You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by mr...@apache.org on 2012/10/02 14:33:38 UTC
svn commit: r1392887 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/
main/java/org/apache/jackrabbit/oak/core/
main/java/org/apache/jackrabbit/oak/plugins/type/
main/java/org/apache/jackrabbit/oak/security/authorization/ m...
Author: mreutegg
Date: Tue Oct 2 12:33:38 2012
New Revision: 1392887
URL: http://svn.apache.org/viewvc?rev=1392887&view=rev
Log:
OAK-41: Initial repository setup
- introduce OpenLoginContext, OpenLoginModule and OpenAccessControlContextProvider for open repository access (used by InitialContent)
- authorization now has a AccessControlContextProvider
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextProviderImpl.java (with props)
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginContextProvider.java (with props)
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginModule.java (with props)
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContextProvider.java (with props)
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlContextProvider.java (with props)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContext.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractCoreTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java?rev=1392887&r1=1392886&r2=1392887&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java Tue Oct 2 12:33:38 2012
@@ -23,12 +23,9 @@ import javax.annotation.Nonnull;
import org.apache.jackrabbit.mk.api.MicroKernel;
import org.apache.jackrabbit.mk.core.MicroKernelImpl;
import org.apache.jackrabbit.oak.api.ContentRepository;
-import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.core.ContentRepositoryImpl;
-import org.apache.jackrabbit.oak.core.RootImpl;
import org.apache.jackrabbit.oak.kernel.KernelNodeStore;
import org.apache.jackrabbit.oak.plugins.memory.MemoryNodeStore;
-import org.apache.jackrabbit.oak.security.authentication.LoginContextProviderImpl;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
import org.apache.jackrabbit.oak.spi.commit.CompositeHook;
import org.apache.jackrabbit.oak.spi.commit.CompositeValidatorProvider;
@@ -37,6 +34,8 @@ import org.apache.jackrabbit.oak.spi.com
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider;
import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
+import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContextProvider;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.spi.state.NodeStore;
@@ -62,6 +61,10 @@ public class Oak {
private final List<ValidatorProvider> validatorProviders =
Lists.newArrayList();
+ private LoginContextProvider loginContextProvider;
+
+ private AccessControlContextProvider accProvider;
+
public Oak(MicroKernel kernel) {
this.kernel = kernel;
}
@@ -142,12 +145,38 @@ public class Oak {
});
}
+ /**
+ * Associates the given login context provider with the repository to be
+ * created.
+ *
+ * @param loginContextProvider a login context provider.
+ * @return this builder.
+ */
+ @Nonnull
+ public Oak with(@Nonnull LoginContextProvider loginContextProvider) {
+ this.loginContextProvider = loginContextProvider;
+ return this;
+ }
+
+ /**
+ * Associates the given access control context provider with the repository
+ * to be created.
+ *
+ * @param accProvider an access control context provider.
+ * @return this builder.
+ */
+ @Nonnull
+ public Oak with(@Nonnull AccessControlContextProvider accProvider) {
+ this.accProvider = accProvider;
+ return this;
+ }
+
public ContentRepository createContentRepository() {
return new ContentRepositoryImpl(
kernel,
- new LoginContextProviderImpl(),
CompositeQueryIndexProvider.compose(queryIndexProviders),
- createCommitHook());
+ createCommitHook(),
+ loginContextProvider, accProvider);
}
private CommitHook createCommitHook() {
@@ -173,14 +202,4 @@ public class Oak {
return new MemoryNodeStore();
}
}
-
- /**
- * Creates a {@link Root} based on the previously set {@link MicroKernel},
- * {@link CommitHook} and {@link ValidatorProvider}.
- *
- * @return a {@link Root} instance.
