principalProvider = new OpenPrincipalProvider();
+ public LoginContextProviderImpl(Configuration configuration,
+ NodeStore nodeStore,
+ PrincipalProvider principalProvider) {
+ this.configuration = configuration;
+ this.nodeStore = nodeStore;
+ this.principalProvider = principalProvider;
}
@Override
@Nonnull
- public OakLoginContext getLoginContext(
- Credentials credentials, String workspaceName)
+ public OakLoginContext getLoginContext(Credentials credentials, String workspaceName)
throws LoginException {
// TODO: add proper implementation
// TODO - authentication against configurable spi-authentication
// TODO - validation of workspace name (including access rights for the given 'user')
Subject subject = getSubject();
- CallbackHandler handler = new CallbackHandlerImpl(credentials, principalProvider);
- return new JaasLoginContext(APP_NAME, subject, handler, authConfig);
+ CallbackHandler handler = new CallbackHandlerImpl(credentials, workspaceName, nodeStore, principalProvider);
+ return new JaasLoginContext(APP_NAME, subject, handler, configuration);
}
//------------------------------------------------------------< private >---
- private Subject getSubject() {
+
+ private static Subject getSubject() {
Subject subject = null;
try {
subject = Subject.getSubject(AccessController.getContext());
Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalManagerImpl.java (from r1393939, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalManagerImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalManagerImpl.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerImpl.java&r1=1393939&r2=1393986&rev=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalManagerImpl.java Thu Oct 4 11:08:49 2012
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.jackrabbit.oak.jcr.security.principal;
+package org.apache.jackrabbit.oak.security.principal;
import java.security.Principal;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java Thu Oct 4 11:08:49 2012
@@ -21,6 +21,7 @@ import java.util.List;
import javax.annotation.Nonnull;
import javax.jcr.Session;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
@@ -30,9 +31,13 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authentication.OpenLoginContextProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.OpenPrincipalProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
import org.apache.jackrabbit.oak.spi.security.user.UserContext;
import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
+import org.apache.jackrabbit.oak.spi.state.NodeStore;
/**
* OpenSecurityProvider... TODO: review if we really have the need for that once TODO in InitialContent is resolved
@@ -41,7 +46,7 @@ public class OpenSecurityProvider implem
@Nonnull
@Override
- public LoginContextProvider getLoginContextProvider() {
+ public LoginContextProvider getLoginContextProvider(NodeStore nodeStore) {
return new OpenLoginContextProvider();
}
@@ -81,4 +86,22 @@ public class OpenSecurityProvider implem
}
};
}
+
+ @Nonnull
+ @Override
+ public PrincipalConfiguration getPrincipalConfiguration() {
+ return new PrincipalConfiguration() {
+ @Nonnull
+ @Override
+ public PrincipalManager getPrincipalManager(Session session, ContentSession contentSession, Root root, NamePathMapper namePathMapper) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Nonnull
+ @Override
+ public PrincipalProvider getPrincipalProvider(ContentSession contentSession, Root root, NamePathMapper namePathMapper) {
+ return new OpenPrincipalProvider();
+ }
+ };
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java Thu Oct 4 11:08:49 2012
@@ -20,7 +20,9 @@ import javax.annotation.Nonnull;
import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserContext;
+import org.apache.jackrabbit.oak.spi.state.NodeStore;
/**
* SecurityProvider... TODO
@@ -28,11 +30,14 @@ import org.apache.jackrabbit.oak.spi.sec
public interface SecurityProvider {
@Nonnull
- LoginContextProvider getLoginContextProvider();
+ LoginContextProvider getLoginContextProvider(NodeStore nodeStore);
@Nonnull
AccessControlProvider getAccessControlProvider();
@Nonnull
UserContext getUserContext(); // TODO review naming consistency
+
+ @Nonnull
+ PrincipalConfiguration getPrincipalConfiguration();
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/CredentialsCallback.java Thu Oct 4 11:08:49 2012
@@ -16,9 +16,10 @@
*/
package org.apache.jackrabbit.oak.spi.security.authentication;
+import java.io.Serializable;
+import javax.annotation.CheckForNull;
import javax.jcr.Credentials;
import javax.security.auth.callback.Callback;
-import java.io.Serializable;
/**
* Callback implementation to retrieve {@code Credentials}.
@@ -33,6 +34,7 @@ public class CredentialsCallback impleme
*
* @return The {@link Credentials} to be used for authentication or {@code null}.
*/
+ @CheckForNull
public Credentials getCredentials() {
return credentials;
}
Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java (from r1393939, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/GuestLoginModule.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/GuestLoginModule.java&r1=1393939&r2=1393986&rev=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/GuestLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/GuestLoginModule.java Thu Oct 4 11:08:49 2012
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.jackrabbit.oak.security.authentication;
+package org.apache.jackrabbit.oak.spi.security.authentication;
import java.io.IOException;
import java.util.Map;
@@ -27,8 +27,6 @@ import javax.security.auth.callback.Unsu
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
-import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
-import org.apache.jackrabbit.oak.spi.security.authentication.CredentialsCallback;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -65,7 +63,7 @@ import org.slf4j.LoggerFactory;
* <pre>
*
* jackrabbit.oak {
- * org.apache.jackrabbit.oak.security.authentication.GuestLoginModule optional;
+ * org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule optional;
* org.apache.jackrabbit.oak.security.authentication.LoginModuleImpl required;
* };
*
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/JaasLoginContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/JaasLoginContext.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/JaasLoginContext.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/JaasLoginContext.java Thu Oct 4 11:08:49 2012
@@ -32,25 +32,21 @@ public class JaasLoginContext extends Lo
super(name);
}
- public JaasLoginContext(String name, Subject subject)
- throws LoginException {
+ public JaasLoginContext(String name, Subject subject) throws LoginException {
super(name, subject);
}
- public JaasLoginContext(String name, CallbackHandler handler)
- throws LoginException {
+ public JaasLoginContext(String name, CallbackHandler handler) throws LoginException {
super(name, handler);
}
- public JaasLoginContext(
- String name, Subject subject, CallbackHandler handler)
+ public JaasLoginContext(String name, Subject subject, CallbackHandler handler)
throws LoginException {
super(name, subject, handler);
}
- public JaasLoginContext(
- String name, Subject subject, CallbackHandler handler,
- Configuration configuration) throws LoginException {
+ public JaasLoginContext(String name, Subject subject, CallbackHandler handler,
+ Configuration configuration) throws LoginException {
super(name, subject, handler, configuration);
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginContextProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginContextProvider.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginContextProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginContextProvider.java Thu Oct 4 11:08:49 2012
@@ -20,26 +20,23 @@ import javax.annotation.Nonnull;
import javax.jcr.Credentials;
import javax.security.auth.Subject;
-import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
-
/**
- * This class provides login contexts that accept any credentials.
