You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by ju...@apache.org on 2012/04/14 00:15:30 UTC
svn commit: r1325984 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/mk/MicroKernelFactory.java
main/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapper.java
test/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapperTest.java
Author: jukka
Date: Fri Apr 13 22:15:30 2012
New Revision: 1325984
URL: http://svn.apache.org/viewvc?rev=1325984&view=rev
Log:
OAK-12: Implement a test suite for the MicroKernel
Decouple URL handling from SecurityWrapper and make the related test case target just the SecurityWrapper class, not the underlying MicroKernel implementations
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/MicroKernelFactory.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapper.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapperTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/MicroKernelFactory.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/MicroKernelFactory.java?rev=1325984&r1=1325983&r2=1325984&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/MicroKernelFactory.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/MicroKernelFactory.java Fri Apr 13 22:15:30 2012
@@ -111,7 +111,32 @@ public class MicroKernelFactory {
} else if (head.equals("log")) {
return new LogWrapper(getInstance(tail));
} else if (head.equals("sec")) {
- return SecurityWrapper.get(url);
+ String userPassUrl = tail;
+ int index = userPassUrl.indexOf(':');
+ if (index < 0) {
+ throw ExceptionFactory.get("Expected url format: sec:user@pass:<url>");
+ }
+ String u = userPassUrl.substring(index + 1);
+ String userPass = userPassUrl.substring(0, index);
+ index = userPass.indexOf('@');
+ if (index < 0) {
+ throw ExceptionFactory.get("Expected url format: sec:user@pass:<url>");
+ }
+ String user = userPass.substring(0, index);
+ String pass = userPass.substring(index + 1);
+ final MicroKernel mk = getInstance(u);
+ try {
+ return new SecurityWrapper(mk, user, pass) {
+ @Override
+ public void dispose() {
+ super.dispose();
+ mk.dispose();
+ }
+ };
+ } catch (MicroKernelException e) {
+ mk.dispose();
+ throw e;
+ }
} else if (head.equals("virtual")) {
MicroKernel mk = getInstance(tail);
try {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapper.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapper.java?rev=1325984&r1=1325983&r2=1325984&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapper.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapper.java Fri Apr 13 22:15:30 2012
@@ -17,9 +17,7 @@
package org.apache.jackrabbit.mk.wrapper;
import java.io.InputStream;
-import org.apache.jackrabbit.mk.MicroKernelFactory;
import org.apache.jackrabbit.mk.api.MicroKernel;
-import org.apache.jackrabbit.mk.api.MicroKernelException;
import org.apache.jackrabbit.mk.json.JsopReader;
import org.apache.jackrabbit.mk.json.JsopStream;
import org.apache.jackrabbit.mk.json.JsopTokenizer;
@@ -50,11 +48,29 @@ public class SecurityWrapper extends Mic
private final SimpleLRUCache<String, NodeImpl> cache = SimpleLRUCache.newInstance(100);
private String rightsRevision;
- private SecurityWrapper(MicroKernel mk, String[] rights) {
- // TODO security for the index mechanism
+ /**
+ * Decorates the given {@link MicroKernel} with authentication and
+ * authorization. The responsibility of properly disposing the given
+ * MikroKernel instance remains with the caller.
+ */
+ public SecurityWrapper(MicroKernel mk, String user, String pass) {
this.mk = MicroKernelWrapperBase.wrap(mk);
+ // TODO security for the index mechanism
+
+ String role = mk.getNodes("/:user/" + user, mk.getHeadRevision());
+ NodeMap map = new NodeMap();
+ JsopReader t = new JsopTokenizer(role);
+ t.read('{');
+ NodeImpl n = NodeImpl.parse(map, t, 0);
+ String password = JsopTokenizer.decodeQuoted(n.getProperty("password"));
+ if (!pass.equals(password)) {
+ throw ExceptionFactory.get("Wrong password");
+ }
+ String[] rights =
+ JsopTokenizer.decodeQuoted(n.getProperty("rights")).split(",");
this.userRights = rights;
- boolean isAdmin = false, canWrite = false;
+ boolean isAdmin = false;
+ boolean canWrite = false;
for (String r : rights) {
if (r.equals("admin")) {
isAdmin = true;
@@ -62,41 +78,8 @@ public class SecurityWrapper extends Mic
canWrite = true;
}
}
- admin = isAdmin;
- write = canWrite;
- }
-
- public static synchronized SecurityWrapper get(String url) {
- String userPassUrl = url.substring("sec:".length());
- int index = userPassUrl.indexOf(':');
- if (index < 0) {
- throw ExceptionFactory.get("Expected url format: sec:user@pass:<url>");
- }