- */
- public Root createRoot() {
- return new RootImpl(createNodeStore(), null);
- }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java?rev=1392887&r1=1392886&r2=1392887&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentRepositoryImpl.java Tue Oct 2 12:33:38 2012
@@ -29,6 +29,7 @@ import org.apache.jackrabbit.oak.api.Con
import org.apache.jackrabbit.oak.kernel.KernelNodeStore;
import org.apache.jackrabbit.oak.plugins.commit.AnnotatingConflictHandlerProvider;
import org.apache.jackrabbit.oak.security.authentication.LoginContextProviderImpl;
+import org.apache.jackrabbit.oak.security.authorization.AccessControlContextProviderImpl;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
import org.apache.jackrabbit.oak.spi.commit.CompositeHook;
import org.apache.jackrabbit.oak.spi.commit.ConflictHandlerProvider;
@@ -38,6 +39,7 @@ import org.apache.jackrabbit.oak.spi.com
import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider;
import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContextProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -57,6 +59,7 @@ public class ContentRepositoryImpl imple
new AnnotatingConflictHandlerProvider();
private final LoginContextProvider loginContextProvider;
+ private final AccessControlContextProvider accProvider;
private final QueryIndexProvider indexProvider;
private final KernelNodeStore nodeStore;
@@ -112,6 +115,27 @@ public class ContentRepositoryImpl imple
public ContentRepositoryImpl(
MicroKernel microKernel, LoginContextProvider loginContextProvider,
QueryIndexProvider indexProvider, CommitHook commitHook) {
+ this(microKernel, indexProvider, commitHook, loginContextProvider, null);
+ }
+
+ /**
+ * Creates an Oak repository instance based on the given, already
+ * initialized components.
+ *
+ * @param microKernel underlying kernel instance
+ * @param indexProvider index provider
+ * @param commitHook the commit hook
+ * @param lcProvider the login context provider or <code>null</code> if a
+ * default implementation should be used.
+ * @param accProvider the access control context provider or
+ * <code>null</code> if a default implementation should
+ * be used.
+ */
+ public ContentRepositoryImpl(MicroKernel microKernel,
+ QueryIndexProvider indexProvider,
+ CommitHook commitHook,
+ LoginContextProvider lcProvider,
+ AccessControlContextProvider accProvider) {
nodeStore = new KernelNodeStore(microKernel);
nodeStore.setHook(commitHook);
@@ -119,7 +143,18 @@ public class ContentRepositoryImpl imple
this.indexProvider = indexProvider != null ? indexProvider
: new CompositeQueryIndexProvider();
- this.loginContextProvider = loginContextProvider;
+ if (lcProvider != null) {
+ this.loginContextProvider = lcProvider;
+ } else {
+ // use default implementation
+ this.loginContextProvider = new LoginContextProviderImpl();
+ }
+ if (accProvider != null) {
+ this.accProvider = accProvider;
+ } else {
+ // use default implementation
+ this.accProvider = new AccessControlContextProviderImpl();
+ }
}
@Nonnull
@@ -138,7 +173,7 @@ public class ContentRepositoryImpl imple
LoginContext loginContext = loginContextProvider.getLoginContext(credentials, workspaceName);
loginContext.login();
- return new ContentSessionImpl(loginContext, workspaceName, nodeStore, DEFAULT_CONFLICT_HANDLER_PROVIDER,
- indexProvider);
+ return new ContentSessionImpl(loginContext, accProvider, workspaceName,
+ nodeStore, DEFAULT_CONFLICT_HANDLER_PROVIDER, indexProvider);
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java?rev=1392887&r1=1392886&r2=1392887&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/ContentSessionImpl.java Tue Oct 2 12:33:38 2012
@@ -29,6 +29,7 @@ import org.apache.jackrabbit.oak.api.Cor
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.spi.commit.ConflictHandlerProvider;
import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContextProvider;
import org.apache.jackrabbit.oak.spi.state.NodeStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -41,15 +42,18 @@ class ContentSessionImpl implements Cont
