You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2016/01/12 17:08:08 UTC
svn commit: r1724268 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java
oak-pojosr/src/test/groovy/org/apache/jackrabbit/oak/run/osgi/SecurityProviderRegistrationTest.groovy
Author: angela
Date: Tue Jan 12 16:08:08 2016
New Revision: 1724268
URL: http://svn.apache.org/viewvc?rev=1724268&view=rev
Log:
OAK-1268 : Add support for composite authorization setup (WIP)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java
jackrabbit/oak/trunk/oak-pojosr/src/test/groovy/org/apache/jackrabbit/oak/run/osgi/SecurityProviderRegistrationTest.groovy
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java?rev=1724268&r1=1724267&r2=1724268&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java Tue Jan 12 16:08:08 2016
@@ -29,6 +29,7 @@ import org.apache.felix.scr.annotations.
import org.apache.felix.scr.annotations.References;
import org.apache.jackrabbit.oak.commons.PropertiesUtil;
import org.apache.jackrabbit.oak.osgi.OsgiWhiteboard;
+import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
import org.apache.jackrabbit.oak.security.user.UserConfigurationImpl;
import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
@@ -81,10 +82,11 @@ import static com.google.common.collect.
"unless the services identified by these PIDs are " +
"registered first. Only the PIDs of implementations of " +
"the following interfaces are checked: " +
- "PrincipalConfiguration, TokenConfiguration, " +
- "AuthorizableActionProvider, " +
+ "AuthorizationConfiguration, PrincipalConfiguration, " +
+ "TokenConfiguration, AuthorizableActionProvider, " +
"RestrictionProvider and UserAuthenticationFactory.",
value = {
+ "org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl",
"org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl",
"org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl",
"org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider",
@@ -96,6 +98,12 @@ import static com.google.common.collect.
})
@References({
@Reference(
+ name = "authorizationConfiguration",
+ referenceInterface = AuthorizationConfiguration.class,
+ cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE,
+ policy = ReferencePolicy.DYNAMIC
+ ),
+ @Reference(
name = "principalConfiguration",
referenceInterface = PrincipalConfiguration.class,
cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE,
@@ -138,9 +146,6 @@ public class SecurityProviderRegistratio
private static final Logger log = LoggerFactory.getLogger(SecurityProviderRegistration.class);
@Reference
- private AuthorizationConfiguration authorizationConfiguration;
-
- @Reference
private AuthenticationConfiguration authenticationConfiguration;
@Reference
@@ -157,6 +162,8 @@ public class SecurityProviderRegistratio
private final Preconditions preconditions = new Preconditions();
+ private final List<AuthorizationConfiguration> authorizationConfigurations = newCopyOnWriteArrayList();
+
private final List<PrincipalConfiguration> principalConfigurations = newCopyOnWriteArrayList();
private final List<TokenConfiguration> tokenConfigurations = newCopyOnWriteArrayList();
@@ -219,14 +226,6 @@ public class SecurityProviderRegistratio
}
}
- public void bindAuthorizationConfiguration(AuthorizationConfiguration authorizationConfiguration) {
- this.authorizationConfiguration = authorizationConfiguration;
- }
-
- public void unbindAuthorizationConfiguration(AuthorizationConfiguration authorizationConfiguration) {
- this.authorizationConfiguration = null;
- }
-
public void bindAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) {
this.authenticationConfiguration = authenticationConfiguration;
}
@@ -251,6 +250,24 @@ public class SecurityProviderRegistratio
this.userConfiguration = null;
}
+ public void bindAuthorizationConfiguration(AuthorizationConfiguration authorizationConfiguration, Map<String, Object> properties) {
+ synchronized (this) {
+ authorizationConfigurations.add(authorizationConfiguration);
+ addCandidate(properties);
+ }
+
+ maybeRegister();
+ }
+
+ public void unbindAuthorizationConfiguration(AuthorizationConfiguration authorizationConfiguration, Map<String, Object> properties) {
+ synchronized (this) {
+ authorizationConfigurations.remove(authorizationConfiguration);
+ removeCandidate(properties);
+ }
+