- String u = userPassUrl.substring(index + 1);
- String userPass = userPassUrl.substring(0, index);
- index = userPass.indexOf('@');
- if (index < 0) {
- throw ExceptionFactory.get("Expected url format: sec:user@pass:<url>");
- }
- String user = userPass.substring(0, index);
- String pass = userPass.substring(index + 1);
- MicroKernel mk = MicroKernelFactory.getInstance(u);
- try {
- String role = mk.getNodes("/:user/" + user, mk.getHeadRevision());
- NodeMap map = new NodeMap();
- JsopReader t = new JsopTokenizer(role);
- t.read('{');
- NodeImpl n = NodeImpl.parse(map, t, 0);
- String password = JsopTokenizer.decodeQuoted(n.getProperty("password"));
- if (!pass.equals(password)) {
- throw ExceptionFactory.get("Wrong password");
- }
- String rights = JsopTokenizer.decodeQuoted(n.getProperty("rights"));
- return new SecurityWrapper(mk, rights.split(","));
- } catch (MicroKernelException e) {
- mk.dispose();
- throw e;
- }
+ this.admin = isAdmin;
+ this.write = canWrite;
}
public String commitStream(String rootPath, JsopReader jsonDiff, String revisionId, String message) {
@@ -108,7 +91,6 @@ public class SecurityWrapper extends Mic
}
public void dispose() {
- mk.dispose();
}
public String getHeadRevision() {
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapperTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapperTest.java?rev=1325984&r1=1325983&r2=1325984&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapperTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/mk/wrapper/SecurityWrapperTest.java Fri Apr 13 22:15:30 2012
@@ -21,64 +21,40 @@ import static org.junit.Assert.assertFal
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import junit.framework.Assert;
-import org.apache.jackrabbit.mk.MicroKernelFactory;
-import org.apache.jackrabbit.mk.MultiMkTestBase;
import org.apache.jackrabbit.mk.api.MicroKernel;
import org.apache.jackrabbit.mk.api.MicroKernelException;
import org.apache.jackrabbit.mk.json.JsopTokenizer;
-import org.junit.After;
+import org.apache.jackrabbit.mk.simple.SimpleKernelImpl;
import org.junit.Before;
import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.junit.runners.Parameterized;
/**
* Test the security wrapper.
*/
-@RunWith(Parameterized.class)
-public class SecurityWrapperTest extends MultiMkTestBase {
+public class SecurityWrapperTest {
+
+ // TODO: Remove SimpleKernelImpl-specific assumptions from the test
+ private final MicroKernel mk =
+ new SimpleKernelImpl("mem:SecurityWrapperTest");
private String head;
private MicroKernel mkAdmin;
private MicroKernel mkGuest;
- public SecurityWrapperTest(String url) {
- super(url);
- }
-
@Before
public void setUp() throws Exception {
- super.setUp();
- if (!isSimpleKernel(mk)) {
- return;
- }
head = mk.getHeadRevision();
head = mk.commit("/", "+ \":user\": { \":rights\":\"admin\" }", head, "");
head = mk.commit("/", "+ \":user/guest\": {\"password\": \"guest\", \"rights\":\"read\" }", head, "");
head = mk.commit("/", "+ \":user/sa\": {\"password\": \"abc\", \"rights\":\"admin\" }", head, "");
- mkAdmin = MicroKernelFactory.getInstance("sec:sa@abc:" + url);
- mkGuest = MicroKernelFactory.getInstance("sec:guest@guest:" + url);
- }
-
- @After
- public void tearDown() throws InterruptedException {
- try {
- if (mkAdmin != null) {
- mkAdmin.dispose();
- }
- if (mkGuest != null) {
- mkGuest.dispose();
- }
- super.tearDown();
- } catch (Throwable e) {
- e.printStackTrace();
- }
+ mkAdmin = new SecurityWrapper(mk, "sa", "abc");
+ mkGuest = new SecurityWrapper(mk, "guest", "guest");
}
@Test
public void wrongPassword() {
try {
- MicroKernelFactory.getInstance("sec:sa@xyz:" + url);
+ new SecurityWrapper(mk, "sa", "xyz");
fail();
} catch (Throwable e) {
// expected (wrong password)
@@ -87,9 +63,6 @@ public class SecurityWrapperTest extends
@Test
public void commit() {
- if (!isSimpleKernel(mk)) {
- return;
- }
head = mkAdmin.commit("/", "+ \"test\": { \"data\": \"Hello\" }", head, null);
head = mkAdmin.commit("/", "- \"test\"", head, null);
try {
@@ -102,9 +75,6 @@ public class SecurityWrapperTest extends
@Test
public void getJournal() {
- if (!isSimpleKernel(mk)) {
- return;
- }
String fromRevision = mkAdmin.getHeadRevision();
String toRevision = mkAdmin.commit("/", "+ \"test\": { \"data\": \"Hello\" }", head, "");
toRevision = mkAdmin.commit("/", "^ \"test/data\": \"Hallo\"", toRevision, "");
@@ -129,9 +99,6 @@ public class SecurityWrapperTest extends
@Test
public void getNodes() {
- if (!isSimpleKernel(mk)) {
- return;
- }
head = mk.getHeadRevision();
assertTrue(mkAdmin.nodeExists("/:user", head));
assertFalse(mkGuest.nodeExists("/:user", head));