private static final Logger log = LoggerFactory.getLogger(ContentSessionImpl.class);
private final LoginContext loginContext;
+ private final AccessControlContextProvider accProvider;
private final String workspaceName;
private final NodeStore store;
private final ConflictHandlerProvider conflictHandlerProvider;
private final QueryIndexProvider indexProvider;
- public ContentSessionImpl(LoginContext loginContext, String workspaceName,
+ public ContentSessionImpl(LoginContext loginContext,
+ AccessControlContextProvider accProvider, String workspaceName,
NodeStore store, ConflictHandlerProvider conflictHandlerProvider,
QueryIndexProvider indexProvider) {
this.loginContext = loginContext;
+ this.accProvider = accProvider;
this.workspaceName = workspaceName;
this.store = store;
this.conflictHandlerProvider = conflictHandlerProvider;
@@ -70,7 +74,7 @@ class ContentSessionImpl implements Cont
@Nonnull
@Override
public Root getLatestRoot() {
- RootImpl root = new RootImpl(store, workspaceName, loginContext.getSubject(), indexProvider);
+ RootImpl root = new RootImpl(store, workspaceName, loginContext.getSubject(), accProvider, indexProvider);
if (conflictHandlerProvider != null) {
root.setConflictHandler(conflictHandlerProvider.getConflictHandler(getCoreValueFactory()));
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java?rev=1392887&r1=1392886&r2=1392887&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java Tue Oct 2 12:33:38 2012
@@ -18,10 +18,6 @@
*/
package org.apache.jackrabbit.oak.core;
-import static com.google.common.base.Preconditions.checkArgument;
-import static org.apache.jackrabbit.oak.commons.PathUtils.getName;
-import static org.apache.jackrabbit.oak.commons.PathUtils.getParentPath;
-
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
@@ -32,18 +28,14 @@ import javax.security.auth.Subject;
import org.apache.jackrabbit.oak.api.ChangeExtractor;
import org.apache.jackrabbit.oak.api.CommitFailedException;
-import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.SessionQueryEngine;
-import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.TreeLocation;
import org.apache.jackrabbit.oak.plugins.commit.DefaultConflictHandler;
import org.apache.jackrabbit.oak.query.SessionQueryEngineImpl;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlContextImpl;
import org.apache.jackrabbit.oak.spi.commit.ConflictHandler;
-import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider;
import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContextProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.oak.spi.state.NodeState;
@@ -53,6 +45,11 @@ import org.apache.jackrabbit.oak.spi.sta
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+import static org.apache.jackrabbit.oak.commons.PathUtils.getName;
+import static org.apache.jackrabbit.oak.commons.PathUtils.getParentPath;
+
public class RootImpl implements Root {
static final Logger log = LoggerFactory.getLogger(RootImpl.class);
@@ -61,16 +58,16 @@ public class RootImpl implements Root {
*/
private static final int PURGE_LIMIT = 100;
- /**
- * A dummy subject used when no subject is provided in the constructor.
- */
- private static final Subject DUMMY_SUBJECT = new Subject();
-
/** The underlying store to which this root belongs */
private final NodeStore store;
private final Subject subject;
+ /**
+ * The access control context provider.
+ */
+ private final AccessControlContextProvider accProvider;
+
/** Current branch this root operates on */
private NodeStoreBranch branch;
@@ -109,30 +106,25 @@ public class RootImpl implements Root {
/**
* New instance bases on a given {@link NodeStore} and a workspace
- * @param store node store
- * @param workspaceName name of the workspace
- * @param subject
+ *
+ * @param store node store
+ * @param workspaceName name of the workspace
+ * @param subject the subject.
+ * @param accProvider the access control context provider.