+ * This class provides login contexts that accept any credentials and doesn't
+ * validate specified workspace name.
*/
public class OpenLoginContextProvider implements LoginContextProvider {
- @Override @Nonnull
- public OakLoginContext getLoginContext(
- Credentials credentials, String workspaceName) {
- final Subject subject = new Subject();
- if (credentials != null) {
- subject.getPrivateCredentials().add(credentials);
- }
- subject.getPrincipals().add(EveryonePrincipal.getInstance());
- subject.setReadOnly();
-
+ @Override
+ @Nonnull
+ public OakLoginContext getLoginContext(final Credentials credentials, String workspaceName) {
return new OakLoginContext() {
@Override
public Subject getSubject() {
+ Subject subject = new Subject();
+ if (credentials != null) {
+ subject.getPrivateCredentials().add(credentials);
+ }
+ subject.setReadOnly();
return subject;
}
@Override
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/RepositoryCallback.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/RepositoryCallback.java?rev=1393986&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/RepositoryCallback.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/RepositoryCallback.java Thu Oct 4 11:08:49 2012
@@ -0,0 +1,71 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authentication;
+
+import javax.annotation.CheckForNull;
+import javax.jcr.NoSuchWorkspaceException;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.login.LoginException;
+
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.core.ContentRepositoryImpl;
+import org.apache.jackrabbit.oak.spi.state.NodeStore;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * RepositoryCallback... TODO
+ */
+public class RepositoryCallback implements Callback {
+
+ private static final Logger log = LoggerFactory.getLogger(RepositoryCallback.class);
+
+ private NodeStore nodeStore;
+ private String workspaceName;
+
+ @CheckForNull
+ public NodeStore getNodeStore() {
+ return nodeStore;
+ }
+
+ public String getWorkspaceName() {
+ return workspaceName;
+ }
+
+ @CheckForNull
+ public ContentSession getContentSession() {
+ if (nodeStore != null) {
+ try {
+ // TODO rather use Oak or similar setup mechanism
+ return new ContentRepositoryImpl(nodeStore, null, null).login(null, workspaceName);
+ } catch (LoginException e) {
+ log.warn("Internal error ", e.getMessage());
+ } catch (NoSuchWorkspaceException e) {
+ log.warn("Internal error ", e.getMessage());
+ }
+ }
+ return null;
+ }
+
+ public void setNodeStore(NodeStore nodeStore) {
+ this.nodeStore = nodeStore;
+ }
+
+ public void setWorkspaceName(String workspaceName) {
+ this.workspaceName = workspaceName;
+ }
+}
\ No newline at end of file
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java?rev=1393986&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalConfiguration.java Thu Oct 4 11:08:49 2012
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.principal;
+
+import javax.annotation.Nonnull;
+import javax.jcr.Session;
+
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+
+/**
+ * PrincipalConfig... TODO
+ */
+public interface PrincipalConfiguration {
+
+ @Nonnull
+ public PrincipalManager getPrincipalManager(Session session, ContentSession contentSession, Root root, NamePathMapper namePathMapper);
+
+ @Nonnull
+ public PrincipalProvider getPrincipalProvider(ContentSession contentSession, Root root, NamePathMapper namePathMapper);
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java?rev=1393986&r1=1393985&r2=1393986&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java Thu Oct 4 11:08:49 2012
@@ -45,13 +45,10 @@ import org.apache.jackrabbit.oak.api.Tre
import org.apache.jackrabbit.oak.api.TreeLocation;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.jcr.observation.ObservationManagerImpl;
-import org.apache.jackrabbit.oak.jcr.security.principal.PrincipalManagerImpl;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.namepath.NamePathMapperImpl;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
-import org.apache.jackrabbit.oak.spi.security.principal.OpenPrincipalProvider;
-import org.apache.jackrabbit.oak.util.TODO;
import org.apache.jackrabbit.oak.value.ValueFactoryImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -479,8 +476,11 @@ public class SessionDelegate {
@Nonnull
PrincipalManager getPrincipalManager() throws RepositoryException {
- // TODO
- return TODO.unimplemented().returnValue(new PrincipalManagerImpl(new OpenPrincipalProvider()));
+ if (securityProvider != null) {
+ return securityProvider.getPrincipalConfiguration().getPrincipalManager(session, contentSession, root, getNamePathMapper());
+ } else {
+ throw new UnsupportedRepositoryOperationException("Principal management not supported.");
+ }
}
@Nonnull