You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by md...@apache.org on 2014/08/26 14:37:50 UTC
svn commit: r1620585 - in /jackrabbit/oak/trunk/oak-upgrade/src:
main/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgrade.java
test/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgradeTest.java
Author: mduerig
Date: Tue Aug 26 12:37:50 2014
New Revision: 1620585
URL: http://svn.apache.org/r1620585
Log:
OAK-2047: Missing privileges after repository upgrade
Run repository initialisers of the security configurations on upgrade
Modified:
jackrabbit/oak/trunk/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgrade.java
jackrabbit/oak/trunk/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgradeTest.java
Modified: jackrabbit/oak/trunk/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgrade.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgrade.java?rev=1620585&r1=1620584&r2=1620585&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgrade.java (original)
+++ jackrabbit/oak/trunk/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgrade.java Tue Aug 26 12:37:50 2014
@@ -257,6 +257,9 @@ public class RepositoryUpgrade {
initializer.initialize(builder);
}
for (SecurityConfiguration sc : security.getConfigurations()) {
+ sc.getRepositoryInitializer().initialize(builder);
+ }
+ for (SecurityConfiguration sc : security.getConfigurations()) {
sc.getWorkspaceInitializer().initialize(builder, workspaceName);
}
Modified: jackrabbit/oak/trunk/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgradeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgradeTest.java?rev=1620585&r1=1620584&r2=1620585&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgradeTest.java (original)
+++ jackrabbit/oak/trunk/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgradeTest.java Tue Aug 26 12:37:50 2014
@@ -18,6 +18,7 @@
*/
package org.apache.jackrabbit.oak.upgrade;
+import static com.google.common.collect.Sets.newHashSet;
import static junit.framework.Assert.assertEquals;
import static junit.framework.Assert.assertFalse;
import static junit.framework.Assert.assertNotNull;
@@ -28,12 +29,40 @@ import static org.apache.jackrabbit.JcrC
import static org.apache.jackrabbit.JcrConstants.JCR_UUID;
import static org.apache.jackrabbit.JcrConstants.MIX_VERSIONABLE;
import static org.apache.jackrabbit.JcrConstants.NT_UNSTRUCTURED;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_ADD_CHILD_NODES;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_LIFECYCLE_MANAGEMENT;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_LOCK_MANAGEMENT;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_MODIFY_ACCESS_CONTROL;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_MODIFY_PROPERTIES;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_NAMESPACE_MANAGEMENT;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_NODE_TYPE_MANAGEMENT;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_READ;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_READ_ACCESS_CONTROL;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_REMOVE_CHILD_NODES;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_REMOVE_NODE;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_RETENTION_MANAGEMENT;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_VERSION_MANAGEMENT;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_WORKSPACE_MANAGEMENT;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.JCR_WRITE;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_ADD_PROPERTIES;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_ALTER_PROPERTIES;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_INDEX_DEFINITION_MANAGEMENT;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_PRIVILEGE_MANAGEMENT;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_READ_NODES;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_READ_PROPERTIES;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_REMOVE_PROPERTIES;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_USER_MANAGEMENT;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_WRITE;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.math.BigDecimal;