*/
@SuppressWarnings("UnusedParameters")
- public RootImpl(NodeStore store, String workspaceName, Subject subject, QueryIndexProvider indexProvider) {
- this.store = store;
- this.subject = subject;
+ public RootImpl(NodeStore store,
+ String workspaceName,
+ Subject subject,
+ AccessControlContextProvider accProvider,
+ QueryIndexProvider indexProvider) {
+ this.store = checkNotNull(store);
+ this.subject = checkNotNull(subject);
+ this.accProvider = checkNotNull(accProvider);
this.indexProvider = indexProvider;
refresh();
}
- /**
- * TODO remove constructor
- *
- * New instance bases on a given {@link NodeStore} and a workspace
- * @param store node store
- * @param workspaceName name of the workspace
- */
- @SuppressWarnings("UnusedParameters")
- public RootImpl(NodeStore store, String workspaceName) {
- this(store, workspaceName, DUMMY_SUBJECT, new CompositeQueryIndexProvider());
- }
-
public void setConflictHandler(ConflictHandler conflictHandler) {
this.conflictHandler = conflictHandler;
}
@@ -289,13 +281,7 @@ public class RootImpl implements Root {
}
CompiledPermissions getPermissions() {
- if (subject == DUMMY_SUBJECT) {
- return new AllPermissions();
- } else {
- AccessControlContext context = new AccessControlContextImpl();
- context.initialize(subject.getPrincipals());
- return context.getPermissions();
- }
+ return accProvider.createAccessControlContext(subject).getPermissions();
}
//------------------------------------------------------------< private >---
@@ -317,31 +303,6 @@ public class RootImpl implements Root {
purgeListener.purged();
}
}
-
- private static final class AllPermissions implements CompiledPermissions {
- @Override
- public boolean canRead(String path, boolean isProperty) {
- return true;
- }
-
- @Override
- public boolean isGranted(int permissions) {
- return true;
- }
-
- @Override
- public boolean isGranted(Tree tree, int permissions) {
- return true;
- }
-
- @Override
- public boolean isGranted(Tree parent,
- PropertyState property,
- int permissions) {
- return true;
- }
- }
-
@Override
public SessionQueryEngine getQueryEngine() {
return new SessionQueryEngineImpl(store, indexProvider);
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java?rev=1392887&r1=1392886&r2=1392887&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java Tue Oct 2 12:33:38 2012
@@ -20,8 +20,11 @@ import org.apache.felix.scr.annotations.
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.mk.api.MicroKernel;
import org.apache.jackrabbit.oak.Oak;
+import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.spi.lifecycle.DefaultMicroKernelTracker;
import org.apache.jackrabbit.oak.spi.lifecycle.MicroKernelTracker;
+import org.apache.jackrabbit.oak.spi.security.authentication.OpenLoginContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlContextProvider;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.spi.state.NodeStore;
@@ -53,6 +56,17 @@ public class InitialContent extends Defa
"\"rep:privileges\" :{\"jcr:primaryType\":\"nam:rep:Privileges\"}}", null, null);
}
- BuiltInNodeTypes.register(new Oak(mk).createRoot());
+ BuiltInNodeTypes.register(createRoot(mk));
+ }
+
+ private Root createRoot(MicroKernel mk) {
+ Oak oak = new Oak(mk);
+ oak.with(new OpenLoginContextProvider());
+ oak.with(new OpenAccessControlContextProvider());
+ try {
+ return oak.createContentRepository().login(null, null).getLatestRoot();
+ } catch (Exception e) {
+ throw new IllegalStateException("Unable to create a Root", e);
+ }
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java?rev=1392887&r1=1392886&r2=1392887&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java Tue Oct 2 12:33:38 2012
@@ -19,29 +19,39 @@ package org.apache.jackrabbit.oak.securi
import java.security.Principal;
import java.util.Set;
-import org.apache.jackrabbit.oak.api.PropertyState;
-import org.apache.jackrabbit.oak.api.Tree;
-import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
+import javax.security.auth.Subject;
+
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
+import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlContextProvider;
import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
/**
* PermissionProviderImpl... TODO
*/
-public class AccessControlContextImpl implements AccessControlContext {
+class AccessControlContextImpl implements AccessControlContext {
- private static final CompiledPermissions ADMIN_PERMISSIONS = new SimplePermissions(true);
+ private static final CompiledPermissions ADMIN_PERMISSIONS;
- private Set<Principal> principals;
