You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/10/16 18:35:15 UTC
svn commit: r1398877 - in /jackrabbit/oak/trunk: oak-core/
oak-core/src/main/java/org/apache/jackrabbit/oak/
oak-core/src/main/java/org/apache/jackrabbit/oak/security/
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/
oak-core/sr...
Author: angela
Date: Tue Oct 16 16:35:13 2012
New Revision: 1398877
URL: http://svn.apache.org/viewvc?rev=1398877&view=rev
Log:
OAK-64 : Privilege Management (WIP)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConstants.java
- copied, changed from r1398672, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConstants.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeManagerImpl.java (contents, props changed)
- copied, changed from r1398672, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImpl.java
Removed:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConstants.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/OpenPrincipalProvider.java
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImpl.java
Modified:
jackrabbit/oak/trunk/oak-core/pom.xml
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeProvider.java
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/RepositoryImpl.java
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/AbstractPrivilegeTest.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/CustomPrivilegeTest.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImplTest.java
jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/run/Main.java
Modified: jackrabbit/oak/trunk/oak-core/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/pom.xml?rev=1398877&r1=1398876&r2=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-core/pom.xml Tue Oct 16 16:35:13 2012
@@ -63,8 +63,7 @@
org.apache.jackrabbit.oak.spi.security.user,
org.apache.jackrabbit.oak.spi.security.user.action,
org.apache.jackrabbit.oak.spi.security.user.util,
- org.apache.jackrabbit.oak.security,
- org.apache.jackrabbit.oak.security.privilege,
+ org.apache.jackrabbit.oak.security
</Export-Package>
<Bundle-Activator>
org.apache.jackrabbit.oak.osgi.Activator
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java?rev=1398877&r1=1398876&r2=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java Tue Oct 16 16:35:13 2012
@@ -37,6 +37,8 @@ import org.apache.jackrabbit.oak.spi.que
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.spi.state.NodeStore;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* Builder class for constructing {@link ContentRepository} instances with
@@ -48,6 +50,8 @@ import org.apache.jackrabbit.oak.spi.sta
*/
public class Oak {
+ private static final Logger log = LoggerFactory.getLogger(Oak.class);
+
private final MicroKernel kernel;
private final List<QueryIndexProvider> queryIndexProviders = Lists.newArrayList();
@@ -142,8 +146,13 @@ public class Oak {
public Oak with(@Nonnull SecurityProvider securityProvider) {
this.securityProvider = securityProvider;
- validatorProviders.addAll(securityProvider.getAccessControlProvider().getValidatorProviders());
- validatorProviders.addAll(securityProvider.getUserConfiguration().getValidatorProviders());
+ try {
+ validatorProviders.addAll(securityProvider.getAccessControlProvider().getValidatorProviders());
+ validatorProviders.addAll(securityProvider.getUserConfiguration().getValidatorProviders());
+ validatorProviders.addAll(securityProvider.getPrivilegeConfiguration().getValidatorProviders());
+ } catch (UnsupportedOperationException e) {
+ log.info(e.getMessage());
+ }
return this;
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java?rev=1398877&r1=1398876&r2=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java Tue Oct 16 16:35:13 2012
@@ -31,6 +31,7 @@ import org.apache.jackrabbit.oak.securit
import org.apache.jackrabbit.oak.security.authorization.AccessControlProviderImpl;
import org.apache.jackrabbit.oak.security.principal.PrincipalManagerImpl;
import org.apache.jackrabbit.oak.security.principal.PrincipalProviderImpl;
+import org.apache.jackrabbit.oak.security.privilege.PrivilegeConfigurationImpl;
import org.apache.jackrabbit.oak.security.user.UserConfigurationImpl;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
@@ -39,6 +40,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
@@ -80,14 +82,20 @@ public class SecurityProviderImpl implem
@Nonnull
@Override
+ public TokenProvider getTokenProvider(Root root, ConfigurationParameters options) {
+ return new TokenProviderImpl(root, options, getUserConfiguration());
+ }
+
+ @Nonnull
+ @Override
