You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2010/05/17 15:03:29 UTC
svn commit: r945128 - in /jackrabbit/trunk/jackrabbit-core/src:
main/java/org/apache/jackrabbit/core/config/
main/java/org/apache/jackrabbit/core/security/authentication/
main/java/org/apache/jackrabbit/core/security/principal/
test/java/org/apache/jac...
Author: angela
Date: Mon May 17 13:03:28 2010
New Revision: 945128
URL: http://svn.apache.org/viewvc?rev=945128&view=rev
Log:
JCR-2629 : LoginModuleConfig should allow to specify principalProvider-name in addition to the class
Modified:
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ProviderRegistryImpl.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/config/SecurityConfigTest.java
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java?rev=945128&r1=945127&r2=945128&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/config/LoginModuleConfig.java Mon May 17 13:03:28 2010
@@ -49,6 +49,24 @@ public class LoginModuleConfig extends B
public static final String PARAM_PRINCIPAL_PROVIDER_CLASS = "principalProvider";
/**
+ * Same as {@link LoginModuleConfig#PARAM_PRINCIPAL_PROVIDER_CLASS}.
+ * Introduced for compatibility reasons.
+ *
+ * @see <a href="https://issues.apache.org/jira/browse/JCR-2629">JCR-2629</a>
+ */
+ public static final String COMPAT_PRINCIPAL_PROVIDER_CLASS = "principal_provider.class";
+
+ /**
+ * Property-Key if the <code>PrincipalProvider</code> configured with
+ * {@link LoginModuleConfig#PARAM_PRINCIPAL_PROVIDER_CLASS} be registered using the
+ * specified name instead of the class name which is used by default if the
+ * name parameter is missing.
+ *
+ * @see <a href="https://issues.apache.org/jira/browse/JCR-2629">JCR-2629</a>
+ */
+ public static final String COMPAT_PRINCIPAL_PROVIDER_NAME = "principal_provider.name";
+
+ /**
* Creates an access manager configuration object from the
* given bean configuration.
*
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java?rev=945128&r1=945127&r2=945128&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/AbstractLoginModule.java Mon May 17 13:03:28 2010
@@ -145,6 +145,14 @@ public abstract class AbstractLoginModul
principalProviderClassName = pcOption.toString();
}
}
+ if (principalProviderClassName == null) {
+ // try compatibility parameters
+ if (options.containsKey(LoginModuleConfig.COMPAT_PRINCIPAL_PROVIDER_NAME)) {
+ principalProviderClassName = options.get(LoginModuleConfig.COMPAT_PRINCIPAL_PROVIDER_NAME).toString();
+ } else if (options.containsKey(LoginModuleConfig.COMPAT_PRINCIPAL_PROVIDER_CLASS)) {
+ principalProviderClassName = options.get(LoginModuleConfig.COMPAT_PRINCIPAL_PROVIDER_CLASS).toString();
+ }
+ }
if (principalProviderClassName != null) {
principalProvider = registry.getProvider(principalProviderClassName);
}
@@ -242,13 +250,12 @@ public abstract class AbstractLoginModul
* known to the system, i.e. if the {@link PrincipalProvider} has a principal
* for the given ID and the principal can be found via
* {@link PrincipalProvider#findPrincipals(String)}.<br>
- * The provider implemenation can be set by the configuration option with the
- * name {@link LoginModuleConfig#PARAM_PRINCIPAL_PROVIDER_CLASS principal_provider.class}.
- * If the option is missing, the system default prinvipal provider will
+ * The provider implementation can be set by the LoginModule configuration.
+ * If the option is missing, the system default principal provider will
* be used.<p/>
*
* <b>3) Verification</b><br>
- * There are four cases, how the User-ID can be verfied:
+ * There are four cases, how the User-ID can be verified:
* The login is anonymous, preauthenticated or the login is the result of
* an impersonation request (see {@link javax.jcr.Session#impersonate(Credentials)}
* or of a login to the Repository ({@link javax.jcr.Repository#login(Credentials)}).
@@ -264,11 +271,11 @@ public abstract class AbstractLoginModul
* Under the following conditions, the login process is aborted and the
* module is marked to be ignored:
* <ul>
- * <li>No User-ID could be resolve, and anyonymous access is switched off</li>
+ * <li>No User-ID could be resolve, and anonymous access is switched off</li>
* <li>No Principal is found for the User-ID resolved</li>
* </ul>
*
- * Under the follwoing conditions, the login process is marked to be invalid
+ * Under the following conditions, the login process is marked to be invalid
* by throwing an LoginException:
* <ul>
* <li>It is an impersonation request, but the impersonator is not allowed
@@ -277,7 +284,7 @@ public abstract class AbstractLoginModul
* </ul>
* <p/>
* The LoginModule keeps the Credentials and the Principal as instance fields,
- * to mark that login has been successfull.