+ static {
+ AccessControlContextProvider accProvider = new OpenAccessControlContextProvider();
+ Subject subject = new Subject();
+ subject.getPrincipals().add(AdminPrincipal.INSTANCE);
+ ADMIN_PERMISSIONS = accProvider.createAccessControlContext(subject).getPermissions();
+ }
- //-----------------------------------------------< AccessControlContext >---
- @Override
- public void initialize(Set<Principal> principals) {
- this.principals = principals;
+ private final Subject subject;
+
+ AccessControlContextImpl(Subject subject) {
+ this.subject = subject;
}
+ //-----------------------------------------------< AccessControlContext >---
+
@Override
public CompiledPermissions getPermissions() {
+ Set<Principal> principals = subject.getPrincipals();
if (principals.contains(AdminPrincipal.INSTANCE)) {
return ADMIN_PERMISSIONS;
} else {
@@ -49,39 +59,4 @@ public class AccessControlContextImpl im
return new CompiledPermissionImpl(principals);
}
}
-
- //--------------------------------------------------------------------------
- /**
- * Trivial implementation of the {@code CompiledPermissions} interface that
- * either allows or denies all permissions.
- */
- private static final class SimplePermissions implements CompiledPermissions {
-
- private final boolean allowed;
-
- private SimplePermissions(boolean allowed) {
- this.allowed = allowed;
- }
-
- @Override
- public boolean canRead(String path, boolean isProperty) {
- return allowed;
- }
-
- @Override
- public boolean isGranted(int permissions) {
- return allowed;
- }
-
- @Override
- public boolean isGranted(Tree tree, int permissions) {
- return allowed;
- }
-
- @Override
- public boolean isGranted(Tree parent, PropertyState property, int permissions) {
- return allowed;
- }
-
- }
}
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextProviderImpl.java?rev=1392887&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextProviderImpl.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextProviderImpl.java Tue Oct 2 12:33:38 2012
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization;
+
+import javax.security.auth.Subject;
+
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContextProvider;
+
+/**
+ * <code>AccessControlContextProviderImpl</code> is a default implementation and
+ * creates {@link AccessControlContextImpl} for a given set of principals.
+ */
+public class AccessControlContextProviderImpl
+ implements AccessControlContextProvider {
+
+ @Override
+ public AccessControlContext createAccessControlContext(Subject subject) {
+ return new AccessControlContextImpl(subject);
+ }
+}
Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextProviderImpl.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextProviderImpl.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision Rev URL
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java?rev=1392887&r1=1392886&r2=1392887&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java Tue Oct 2 12:33:38 2012
@@ -40,14 +40,15 @@ public class PermissionValidatorProvider
@Nonnull
@Override
public Validator getRootValidator(NodeState before, NodeState after) {
- Set<Principal> principals = ImmutableSet.of();
Subject subject = Subject.getSubject(AccessController.getContext());
- if (subject != null) {
- principals = subject.getPrincipals();
+ if (subject == null) {
+ // use empty subject
+ subject = new Subject();
}
- AccessControlContext context = new AccessControlContextImpl();
- context.initialize(principals);
+ // FIXME: should use same provider as in ContentRepositoryImpl
+ AccessControlContext context = new AccessControlContextProviderImpl()
+ .createAccessControlContext(subject);
NodeUtil rootBefore = new NodeUtil(new ReadOnlyTree(before));
NodeUtil rootAfter = new NodeUtil(new ReadOnlyTree(after));
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginContextProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginContextProvider.java?rev=1392887&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginContextProvider.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginContextProvider.java Tue Oct 2 12:33:38 2012
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authentication;
+
+import java.util.Collections;
+
+import javax.jcr.Credentials;
+import javax.security.auth.login.AppConfigurationEntry;
+import javax.security.auth.login.Configuration;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+/**
+ * This class implements a {@link LoginContextProvider} which accepts any given
+ * credentials using an {@link OpenLoginModule}.
