You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/02/28 19:25:22 UTC
svn commit: r1451275 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization:
AccessControlConfigurationImpl.java
permission/PermissionStoreValidatorProvider.java
Author: angela
Date: Thu Feb 28 18:25:22 2013
New Revision: 1451275
URL: http://svn.apache.org/r1451275
Log:
OAK-527: permissions (wip, store must be read-only)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreValidatorProvider.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java?rev=1451275&r1=1451274&r2=1451275&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java Thu Feb 28 18:25:22 2013
@@ -26,6 +26,7 @@ import javax.jcr.security.AccessControlM
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.version.VersionablePathHook;
+import org.apache.jackrabbit.oak.security.authorization.permission.PermissionStoreValidatorProvider;
import org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidatorProvider;
import org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionProviderImpl;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
@@ -85,7 +86,10 @@ public class AccessControlConfigurationI
@Nonnull
@Override
public CommitHook getCommitHook(@Nonnull final String workspaceName) {
- return new ValidatingHook(new PermissionValidatorProvider(securityProvider, workspaceName), new AccessControlValidatorProvider(securityProvider));
+ return new ValidatingHook(
+ new PermissionStoreValidatorProvider(),
+ new PermissionValidatorProvider(securityProvider, workspaceName),
+ new AccessControlValidatorProvider(securityProvider));
}
};
}
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreValidatorProvider.java?rev=1451275&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreValidatorProvider.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreValidatorProvider.java Thu Feb 28 18:25:22 2013
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.permission;
+
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.oak.api.CommitFailedException;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.spi.commit.SubtreeValidator;
+import org.apache.jackrabbit.oak.spi.commit.Validator;
+import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+import org.apache.jackrabbit.oak.spi.state.NodeState;
+
+/**
+ * Validator implementation that asserts that the permission store is read-only.
+ */
+public class PermissionStoreValidatorProvider implements ValidatorProvider, PermissionConstants {
+
+ @Nonnull
+ @Override
+ public Validator getRootValidator(NodeState before, NodeState after) {
+ return new SubtreeValidator(new PermissionStoreValidator(), PERMISSIONS_STORE_PATH);
+ }
+
+ private final static class PermissionStoreValidator implements Validator {
+
+ private static final String errorMsg = "Attempt to modify permission store.";
+
+ @Override
+ public void propertyAdded(PropertyState after) throws CommitFailedException {
+ throw new CommitFailedException(errorMsg);
+ }
+
+ @Override
+ public void propertyChanged(PropertyState before, PropertyState after) throws CommitFailedException {
+ throw new CommitFailedException(errorMsg);
+ }
+
+ @Override
+ public void propertyDeleted(PropertyState before) throws CommitFailedException {
+ throw new CommitFailedException(errorMsg);
+ }
+
+ @Override
+ public Validator childNodeAdded(String name, NodeState after) throws CommitFailedException {
+ throw new CommitFailedException(errorMsg);
+ }
+
+ @Override
+ public Validator childNodeChanged(String name, NodeState before, NodeState after) throws CommitFailedException {
+ throw new CommitFailedException(errorMsg);
+ }
+
+ @Override
+ public Validator childNodeDeleted(String name, NodeState before) throws CommitFailedException {
+ throw new CommitFailedException(errorMsg);
+ }
+ }
+}