public AccessControlProvider getAccessControlProvider() {
return new AccessControlProviderImpl();
}
@Nonnull
@Override
- public TokenProvider getTokenProvider(Root root, ConfigurationParameters options) {
- return new TokenProviderImpl(root, options, getUserConfiguration());
+ public PrivilegeConfiguration getPrivilegeConfiguration() {
+ return new PrivilegeConfigurationImpl();
}
@Nonnull
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java?rev=1398877&r1=1398876&r2=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidator.java Tue Oct 16 16:35:13 2012
@@ -24,7 +24,7 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.name.NamespaceConstants;
import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
-import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
import org.apache.jackrabbit.oak.spi.security.authorization.Permissions;
@@ -213,13 +213,16 @@ class PermissionValidator implements Val
}
private static boolean isNamespaceDefinition(String path) {
+ // TODO: depends on pluggable module
return Text.isDescendant(NamespaceConstants.NAMESPACES_PATH, path);
}
private static boolean isNodeTypeDefinition(String path) {
+ // TODO: depends on pluggable module
return Text.isDescendant(NodeTypeConstants.NODE_TYPES_PATH, path);
}
private static boolean isPrivilegeDefinition(String path) {
+ // TODO: depends on pluggable module
return Text.isDescendant(PrivilegeConstants.PRIVILEGES_PATH, path);
}
}
\ No newline at end of file
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java?rev=1398877&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java Tue Oct 16 16:35:13 2012
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.privilege;
+
+import java.util.Collections;
+import java.util.Set;
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeManagerImpl;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeProvider;
+
+/**
+ * PrivilegeConfigurationImpl... TODO
+ */
+public class PrivilegeConfigurationImpl implements PrivilegeConfiguration {
+
+ @Override
+ public PrivilegeProvider getPrivilegeProvider(ContentSession contentSession, Root root) {
+ return new PrivilegeRegistry(contentSession, root);
+ }
+
+ @Nonnull
+ @Override
+ public PrivilegeManager getPrivilegeManager(ContentSession contentSession, Root root, NamePathMapper namePathMapper) {
+ return new PrivilegeManagerImpl(root, getPrivilegeProvider(contentSession, root), namePathMapper);
+ }
+
+ @Override
+ public Set<ValidatorProvider> getValidatorProviders() {
+ ValidatorProvider vp = new PrivilegeValidatorProvider();
+ return Collections.singleton(vp);
+ }
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java?rev=1398877&r1=1398876&r2=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionReader.java Tue Oct 16 16:35:13 2012
@@ -45,9 +45,9 @@ import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.DefaultHandler;
-import static org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants.PRIVILEGES_PATH;
-import static org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants.REP_AGGREGATES;
-import static org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants.REP_IS_ABSTRACT;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.PRIVILEGES_PATH;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_AGGREGATES;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_IS_ABSTRACT;
/**
@@ -98,7 +98,7 @@ class PrivilegeDefinitionReader {
* @throws IOException
*/
static PrivilegeDefinition[] readCustomDefinitons(InputStream customPrivileges,
- NamespaceRegistry nsRegistry) throws RepositoryException, IOException {
+ NamespaceRegistry nsRegistry) throws RepositoryException, IOException {
Map<String, PrivilegeDefinition> definitions = new LinkedHashMap<String, PrivilegeDefinition>();
InputSource src = new InputSource(customPrivileges);
for (PrivilegeDefinition def : PrivilegeXmlHandler.readDefinitions(src, nsRegistry)) {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java?rev=1398877&r1=1398876&r2=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeRegistry.java Tue Oct 16 16:35:13 2012
@@ -27,6 +27,7 @@ import org.apache.jackrabbit.oak.api.Com
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeProvider;
import org.apache.jackrabbit.oak.util.NodeUtil;
@@ -37,8 +38,6 @@ import org.apache.jackrabbit.oak.util.No
*
* TODO: define if/how built-in privileges are reflected in the mk
* TODO: define if custom privileges are read with editing content session (thus enforcing read permissions)
- *
- * FIXME: Privilege registation should result in Session#refresh in order to have the new privilege also exposed in the content.