+ */
+public class OpenLoginContextProvider implements LoginContextProvider {
+
+ @Override
+ public LoginContext getLoginContext(Credentials credentials,
+ String workspaceName)
+ throws LoginException {
+ return new OpenLoginContext();
+ }
+
+ private static class OpenLoginContext extends LoginContext {
+
+ private static final String APP_NAME = OpenLoginContext.class.getName();
+
+ public OpenLoginContext() throws LoginException {
+ super(APP_NAME, null, null, new Configuration() {
+ @Override
+ public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
+ return new AppConfigurationEntry[]{
+ new AppConfigurationEntry(OpenLoginModule.class.getName(),
+ AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
+ Collections.<String, Object>emptyMap())
+ };
+ }
+ });
+ }
+ }
+
+}
Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginContextProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginContextProvider.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision Rev URL
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginModule.java?rev=1392887&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginModule.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginModule.java Tue Oct 2 12:33:38 2012
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authentication;
+
+import java.util.Collections;
+import java.util.Set;
+
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+/**
+ * This class implements a {@link LoginModule} which allows any authenticating
+ * Subject to login.
+ */
+public class OpenLoginModule extends AbstractLoginModule {
+
+ @Override
+ protected Set<Class> getSupportedCredentials() {
+ return Collections.emptySet();
+ }
+
+ @Override
+ public boolean login() throws LoginException {
+ return true;
+ }
+
+ @Override
+ public boolean commit() throws LoginException {
+ return true;
+ }
+
+ @Override
+ public boolean abort() throws LoginException {
+ return true;
+ }
+}
Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginModule.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/OpenLoginModule.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision Rev URL
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContext.java?rev=1392887&r1=1392886&r2=1392887&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContext.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContext.java Tue Oct 2 12:33:38 2012
@@ -24,8 +24,6 @@ import java.util.Set;
*/
public interface AccessControlContext {
- void initialize(Set<Principal> principals);
-
// TODO define how permissions eval is bound to a particular revision/branch. (passing Tree?)
CompiledPermissions getPermissions();
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContextProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContextProvider.java?rev=1392887&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContextProvider.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContextProvider.java Tue Oct 2 12:33:38 2012
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization;
+
+import java.security.Principal;
+import java.util.Set;
+
+import javax.security.auth.Subject;
+
+/**
+ * <code>AccessControlContextProvider</code>...
+ */
+public interface AccessControlContextProvider {
+
+ public AccessControlContext createAccessControlContext(Subject subject);
+}
Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContextProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContextProvider.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision Rev URL
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlContextProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlContextProvider.java?rev=1392887&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlContextProvider.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlContextProvider.java Tue Oct 2 12:33:38 2012
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization;
+
+import javax.security.auth.Subject;
+
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
+
+/**
+ * This class implements an {@link AccessControlContextProvider} which grants
+ * full access to any {@link Subject} passed to {@link #createAccessControlContext(Subject)}.