+ * to mark that login has been successful.
*
* @return true if the authentication succeeded, or false if this
* <code>LoginModule</code> should be ignored.
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ProviderRegistryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ProviderRegistryImpl.java?rev=945128&r1=945127&r2=945128&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ProviderRegistryImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ProviderRegistryImpl.java Mon May 17 13:03:28 2010
@@ -62,7 +62,12 @@ public class ProviderRegistryImpl implem
PrincipalProvider provider = createProvider(config);
if (provider != null) {
synchronized (providers) {
- providers.put(provider.getClass().getName(), provider);
+ String providerName = (String) config.get(LoginModuleConfig.COMPAT_PRINCIPAL_PROVIDER_NAME);
+ if (null == providerName || "".equals(providerName)) {
+ // no name param -> use class name instead.
+ providerName = provider.getClass().getName();
+ }
+ providers.put(providerName, provider);
}
} else {
log.debug("Could not register principal provider: " +
@@ -115,6 +120,10 @@ public class ProviderRegistryImpl implem
String className = config.getProperty(LoginModuleConfig.PARAM_PRINCIPAL_PROVIDER_CLASS);
if (className == null) {
+ // try alternative key (backwards compatibility)
+ className = config.getProperty(LoginModuleConfig.COMPAT_PRINCIPAL_PROVIDER_CLASS);
+ }
+ if (className == null) {
return null;
}
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/config/SecurityConfigTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/config/SecurityConfigTest.java?rev=945128&r1=945127&r2=945128&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/config/SecurityConfigTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/config/SecurityConfigTest.java Mon May 17 13:03:28 2010
@@ -21,6 +21,9 @@ import org.apache.jackrabbit.core.Sessio
import org.apache.jackrabbit.core.security.AccessManager;
import org.apache.jackrabbit.core.security.DefaultAccessManager;
import org.apache.jackrabbit.core.security.JackrabbitSecurityManager;
+import org.apache.jackrabbit.core.security.principal.PrincipalProvider;
+import org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry;
+import org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl;
import org.apache.jackrabbit.core.security.user.UserManagerImpl;
import org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager;
import org.apache.jackrabbit.core.security.authentication.DefaultLoginModule;
@@ -56,11 +59,13 @@ public class SecurityConfigTest extends
private RepositoryConfigurationParser parser;
+ @Override
protected void setUp() throws Exception {
super.setUp();
parser = new RepositoryConfigurationParser(new Properties());
}
+ @Override
protected void tearDown() throws Exception {
super.tearDown();
}
@@ -147,7 +152,7 @@ public class SecurityConfigTest extends
// assignable from same class as configured
UserManager um = umc.getUserManager(UserManagerImpl.class, new Class[] {
- SessionImpl.class, String.class}, (SessionImpl) superuser, "admin");
+ SessionImpl.class, String.class}, superuser, "admin");
assertNotNull(um);
assertTrue(um instanceof UserManagerImpl);
assertTrue(um.isAutoSave());
@@ -163,7 +168,7 @@ public class SecurityConfigTest extends
umc = parser.parseSecurityConfig(xml).getSecurityManagerConfig().getUserManagerConfig();
try {
um = umc.getUserManager(UserPerWorkspaceUserManager.class, new Class[] {
- SessionImpl.class, String.class}, (SessionImpl) superuser, "admin");
+ SessionImpl.class, String.class}, superuser, "admin");
fail("UserManagerImpl is not assignable from derived class");
} catch (ConfigurationException e) {
// success
@@ -174,7 +179,7 @@ public class SecurityConfigTest extends
umc = parser.parseSecurityConfig(xml).getSecurityManagerConfig().getUserManagerConfig();
try {
um = umc.getUserManager(UserManagerImpl.class, new Class[] {
- Session.class}, (SessionImpl) superuser, "admin");
+ Session.class}, superuser, "admin");
fail("Invalid parameter types -> must fail.");
} catch (ConfigurationException e) {
// success
@@ -195,7 +200,7 @@ public class SecurityConfigTest extends
umc = parser.parseSecurityConfig(xml).getSecurityManagerConfig().getUserManagerConfig();
// assignable from defines base class
um = umc.getUserManager(UserManagerImpl.class, new Class[] {
- SessionImpl.class, String.class}, (SessionImpl) superuser, "admin");
+ SessionImpl.class, String.class}, superuser, "admin");
assertNotNull(um);
assertTrue(um instanceof UserPerWorkspaceUserManager);