*/
public class PrivilegeRegistry implements PrivilegeProvider, PrivilegeConstants {
@@ -58,7 +57,7 @@ public class PrivilegeRegistry implement
public PrivilegeRegistry(ContentSession contentSession, Root root) {
this.contentSession = contentSession;
this.root = root;
- this.definitions = readDefinitions(root);
+ this.definitions = getAllDefinitions(new PrivilegeDefinitionReader(root));
}
static Map<String, PrivilegeDefinition> getAllDefinitions(PrivilegeDefinitionReader reader) {
@@ -73,14 +72,14 @@ public class PrivilegeRegistry implement
definitions.put(privilegeName, def);
}
- // add custom definitions
- definitions.putAll(reader.readDefinitions());
+ updateCustomDefinitions(reader, definitions);
updateJcrAllPrivilege(definitions);
+
return definitions;
}
- private Map<String, PrivilegeDefinition> readDefinitions(Root root) {
- return getAllDefinitions(new PrivilegeDefinitionReader(root));
+ private static void updateCustomDefinitions(PrivilegeDefinitionReader reader, Map<String, PrivilegeDefinition> definitions) {
+ definitions.putAll(reader.readDefinitions());
}
private static void updateJcrAllPrivilege(Map<String, PrivilegeDefinition> definitions) {
@@ -93,7 +92,8 @@ public class PrivilegeRegistry implement
@Override
public void refresh() {
// re-read the definitions (TODO: evaluate if it was better to always read privileges on demand only.)
- definitions.putAll(readDefinitions(root));
+ updateCustomDefinitions(new PrivilegeDefinitionReader(root), definitions);
+ updateJcrAllPrivilege(definitions);
}
@Nonnull
@@ -144,7 +144,7 @@ public class PrivilegeRegistry implement
}
}
- // TODO: should be covered by refresh instead
+ root.refresh();
definitions.put(toRegister.getName(), toRegister);
updateJcrAllPrivilege(definitions);
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java?rev=1398877&r1=1398876&r2=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java Tue Oct 16 16:35:13 2012
@@ -29,6 +29,7 @@ import org.apache.jackrabbit.oak.api.Typ
import org.apache.jackrabbit.oak.core.ReadOnlyTree;
import org.apache.jackrabbit.oak.plugins.name.NamespaceConstants;
import org.apache.jackrabbit.oak.spi.commit.Validator;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.util.Text;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java?rev=1398877&r1=1398876&r2=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java Tue Oct 16 16:35:13 2012
@@ -25,14 +25,14 @@ import org.apache.jackrabbit.oak.spi.com
import org.apache.jackrabbit.oak.spi.state.NodeState;
import static org.apache.jackrabbit.JcrConstants.JCR_SYSTEM;
-import static org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants.REP_PRIVILEGES;
+import static org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_PRIVILEGES;
/**
* {@code PrivilegeValidatorProvider} to construct a {@code Validator} instance
* to make sure modifications to the /jcr:system/rep:privileges tree are compliant
* with constraints applied for custom privileges.