+import java.util.Arrays;
import java.util.Calendar;
+import java.util.Map;
import java.util.Random;
+import java.util.Set;
import javax.jcr.Binary;
import javax.jcr.NamespaceRegistry;
@@ -55,6 +84,7 @@ import javax.jcr.version.Version;
import javax.jcr.version.VersionHistory;
import javax.jcr.version.VersionManager;
+import com.google.common.collect.Maps;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.JackrabbitWorkspace;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
@@ -72,6 +102,7 @@ public class RepositoryUpgradeTest exten
new Random().nextBytes(BINARY);
}
+ @Override
@SuppressWarnings("unchecked")
protected void createSourceContent(Repository repository) throws Exception {
Session session = repository.login(CREDENTIALS);
@@ -180,6 +211,70 @@ public class RepositoryUpgradeTest exten
}
@Test
+ public void verifyPrivileges() throws RepositoryException {
+ Set<String> nonAggregatePrivileges = newHashSet(
+ REP_READ_NODES, REP_READ_PROPERTIES, REP_ADD_PROPERTIES, REP_ALTER_PROPERTIES,
+ REP_REMOVE_PROPERTIES, JCR_ADD_CHILD_NODES, JCR_REMOVE_CHILD_NODES, JCR_REMOVE_NODE,
+ JCR_READ_ACCESS_CONTROL, JCR_MODIFY_ACCESS_CONTROL, JCR_NODE_TYPE_MANAGEMENT,
+ JCR_VERSION_MANAGEMENT, JCR_LOCK_MANAGEMENT, JCR_LIFECYCLE_MANAGEMENT,
+ JCR_RETENTION_MANAGEMENT, JCR_WORKSPACE_MANAGEMENT, JCR_NODE_TYPE_DEFINITION_MANAGEMENT,
+ JCR_NAMESPACE_MANAGEMENT, REP_PRIVILEGE_MANAGEMENT, REP_USER_MANAGEMENT,
+ REP_INDEX_DEFINITION_MANAGEMENT);
+
+ Map<String, String[]> aggregatePrivileges = Maps.newHashMap();
+ aggregatePrivileges.put(JCR_READ,
+ new String[] {REP_READ_NODES, REP_READ_PROPERTIES});
+ aggregatePrivileges.put(JCR_MODIFY_PROPERTIES,
+ new String[] {REP_ADD_PROPERTIES, REP_ALTER_PROPERTIES, REP_REMOVE_PROPERTIES});
+ aggregatePrivileges.put(JCR_WRITE,
+ new String[] {JCR_MODIFY_PROPERTIES, REP_ADD_PROPERTIES, REP_ALTER_PROPERTIES,
+ REP_REMOVE_PROPERTIES, JCR_ADD_CHILD_NODES, JCR_REMOVE_CHILD_NODES,
+ JCR_REMOVE_NODE});
+ aggregatePrivileges.put(REP_WRITE,
+ new String[] {JCR_WRITE, JCR_MODIFY_PROPERTIES, REP_ADD_PROPERTIES,
+ REP_ALTER_PROPERTIES, REP_REMOVE_PROPERTIES, JCR_ADD_CHILD_NODES,
+ JCR_REMOVE_CHILD_NODES, JCR_REMOVE_NODE, JCR_NODE_TYPE_MANAGEMENT});
+
+ JackrabbitSession session = createAdminSession();
+ try {
+ JackrabbitWorkspace workspace = (JackrabbitWorkspace) session.getWorkspace();
+ PrivilegeManager manager = workspace.getPrivilegeManager();
+ Privilege[] privileges = manager.getRegisteredPrivileges();
+
+ for (Privilege privilege : privileges) {
+ if (privilege.isAggregate()) {
+ String[] expected = aggregatePrivileges.remove(privilege.getName());
+ if (expected != null) {
+ String[] actual = getNames(privilege.getAggregatePrivileges());
+ assertTrue("Miss match in aggregate privilege " + privilege.getName() +
+ " expected " + Arrays.toString(expected) +
+ " actual " + Arrays.toString(actual),
+ newHashSet(expected).equals(newHashSet(actual)));
+ }
+ } else {
+ nonAggregatePrivileges.remove(privilege.getName());
+ }
+ }
+
+ assertTrue("Missing non aggregate privileges: " + nonAggregatePrivileges,
+ nonAggregatePrivileges.isEmpty());
+ assertTrue("Missing aggregate privileges: " + aggregatePrivileges.keySet(),
+ aggregatePrivileges.isEmpty());
+ }
+ finally {
+ session.logout();
+ }
+ }
+
+ private static String[] getNames(Privilege[] privileges) {
+ String[] names = new String[privileges.length];
+ for (int i = 0; i < privileges.length; i++) {
+ names[i] = privileges[i].getName();
+ }
+ return names;
+ }
+
+ @Test
public void verifyCustomPrivileges() throws Exception {
JackrabbitSession session = createAdminSession();
try {