You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/02/18 12:15:16 UTC
svn commit: r1447196 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
Author: angela
Date: Mon Feb 18 11:15:15 2013
New Revision: 1447196
URL: http://svn.apache.org/r1447196
Log:
OAK-51 : Access Control Management (WIP)
annotations
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java?rev=1447196&r1=1447195&r2=1447196&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java Mon Feb 18 11:15:15 2013
@@ -24,6 +24,7 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.security.AccessControlEntry;
@@ -42,7 +43,7 @@ import org.slf4j.LoggerFactory;
/**
* ACL... TODO
- *
+ * <p/>
* TODO: - remove redundant entries from the list
* TODO: - remove redundant privileges from entries
*/
@@ -52,11 +53,12 @@ abstract class ACL extends AbstractAcces
private final List<JackrabbitAccessControlEntry> entries = new ArrayList<JackrabbitAccessControlEntry>();
- ACL(String oakPath, NamePathMapper namePathMapper) {
+ ACL(@Nullable String oakPath, @Nonnull NamePathMapper namePathMapper) {
this(oakPath, null, namePathMapper);
}
- ACL(String oakPath, List<JackrabbitAccessControlEntry> entries, NamePathMapper namePathMapper) {
+ ACL(@Nullable String oakPath, @Nullable List<JackrabbitAccessControlEntry> entries,
+ @Nonnull NamePathMapper namePathMapper) {
super(oakPath, namePathMapper);
if (entries != null) {
this.entries.addAll(entries);
@@ -115,7 +117,7 @@ abstract class ACL extends AbstractAcces
log.debug("Entry is already contained in policy -> no modification.");
return false;
} else {
- return entries.add(entry);
+ return addEntry(entry);
}
}
@@ -129,7 +131,7 @@ abstract class ACL extends AbstractAcces
return;
}
- int index = (dest == null) ? entries.size()-1 : entries.indexOf(dest);
+ int index = (dest == null) ? entries.size() - 1 : entries.indexOf(dest);
if (index < 0) {
throw new AccessControlException("'destEntry' not contained in this AccessControlList.");
} else {
@@ -155,10 +157,23 @@ abstract class ACL extends AbstractAcces
}
//------------------------------------------------------------< private >---
+
+ /**
+ * Check validity of the specified access control entry.
+ *
+ * @param entry The access control entry to test.
+ * @return The validated {@code ACE}.
+ * @throws AccessControlException If the specified entry is invalid.
+ */
private static JackrabbitAccessControlEntry checkACE(AccessControlEntry entry) throws AccessControlException {
if (!(entry instanceof ACE)) {
throw new AccessControlException("Invalid access control entry.");
}
return (ACE) entry;
}
+
+ private boolean addEntry(JackrabbitAccessControlEntry entry) {
+ // TODO: remove redundancy
+ return entries.add(entry);
+ }
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java?rev=1447196&r1=1447195&r2=1447196&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java Mon Feb 18 11:15:15 2013
@@ -20,6 +20,8 @@ import java.security.Principal;
import java.util.Collections;
import java.util.List;
import java.util.Map;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
import javax.jcr.Value;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlException;
@@ -49,11 +51,11 @@ import static org.junit.Assert.fail;
/**
* ACLTest... TODO
- *
+ * <p/>
* TODO: test restrictions
* TODO: add test with multiple entries
*/
-public class ACLTest extends AbstractAccessControlListTest{
+public class ACLTest extends AbstractAccessControlListTest {
private PrivilegeManager privilegeManager;
private PrincipalManager principalManager;
@@ -76,7 +78,9 @@ public class ACLTest extends AbstractAcc
}
@Override
- protected AbstractAccessControlList createACL(String jcrPath, List<JackrabbitAccessControlEntry> entries, NamePathMapper namePathMapper) {
+ protected AbstractAccessControlList createACL(@Nullable String jcrPath,
+ @Nonnull List<JackrabbitAccessControlEntry> entries,
+ @Nonnull NamePathMapper namePathMapper) {
String path = (jcrPath == null) ? null : namePathMapper.getOakPathKeepIndex(jcrPath);
final RestrictionProvider rp = getRestrictionProvider();
return new ACL(path, entries, namePathMapper) {
@@ -84,10 +88,12 @@ public class ACLTest extends AbstractAcc
public RestrictionProvider getRestrictionProvider() {
return rp;
}
+
@Override
PrincipalManager getPrincipalManager() {
return principalManager;
}
+
@Override
PrivilegeManager getPrivilegeManager() {
return privilegeManager;
@@ -125,7 +131,7 @@ public class ACLTest extends AbstractAcc
@Test
public void testAddEntryWithInvalidPrivilege() throws Exception {
try {
- emptyAcl.addAccessControlEntry(testPrincipal, new Privilege[] {new InvalidPrivilege()});
+ emptyAcl.addAccessControlEntry(testPrincipal, new Privilege[]{new InvalidPrivilege()});
fail("Adding an ACE with invalid privileges should fail.");
} catch (AccessControlException e) {
// success
@@ -146,7 +152,7 @@ public class ACLTest extends AbstractAcc
@Test
public void testAddEntryWithInvalidRestrictions() throws Exception {
- Map<String,Value> restrictions = Collections.singletonMap("unknownRestriction", new ValueFactoryImpl(root.getBlobFactory(), namePathMapper).createValue("value"));
+ Map<String, Value> restrictions = Collections.singletonMap("unknownRestriction", new ValueFactoryImpl(root.getBlobFactory(), namePathMapper).createValue("value"));
try {
emptyAcl.addEntry(testPrincipal, testPrivileges, false, restrictions);
fail("Invalid restrictions -> AccessControlException expected");
@@ -178,12 +184,15 @@ public class ACLTest extends AbstractAcc
public boolean isAllow() {
return false;
}
+
public String[] getRestrictionNames() {
return new String[0];
}
+
public Value getRestriction(String restrictionName) {
return null;
}
+
public Principal getPrincipal() {
return testPrincipal;
}