You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/02/07 11:18:55 UTC
svn commit: r1443385 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/security/authorization/
main/java/org/apache/jackrabbit/oak/spi/security/authorization/
test/java/org/apache/jackrabbit/oak/security/authorization/
Author: angela
Date: Thu Feb 7 10:18:55 2013
New Revision: 1443385
URL: http://svn.apache.org/viewvc?rev=1443385&view=rev
Log:
OAK-51 : Access Control Management (WIP)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java?rev=1443385&r1=1443384&r2=1443385&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ACL.java Thu Feb 7 10:18:55 2013
@@ -42,6 +42,9 @@ import org.slf4j.LoggerFactory;
/**
* ACL... TODO
+ *
+ * TODO: - remove redundant entries from the list
+ * TODO: - remove redundant privileges from entries
*/
abstract class ACL extends AbstractAccessControlList {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1443385&r1=1443384&r2=1443385&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java Thu Feb 7 10:18:55 2013
@@ -57,6 +57,7 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.apache.jackrabbit.oak.core.TreeImpl;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.memory.MemoryPropertyBuilder;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
@@ -217,7 +218,7 @@ public class AccessControlManagerImpl im
aceTree.remove();
}
} else {
- aclNode = createAclTree(oakPath, tree);
+ aclNode = createAclNode(oakPath, tree);
}
ACL acl = (ACL) policy;
@@ -383,7 +384,7 @@ public class AccessControlManagerImpl im
* @throws RepositoryException if an error occurs
*/
@Nonnull
- private NodeUtil createAclTree(@Nullable String oakPath, @Nonnull Tree tree) throws RepositoryException {
+ private NodeUtil createAclNode(@Nullable String oakPath, @Nonnull Tree tree) throws RepositoryException {
String mixinName = getMixinName(oakPath);
if (!isAccessControlled(tree, mixinName)) {
@@ -396,7 +397,9 @@ public class AccessControlManagerImpl im
tree.setProperty(pb.getPropertyState());
}
}
- return new NodeUtil(tree).addChild(getAclName(oakPath), NT_REP_ACL);
+ NodeUtil aclNode = new NodeUtil(tree).addChild(getAclName(oakPath), NT_REP_ACL);
+ aclNode.setStrings(TreeImpl.OAK_CHILD_ORDER, new String[0]);
+ return aclNode;
}
@CheckForNull
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java?rev=1443385&r1=1443384&r2=1443385&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlList.java Thu Feb 7 10:18:55 2013
@@ -75,7 +75,7 @@ public abstract class AbstractAccessCont
@Override
public AccessControlEntry[] getAccessControlEntries() throws RepositoryException {
List<JackrabbitAccessControlEntry> entries = getEntries();
- return entries.toArray(new AccessControlEntry[entries.size()]);
+ return entries.toArray(new JackrabbitAccessControlEntry[entries.size()]);
}
@Override
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java?rev=1443385&r1=1443384&r2=1443385&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java Thu Feb 7 10:18:55 2013
@@ -19,6 +19,7 @@ package org.apache.jackrabbit.oak.securi
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
@@ -606,6 +607,50 @@ public class AccessControlManagerImplTes
assertEquals("*/something", restr.getString(REP_GLOB, null));
}
+ @Ignore()
+ @Test
+ public void testModifyExistingPolicy() throws Exception {
+ ACL acl = getApplicablePolicy(testPath);
+ acl.addAccessControlEntry(testPrincipal, testPrivileges);
+ AccessControlEntry allowTest = acl.getAccessControlEntries()[0];
+
+ acMgr.setPolicy(testPath, acl);
+ root.commit();
+
+ acl = (ACL) acMgr.getPolicies(testPath)[0];
+ acl.addEntry(EveryonePrincipal.getInstance(), testPrivileges, false, getGlobRestriction("*/something"));
+
+ AccessControlEntry[] aces = acl.getAccessControlEntries();
+ assertEquals(2, aces.length);
+ AccessControlEntry denyEveryone = aces[1];
+ assertEquals(EveryonePrincipal.getInstance(), denyEveryone.getPrincipal());
+
+ acl.orderBefore(denyEveryone, allowTest);
+ acMgr.setPolicy(testPath, acl);
+ root.commit();
+
+ acl = (ACL) acMgr.getPolicies(testPath)[0];
+ aces = acl.getAccessControlEntries();
+ assertEquals(2, aces.length);
+ assertEquals(denyEveryone, aces[0]);
+ assertEquals(allowTest, aces[1]);
+
+ acl.addEntry(testPrincipal, new Privilege[] {acMgr.privilegeFromName(PrivilegeConstants.JCR_ALL)},
+ false, Collections.<String, Value>emptyMap());
+ AccessControlEntry denyTest = acl.getAccessControlEntries()[2];
+
+ acl.orderBefore(denyTest, allowTest);
+ acMgr.setPolicy(testPath, acl);
+
+ acl = (ACL) acMgr.getPolicies(testPath)[0];
+ aces = acl.getAccessControlEntries();
+ assertEquals(3, aces.length);
+
+ assertEquals(denyEveryone, aces[0]);
+ assertEquals(denyTest, aces[1]);
+ assertEquals(allowTest, aces[2]);
+ }
+
@Test
public void testSetInvalidPolicy() throws Exception {
// TODO