*/
-public class PrivilegeValidatorProvider implements ValidatorProvider {
+class PrivilegeValidatorProvider implements ValidatorProvider {
@Nonnull
@Override
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java?rev=1398877&r1=1398876&r2=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java Tue Oct 16 16:35:13 2012
@@ -16,27 +16,17 @@
*/
package org.apache.jackrabbit.oak.spi.security;
-import java.util.Collections;
-import java.util.List;
import javax.annotation.Nonnull;
-import javax.jcr.Session;
-import org.apache.jackrabbit.api.security.principal.PrincipalManager;
-import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.OpenLoginContextProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlProvider;
-import org.apache.jackrabbit.oak.spi.security.principal.OpenPrincipalProvider;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
-import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
-import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
import org.apache.jackrabbit.oak.spi.state.NodeStore;
/**
@@ -52,67 +42,31 @@ public class OpenSecurityProvider implem
@Nonnull
@Override
+ public TokenProvider getTokenProvider(Root root, org.apache.jackrabbit.oak.spi.security.ConfigurationParameters options) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Nonnull
+ @Override
public AccessControlProvider getAccessControlProvider() {
return new OpenAccessControlProvider();
}
@Nonnull
@Override
- public TokenProvider getTokenProvider(Root root, org.apache.jackrabbit.oak.spi.security.ConfigurationParameters options) {
+ public PrivilegeConfiguration getPrivilegeConfiguration() {
throw new UnsupportedOperationException();
}
@Nonnull
@Override
public UserConfiguration getUserConfiguration() {
- return new UserConfiguration() {
- @Nonnull
- @Override
- public ConfigurationParameters getConfigurationParameters() {
- return new ConfigurationParameters();
- }
-
- @Nonnull
- @Override
- public UserProvider getUserProvider(Root root) {
- throw new UnsupportedOperationException();
- }
-
- @Nonnull
- @Override
- public MembershipProvider getMembershipProvider(Root root) {
- throw new UnsupportedOperationException();
- }
-
- @Nonnull
- @Override
- public List<ValidatorProvider> getValidatorProviders() {
- return Collections.emptyList();
- }
-
- @Nonnull
- @Override
- public UserManager getUserManager(Session session, Root root, NamePathMapper namePathMapper) {
- throw new UnsupportedOperationException();
- }
- };
+ throw new UnsupportedOperationException();
}
@Nonnull
@Override
public PrincipalConfiguration getPrincipalConfiguration() {
- return new PrincipalConfiguration() {
- @Nonnull
- @Override
- public PrincipalManager getPrincipalManager(Session session, Root root, NamePathMapper namePathMapper) {
- throw new UnsupportedOperationException();
- }
-
- @Nonnull
- @Override
- public PrincipalProvider getPrincipalProvider(Root root, NamePathMapper namePathMapper) {
- return new OpenPrincipalProvider();
- }
- };
+ throw new UnsupportedOperationException();
}
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java?rev=1398877&r1=1398876&r2=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java Tue Oct 16 16:35:13 2012
@@ -23,6 +23,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.state.NodeStore;
@@ -35,10 +36,13 @@ public interface SecurityProvider {
LoginContextProvider getLoginContextProvider(NodeStore nodeStore);
@Nonnull
+ TokenProvider getTokenProvider(Root root, ConfigurationParameters options);
+
+ @Nonnull
AccessControlProvider getAccessControlProvider();
@Nonnull
- TokenProvider getTokenProvider(Root root, ConfigurationParameters options);
+ PrivilegeConfiguration getPrivilegeConfiguration();
@Nonnull
UserConfiguration getUserConfiguration();
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java?rev=1398877&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java Tue Oct 16 16:35:13 2012
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.privilege;
+
+import java.util.Set;
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+
+/**
+ * PrivilegeConfiguration... TODO
+ */
+public interface PrivilegeConfiguration {
+
+ @Nonnull
+ PrivilegeProvider getPrivilegeProvider(ContentSession contentSession, Root root);
+
+ @Nonnull
+ PrivilegeManager getPrivilegeManager(ContentSession contentSession, Root root, NamePathMapper namePathMapper);
+
+ @Nonnull
+ Set<ValidatorProvider> getValidatorProviders();
+}
\ No newline at end of file
Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConstants.java (from r1398672, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConstants.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConstants.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConstants.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConstants.java&r1=1398672&r2=1398877&rev=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConstants.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConstants.java Tue Oct 16 16:35:13 2012
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.jackrabbit.oak.security.privilege;
+package org.apache.jackrabbit.oak.spi.security.privilege;
import org.apache.jackrabbit.JcrConstants;
Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeManagerImpl.java (from r1398672, jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeManagerImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeManagerImpl.java&p1=jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImpl.java&r1=1398672&r2=1398877&rev=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeManagerImpl.java Tue Oct 16 16:35:13 2012
@@ -14,22 +14,21 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.jackrabbit.oak.jcr.security.privilege;
+package org.apache.jackrabbit.oak.spi.security.privilege;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
+import javax.jcr.InvalidItemStateException;
import javax.jcr.NamespaceException;
import javax.jcr.RepositoryException;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
-import org.apache.jackrabbit.oak.jcr.SessionDelegate;
-import org.apache.jackrabbit.oak.security.privilege.PrivilegeRegistry;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeDefinition;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeProvider;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -43,14 +42,18 @@ public class PrivilegeManagerImpl implem
*/
private static final Logger log = LoggerFactory.getLogger(PrivilegeManagerImpl.class);
+ private final Root root;
+ private final NamePathMapper namePathMapper;
+
private final PrivilegeProvider provider;
- private final SessionDelegate sessionDelegate;
- public PrivilegeManagerImpl(SessionDelegate sessionDelegate) {
- this.provider = new PrivilegeRegistry(sessionDelegate.getContentSession(), sessionDelegate.getRoot());
- this.sessionDelegate = sessionDelegate;
+ public PrivilegeManagerImpl(Root root, PrivilegeProvider provider, NamePathMapper namePathMapper) {
+ this.root = root;
+ this.namePathMapper = namePathMapper;
+ this.provider = provider;
}
+ // TODO: review
public void refresh() {
provider.refresh();
}
@@ -77,6 +80,9 @@ public class PrivilegeManagerImpl implem
@Override
public Privilege registerPrivilege(String privilegeName, boolean isAbstract,
String[] declaredAggregateNames) throws RepositoryException {
+ if (root.hasPendingChanges()) {
+ throw new InvalidItemStateException("Session has pending changes.");
+ }
if (privilegeName == null || privilegeName.isEmpty()) {
throw new RepositoryException("Invalid privilege name " + privilegeName);
}
@@ -86,15 +92,13 @@ public class PrivilegeManagerImpl implem
}
PrivilegeDefinition def = provider.registerDefinition(oakName, isAbstract, getOakNames(declaredAggregateNames));
- // TODO: should be called by provider
- sessionDelegate.refresh(true);
return new PrivilegeImpl(def);
}
//------------------------------------------------------------< private >---
private String getOakName(String jcrName) {
- return sessionDelegate.getNamePathMapper().getOakName(jcrName);
+ return namePathMapper.getOakName(jcrName);
}
private Set<String> getOakNames(String[] jcrNames) throws RepositoryException {
Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeManagerImpl.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeProvider.java?rev=1398877&r1=1398876&r2=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeProvider.java Tue Oct 16 16:35:13 2012
@@ -21,6 +21,8 @@ import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.RepositoryException;
+import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+
/**
* PrivilegeProvider... TODO
*/
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/RepositoryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/RepositoryImpl.java?rev=1398877&r1=1398876&r2=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/RepositoryImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/RepositoryImpl.java Tue Oct 16 16:35:13 2012
@@ -35,7 +35,6 @@ import org.apache.jackrabbit.oak.plugins
import org.apache.jackrabbit.oak.plugins.name.NamespaceValidatorProvider;
import org.apache.jackrabbit.oak.plugins.nodetype.InitialContent;
import org.apache.jackrabbit.oak.plugins.nodetype.TypeValidatorProvider;