+ maybeUnregister();
+ }
+
public void bindPrincipalConfiguration(PrincipalConfiguration principalConfiguration, Map<String, Object> properties) {
synchronized (this) {
principalConfigurations.add(principalConfiguration);
@@ -475,12 +492,12 @@ public class SecurityProviderRegistratio
// Static, mandatory references
securityProvider.setAuthenticationConfiguration(initializeConfiguration(securityProvider, authenticationConfiguration));
- securityProvider.setAuthorizationConfiguration(initializeConfiguration(securityProvider, authorizationConfiguration));
securityProvider.setUserConfiguration(initializeConfiguration(securityProvider, userConfiguration));
securityProvider.setPrivilegeConfiguration(initializeConfiguration(securityProvider, privilegeConfiguration));
// Multiple, dynamic references
+ securityProvider.setAuthorizationConfiguration(createCompositeAuthorizationConfiguration(securityProvider));
securityProvider.setPrincipalConfiguration(createCompositePrincipalConfiguration(securityProvider));
securityProvider.setTokenConfiguration(createCompositeTokenConfiguration(securityProvider));
@@ -491,6 +508,22 @@ public class SecurityProviderRegistratio
return securityProvider;
}
+ private AuthorizationConfiguration createCompositeAuthorizationConfiguration(SecurityProvider securityProvider) {
+ return new CompositeAuthorizationConfiguration(securityProvider) {
+
+ @Override
+ protected List<AuthorizationConfiguration> getConfigurations() {
+ ArrayList<AuthorizationConfiguration> configurations = newArrayList(authorizationConfigurations);
+
+ for (AuthorizationConfiguration configuration : configurations) {
+ initializeConfiguration(getSecurityProvider(), configuration);
+ }
+
+ return configurations;
+ }
+ };
+ }
+
private PrincipalConfiguration createCompositePrincipalConfiguration(SecurityProvider securityProvider) {
return new CompositePrincipalConfiguration(securityProvider) {
Modified: jackrabbit/oak/trunk/oak-pojosr/src/test/groovy/org/apache/jackrabbit/oak/run/osgi/SecurityProviderRegistrationTest.groovy
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-pojosr/src/test/groovy/org/apache/jackrabbit/oak/run/osgi/SecurityProviderRegistrationTest.groovy?rev=1724268&r1=1724267&r2=1724268&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-pojosr/src/test/groovy/org/apache/jackrabbit/oak/run/osgi/SecurityProviderRegistrationTest.groovy (original)
+++ jackrabbit/oak/trunk/oak-pojosr/src/test/groovy/org/apache/jackrabbit/oak/run/osgi/SecurityProviderRegistrationTest.groovy Tue Jan 12 16:08:08 2016
@@ -19,6 +19,7 @@ package org.apache.jackrabbit.oak.run.os
import org.apache.felix.connect.launch.PojoServiceRegistry
import org.apache.jackrabbit.oak.spi.security.SecurityProvider
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration
+import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableNodeName
@@ -53,6 +54,15 @@ class SecurityProviderRegistrationTest e
/**
* A SecurityProvider shouldn't start without a required
+ * AuthorizationConfiguration service.
+ */
+ @Test
+ public void testRequiredAuthorizationConfigurationNotAvailable() {
+ testRequiredService(AuthorizationConfiguration, mock(AuthorizationConfiguration))
+ }
+
+ /**
+ * A SecurityProvider shouldn't start without a required
* PrincipalConfiguration service.
*/
@Test
@@ -114,13 +124,16 @@ class SecurityProviderRegistrationTest e
// Set up the SecurityProvider to require three services
- setRequiredServicePids("test.RequiredPrincipalConfiguration", "test.RequiredTokenConfiguration", "test.AuthorizableNodeName")
+ setRequiredServicePids("test.RequiredAuthorizationConfiguration", "test.RequiredPrincipalConfiguration", "test.RequiredTokenConfiguration", "test.AuthorizableNodeName")
TimeUnit.MILLISECONDS.sleep(500)
assert securityProviderServiceReferences == null
// Start the services and verify that only at the end the
// SecurityProvider registers itself
+ registry.registerService(AuthorizationConfiguration.class.name, mock(AuthorizationConfiguration), dict("service.pid": "test.RequiredAuthorizationConfiguration"))
+ assert securityProviderServiceReferences == null
+
registry.registerService(PrincipalConfiguration.class.name, mock(PrincipalConfiguration), dict("service.pid": "test.RequiredPrincipalConfiguration"))
assert securityProviderServiceReferences == null