+ */
+public class OpenAccessControlContextProvider
+ implements AccessControlContextProvider {
+
+ @Override
+ public AccessControlContext createAccessControlContext(Subject subject) {
+ return new AccessControlContext() {
+ @Override
+ public CompiledPermissions getPermissions() {
+ return AllPermissions.INSTANCE;
+ }
+ };
+ }
+
+ private static final class AllPermissions implements CompiledPermissions {
+
+ private static final CompiledPermissions INSTANCE = new AllPermissions();
+
+ @Override
+ public boolean canRead(String path, boolean isProperty) {
+ return true;
+ }
+
+ @Override
+ public boolean isGranted(int permissions) {
+ return true;
+ }
+
+ @Override
+ public boolean isGranted(Tree tree, int permissions) {
+ return true;
+ }
+
+ @Override
+ public boolean isGranted(Tree parent,
+ PropertyState property,
+ int permissions) {
+ return true;
+ }
+ }
+}
Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlContextProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlContextProvider.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision Rev URL
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractCoreTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractCoreTest.java?rev=1392887&r1=1392886&r2=1392887&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractCoreTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/AbstractCoreTest.java Tue Oct 2 12:33:38 2012
@@ -22,6 +22,7 @@ import org.apache.jackrabbit.mk.api.Micr
import org.apache.jackrabbit.mk.core.MicroKernelImpl;
import org.apache.jackrabbit.oak.api.CoreValueFactory;
import org.apache.jackrabbit.oak.kernel.KernelNodeStore;
+import org.apache.jackrabbit.oak.security.authorization.AccessControlContextProviderImpl;
import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.junit.Before;
@@ -55,6 +56,7 @@ public abstract class AbstractCoreTest {
protected abstract NodeState createInitialState(MicroKernel microKernel);
protected RootImpl createRootImpl(String workspaceName) {
- return new RootImpl(store, workspaceName, new Subject(), new CompositeQueryIndexProvider());
+ return new RootImpl(store, workspaceName, new Subject(),
+ new AccessControlContextProviderImpl(), new CompositeQueryIndexProvider());
}
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java?rev=1392887&r1=1392886&r2=1392887&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/RootImplFuzzIT.java Tue Oct 2 12:33:38 2012
@@ -32,6 +32,7 @@ import org.apache.jackrabbit.oak.api.Tre
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.core.RootImplFuzzIT.Operation.Rebase;
import org.apache.jackrabbit.oak.kernel.KernelNodeStore;
+import org.apache.jackrabbit.oak.security.authorization.AccessControlContextProviderImpl;
import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider;
import org.junit.Before;
import org.junit.Test;
@@ -81,12 +82,14 @@ public class RootImplFuzzIT {
store1 = new KernelNodeStore(mk1);
vf = store1.getValueFactory();
mk1.commit("", "+\"/root\":{}", mk1.getHeadRevision(), "");
- root1 = new RootImpl(store1, null, new Subject(), new CompositeQueryIndexProvider());
+ root1 = new RootImpl(store1, null, new Subject(),
+ new AccessControlContextProviderImpl(), new CompositeQueryIndexProvider());
MicroKernel mk2 = new MicroKernelImpl("./target/mk2/" + random.nextInt());
store2 = new KernelNodeStore(mk2);
mk2.commit("", "+\"/root\":{}", mk2.getHeadRevision(), "");
- root2 = new RootImpl(store2, null, new Subject(), new CompositeQueryIndexProvider());
+ root2 = new RootImpl(store2, null, new Subject(),
+ new AccessControlContextProviderImpl(), new CompositeQueryIndexProvider());
}
@Test
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java?rev=1392887&r1=1392886&r2=1392887&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/lucene/LuceneEditorTest.java Tue Oct 2 12:33:38 2012
@@ -26,6 +26,7 @@ import org.apache.jackrabbit.oak.kernel.
import org.apache.jackrabbit.oak.plugins.memory.MemoryValueFactory;
import org.apache.jackrabbit.oak.query.ast.Operator;
import org.apache.jackrabbit.oak.query.index.FilterImpl;
+import org.apache.jackrabbit.oak.security.authorization.AccessControlContextProviderImpl;
import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider;
import org.apache.jackrabbit.oak.spi.query.Cursor;
import org.apache.jackrabbit.oak.spi.query.Filter;
@@ -48,7 +49,8 @@ public class LuceneEditorTest implements
KernelNodeStore store = new KernelNodeStore(new MicroKernelImpl());
store.setHook(new LuceneEditor(testID));
- Root root = new RootImpl(store, null, new Subject(), new CompositeQueryIndexProvider());
+ Root root = new RootImpl(store, null, new Subject(),
+ new AccessControlContextProviderImpl(), new CompositeQueryIndexProvider());
Tree tree = root.getTree("/");
tree.setProperty("foo", MemoryValueFactory.INSTANCE.createValue("bar"));