-import org.apache.jackrabbit.oak.security.privilege.PrivilegeValidatorProvider;
import org.apache.jackrabbit.oak.spi.commit.CompositeHook;
import org.apache.jackrabbit.oak.spi.commit.CompositeValidatorProvider;
import org.apache.jackrabbit.oak.spi.commit.ValidatingHook;
@@ -59,8 +58,7 @@ public class RepositoryImpl implements R
new NameValidatorProvider(),
new NamespaceValidatorProvider(),
new TypeValidatorProvider(),
- new ConflictValidatorProvider(),
- new PrivilegeValidatorProvider());
+ new ConflictValidatorProvider());
private static final CompositeHook DEFAULT_COMMIT_HOOK =
new CompositeHook(
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java?rev=1398877&r1=1398876&r2=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java Tue Oct 16 16:35:13 2012
@@ -18,7 +18,6 @@ package org.apache.jackrabbit.oak.jcr;
import java.io.IOException;
import java.util.concurrent.ScheduledExecutorService;
-
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.jcr.ItemExistsException;
@@ -45,12 +44,12 @@ import org.apache.jackrabbit.oak.api.Ses
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.TreeLocation;
import org.apache.jackrabbit.oak.commons.PathUtils;
-import org.apache.jackrabbit.oak.jcr.security.privilege.PrivilegeManagerImpl;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.namepath.NamePathMapperImpl;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
import org.apache.jackrabbit.oak.plugins.observation.ObservationManagerImpl;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeManagerImpl;
import org.apache.jackrabbit.oak.value.ValueFactoryImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -75,7 +74,9 @@ public class SessionDelegate {
private final IdentifierManager idManager;
private ObservationManagerImpl observationManager;
- private PrivilegeManagerImpl privilegeManager;
+ private PrincipalManager principalManager;
+ private UserManager userManager;
+ private PrivilegeManager privilegeManager;
private boolean isAlive = true;
private int sessionOpCount;
@@ -237,8 +238,9 @@ public class SessionDelegate {
} else {
root.refresh();
}
- if (privilegeManager != null) {
- privilegeManager.refresh();
+ // TODO: improve
+ if (privilegeManager != null && privilegeManager instanceof PrivilegeManagerImpl) {
+ ((PrivilegeManagerImpl) privilegeManager).refresh();
}
}
@@ -477,26 +479,36 @@ public class SessionDelegate {
@Nonnull
PrincipalManager getPrincipalManager() throws RepositoryException {
- if (securityProvider != null) {
- return securityProvider.getPrincipalConfiguration().getPrincipalManager(session, root, getNamePathMapper());
- } else {
- throw new UnsupportedRepositoryOperationException("Principal management not supported.");
+ if (principalManager == null) {
+ if (securityProvider != null) {
+ principalManager = securityProvider.getPrincipalConfiguration().getPrincipalManager(session, root, getNamePathMapper());
+ } else {
+ throw new UnsupportedRepositoryOperationException("Principal management not supported.");
+ }
}
+ return principalManager;
}
@Nonnull
UserManager getUserManager() throws UnsupportedRepositoryOperationException {
- if (securityProvider != null) {
- return securityProvider.getUserConfiguration().getUserManager(session, root, getNamePathMapper());
- } else {
- throw new UnsupportedRepositoryOperationException("User management not supported.");
+ if (userManager == null) {
+ if (securityProvider != null) {
+ userManager = securityProvider.getUserConfiguration().getUserManager(session, root, getNamePathMapper());
+ } else {
+ throw new UnsupportedRepositoryOperationException("User management not supported.");
+ }
}
+ return userManager;
}
@Nonnull
- PrivilegeManager getPrivilegeManager() {
+ PrivilegeManager getPrivilegeManager() throws UnsupportedRepositoryOperationException {
if (privilegeManager == null) {
- privilegeManager = new PrivilegeManagerImpl(this);
+ if (securityProvider != null) {
+ privilegeManager = securityProvider.getPrivilegeConfiguration().getPrivilegeManager(contentSession, root, getNamePathMapper());
+ } else {
+ throw new UnsupportedRepositoryOperationException("Privilege management not supported.");
+ }
}
return privilegeManager;
}
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java?rev=1398877&r1=1398876&r2=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionImpl.java Tue Oct 16 16:35:13 2012
@@ -391,11 +391,11 @@ public class SessionImpl extends Abstrac
return TODO.dummyImplementation().returnValue(new AccessControlManager() {
@Override
public void setPolicy(String absPath, AccessControlPolicy policy) {
- // do nothing
+ throw new AccessControlException(policy.toString());