// but: configured class creates a umgr that requires session.save
@@ -204,8 +209,42 @@ public class SecurityConfigTest extends
um.autoSave(false);
}
+ /**
+ *
+ * @throws Exception
+ */
+ public void testPrincipalProviderConfig() throws Exception {
+ PrincipalProviderRegistry ppr = new ProviderRegistryImpl(null);
+
+ // standard config
+ Element xml = parseXML(new InputSource(new StringReader(PRINCIPAL_PROVIDER_CONFIG)), true);
+ LoginModuleConfig lmc = parser.parseSecurityConfig(xml).getLoginModuleConfig();
+ PrincipalProvider pp = ppr.registerProvider(lmc.getParameters());
+ assertEquals(pp, ppr.getProvider(pp.getClass().getName()));
+ assertEquals("org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider", pp.getClass().getName());
+
+ // config specifying an extra name
+ xml = parseXML(new InputSource(new StringReader(PRINCIPAL_PROVIDER_CONFIG1)), true);
+ lmc = parser.parseSecurityConfig(xml).getLoginModuleConfig();
+ pp = ppr.registerProvider(lmc.getParameters());
+ assertEquals(pp, ppr.getProvider("test"));
+ assertEquals("org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider", pp.getClass().getName());
+
+ // use alternative class config
+ xml = parseXML(new InputSource(new StringReader(PRINCIPAL_PROVIDER_CONFIG2)), true);
+ lmc = parser.parseSecurityConfig(xml).getLoginModuleConfig();
+ pp = ppr.registerProvider(lmc.getParameters());
+ assertEquals(pp, ppr.getProvider("test2"));
+ assertEquals("org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider", pp.getClass().getName());
+
+ // all 3 providers must be registered despite the fact the all configs
+ // specify the same provider class
+ assertEquals(3, ppr.getProviders().length);
+
+ }
+
public void testInvalidConfig() {
- List<InputSource> invalid = new ArrayList();
+ List<InputSource> invalid = new ArrayList<InputSource>();
invalid.add(new InputSource(new StringReader(INVALID_CONFIG_1)));
invalid.add(new InputSource(new StringReader(INVALID_CONFIG_2)));
invalid.add(new InputSource(new StringReader(INVALID_CONFIG_3)));
@@ -316,4 +355,45 @@ public class SecurityConfigTest extends
" <UserManager class=\"org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager\" />" +
" </SecurityManager>" +
" </Security>";
+
+ private static final String PRINCIPAL_PROVIDER_CONFIG =
+ " <Security appName=\"Jackrabbit\">" +
+ " <SecurityManager class=\"org.apache.jackrabbit.core.DefaultSecurityManager\" workspaceName=\"security\">" +
+ " </SecurityManager>" +
+ " <AccessManager class=\"org.apache.jackrabbit.core.security.DefaultAccessManager\">" +
+ " </AccessManager>" +
+ " <LoginModule class=\"org.apache.jackrabbit.core.security.authentication.DefaultLoginModule\">" +
+ " <param name=\"anonymousId\" value=\"anonymous\"/>" +
+ " <param name=\"adminId\" value=\"admin\"/>" +
+ " <param name=\"principalProvider\" value=\"org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider\"/>" +
+ " </LoginModule>\n" +
+ " </Security>";
+
+ private static final String PRINCIPAL_PROVIDER_CONFIG1 =
+ " <Security appName=\"Jackrabbit\">" +
+ " <SecurityManager class=\"org.apache.jackrabbit.core.DefaultSecurityManager\" workspaceName=\"security\">" +
+ " </SecurityManager>" +
+ " <AccessManager class=\"org.apache.jackrabbit.core.security.DefaultAccessManager\">" +
+ " </AccessManager>" +
+ " <LoginModule class=\"org.apache.jackrabbit.core.security.authentication.DefaultLoginModule\">" +
+ " <param name=\"anonymousId\" value=\"anonymous\"/>" +
+ " <param name=\"adminId\" value=\"admin\"/>" +
+ " <param name=\"principalProvider\" value=\"org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider\"/>" +
+ " <param name=\"principal_provider.name\" value=\"test\"/>" +
+ " </LoginModule>\n" +
+ " </Security>";
+
+ private static final String PRINCIPAL_PROVIDER_CONFIG2 =
+ " <Security appName=\"Jackrabbit\">" +
+ " <SecurityManager class=\"org.apache.jackrabbit.core.DefaultSecurityManager\" workspaceName=\"security\">" +
+ " </SecurityManager>" +
+ " <AccessManager class=\"org.apache.jackrabbit.core.security.DefaultAccessManager\">" +
+ " </AccessManager>" +
+ " <LoginModule class=\"org.apache.jackrabbit.core.security.authentication.DefaultLoginModule\">" +
+ " <param name=\"anonymousId\" value=\"anonymous\"/>" +
+ " <param name=\"adminId\" value=\"admin\"/>" +
+ " <param name=\"principal_provider.class\" value=\"org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider\"/>" +
+ " <param name=\"principal_provider.name\" value=\"test2\"/>" +
+ " </LoginModule>\n" +
+ " </Security>";
}