}
@Override
public void removePolicy(String absPath, AccessControlPolicy policy) {
- // do nothing
+ throw new AccessControlException(policy.toString());
}
@Override
public Privilege privilegeFromName(String privilegeName)
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/AbstractPrivilegeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/AbstractPrivilegeTest.java?rev=1398877&r1=1398876&r2=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/AbstractPrivilegeTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/AbstractPrivilegeTest.java Tue Oct 16 16:35:13 2012
@@ -23,7 +23,7 @@ import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitWorkspace;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
-import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.test.AbstractJCRTest;
/**
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/CustomPrivilegeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/CustomPrivilegeTest.java?rev=1398877&r1=1398876&r2=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/CustomPrivilegeTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/CustomPrivilegeTest.java Tue Oct 16 16:35:13 2012
@@ -23,6 +23,7 @@ import java.util.List;
import java.util.Map;
import java.util.concurrent.Executors;
import javax.jcr.AccessDeniedException;
+import javax.jcr.InvalidItemStateException;
import javax.jcr.NamespaceException;
import javax.jcr.Node;
import javax.jcr.Repository;
@@ -36,7 +37,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.mk.core.MicroKernelImpl;
import org.apache.jackrabbit.oak.jcr.RepositoryImpl;
import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
-import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
@@ -111,12 +112,12 @@ public class CustomPrivilegeTest extends
public void testCustomEquivalentDefinitions() throws RepositoryException {
privilegeManager.registerPrivilege("custom4", false, new String[0]);
privilegeManager.registerPrivilege("custom5", false, new String[0]);
- privilegeManager.registerPrivilege("custom2", false, new String[] {"custom4", "custom5"});
+ privilegeManager.registerPrivilege("custom2", false, new String[]{"custom4", "custom5"});
List<String[]> equivalent = new ArrayList<String[]>();
- equivalent.add(new String[] {"custom4", "custom5"});
+ equivalent.add(new String[]{"custom4", "custom5"});
equivalent.add(new String[] {"custom2", "custom4"});
- equivalent.add(new String[] {"custom2", "custom5"});
+ equivalent.add(new String[]{"custom2", "custom5"});
int cnt = 6;
for (String[] aggrNames : equivalent) {
try {
@@ -373,4 +374,18 @@ public class CustomPrivilegeTest extends
s2.logout();
}
}
+
+ @Test
+ public void testRegisterPrivilegeWithPendingChanges() throws RepositoryException {
+ try {
+ session.getRootNode().addNode("test");
+ assertTrue(session.hasPendingChanges());
+ privilegeManager.registerPrivilege("new", true, new String[0]);
+ fail("Privileges may not be registered while there are pending changes.");
+ } catch (InvalidItemStateException e) {
+ // success
+ } finally {
+ superuser.refresh(false);
+ }
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImplTest.java?rev=1398877&r1=1398876&r2=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeManagerImplTest.java Tue Oct 16 16:35:13 2012
@@ -26,7 +26,7 @@ import javax.jcr.security.AccessControlE
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
-import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
Modified: jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/run/Main.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/run/Main.java?rev=1398877&r1=1398876&r2=1398877&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/run/Main.java (original)
+++ jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/run/Main.java Tue Oct 16 16:35:13 2012
@@ -35,7 +35,6 @@ import org.apache.jackrabbit.oak.plugins
import org.apache.jackrabbit.oak.plugins.name.NamespaceValidatorProvider;
import org.apache.jackrabbit.oak.plugins.nodetype.DefaultTypeEditor;
import org.apache.jackrabbit.oak.plugins.nodetype.TypeValidatorProvider;
-import org.apache.jackrabbit.oak.security.privilege.PrivilegeValidatorProvider;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
import org.apache.jackrabbit.oak.spi.commit.CompositeHook;
import org.apache.jackrabbit.oak.spi.commit.CompositeValidatorProvider;
@@ -215,8 +214,7 @@ public class Main {
new NameValidatorProvider(),
new NamespaceValidatorProvider(),
new TypeValidatorProvider(),
- new ConflictValidatorProvider(),
- new PrivilegeValidatorProvider());
+ new ConflictValidatorProvider());
}
}