You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/08/21 17:10:38 UTC
svn commit: r1375598 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/core/
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/
oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/...
Author: angela
Date: Tue Aug 21 15:10:37 2012
New Revision: 1375598
URL: http://svn.apache.org/viewvc?rev=1375598&view=rev
Log:
OAK-50 : Implement User Management (WIP)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
- copied, changed from r1375392, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/KernelPrincipalProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java
Removed:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/KernelPrincipalProvider.java
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/NodeTreeUtil.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java Tue Aug 21 15:10:37 2012
@@ -254,7 +254,7 @@ public class RootImpl implements Root {
providers.add(accessControlContext.getPermissionValidatorProvider(valueFactory));
providers.add(accessControlContext.getAccessControlValidatorProvider(valueFactory));
// TODO the following v-providers could be initialized at ContentRepo level
- // FIXME: use proper configuration
+ // FIXME: retrieve from user context
providers.add(new UserValidatorProvider(valueFactory, new UserConfig("admin")));
providers.add(new PrivilegeValidatorProvider(valueFactory));
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java Tue Aug 21 15:10:37 2012
@@ -40,9 +40,8 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.core.DefaultConflictHandler;
-import org.apache.jackrabbit.oak.security.user.UserProviderImpl;
import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
+import org.apache.jackrabbit.oak.spi.security.user.UserContext;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.util.ISO8601;
import org.apache.jackrabbit.util.Text;
@@ -78,11 +77,13 @@ public class TokenProviderImpl implement
private final ContentSession contentSession;
private final Root root;
+ private final UserContext userContext;
private final long tokenExpiration;
- public TokenProviderImpl(ContentSession contentSession, long tokenExpiration) {
+ public TokenProviderImpl(ContentSession contentSession, UserContext userContext, long tokenExpiration) {
this.contentSession = contentSession;
this.root = contentSession.getCurrentRoot();
+ this.userContext = userContext;
this.tokenExpiration = tokenExpiration;
}
@@ -124,8 +125,8 @@ public class TokenProviderImpl implement
String key = generateKey(8);
String token = new StringBuilder(tokenNode.getTree().getPath()).append(DELIM).append(key).toString();
- String pwHash = PasswordUtility.buildPasswordHash(key);
- tokenNode.setString(TOKEN_ATTRIBUTE_KEY, pwHash);
+ String tokenHash = PasswordUtility.buildPasswordHash(key);
+ tokenNode.setString(TOKEN_ATTRIBUTE_KEY, tokenHash);
final long expirationTime = creationTime + tokenExpiration;
tokenNode.setDate(TOKEN_ATTRIBUTE_EXPIRY, expirationTime);
@@ -238,8 +239,7 @@ public class TokenProviderImpl implement
@CheckForNull
private Tree getUserTree(String userID) {
- UserProvider userProvider = new UserProviderImpl(contentSession, root, null);
- return userProvider.getAuthorizable(userID);
+ return userContext.getUserProvider().getAuthorizable(userID);
}
//--------------------------------------------------------------------------
Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java (from r1375392, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/KernelPrincipalProvider.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/KernelPrincipalProvider.java&r1=1375392&r2=1375598&rev=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/KernelPrincipalProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java Tue Aug 21 15:10:37 2012
@@ -47,19 +47,20 @@ import org.slf4j.LoggerFactory;
* that operates on principal information read from user information stored
* in the {@code MicroKernel}.
*/
-public class KernelPrincipalProvider implements PrincipalProvider {
+public class PrincipalProviderImpl implements PrincipalProvider {
/**
* logger instance
*/
- private static final Logger log = LoggerFactory.getLogger(KernelPrincipalProvider.class);
+ private static final Logger log = LoggerFactory.getLogger(PrincipalProviderImpl.class);
private final UserProvider userProvider;
private final MembershipProvider membershipProvider;
private final PathMapper pathMapper;
- public KernelPrincipalProvider(UserProvider userProvider,
- MembershipProvider membershipProvider, PathMapper pathMapper) {
+ public PrincipalProviderImpl(UserProvider userProvider,
+ MembershipProvider membershipProvider,
+ PathMapper pathMapper) {
this.userProvider = userProvider;
this.membershipProvider = membershipProvider;
this.pathMapper = pathMapper;
@@ -112,6 +113,7 @@ public class KernelPrincipalProvider imp
}
//------------------------------------------------------------< private >---
+
private Set<Group> getGroupMembership(Tree authorizableTree) {
Iterator<String> groupPaths = membershipProvider.getMembership(authorizableTree, true);
Set<Group> groups = new HashSet<Group>();
@@ -165,7 +167,6 @@ public class KernelPrincipalProvider imp
Iterator<? extends Principal> members = Iterators.transform(declaredMemberPaths, new Function<String, Principal>() {
@Override
public Principal apply(@Nullable String oakPath) {
- // TODO
Tree tree = userProvider.getAuthorizableByPath(oakPath);
if (tree != null) {
if (isGroup(tree)) {
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java?rev=1375598&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java Tue Aug 21 15:10:37 2012
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.user;
+
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
+import org.apache.jackrabbit.oak.spi.security.user.UserContext;
+import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
+
+/**
+ * UserContextImpl... TODO
+ */
+public class UserContextImpl implements UserContext {
+
+ private final ContentSession contentSession;
+ private final UserConfig config;
+ private final UserProviderImpl userProvider;
+
+ // TODO add proper configuration
+ public UserContextImpl(ContentSession contentSession, Root currentRoot) {
+ this(contentSession, currentRoot, new UserConfig("admin"));
+ }
+
+ public UserContextImpl(ContentSession contentSession, Root currentRoot, UserConfig config) {
+ this.contentSession = contentSession;
+ this.config = config;
+ this.userProvider = new UserProviderImpl(contentSession, currentRoot, config);
+ }
+
+ @Override
+ public UserConfig getConfig() {
+ return config;
+ }
+
+ @Override
+ public UserProvider getUserProvider() {
+ return userProvider;
+ }
+
+ @Override
+ public MembershipProvider getMembershipProvider() {
+ return userProvider;
+ }
+
+ @Override
+ public ValidatorProvider getUserValidatorProvider() {
+ return new UserValidatorProvider(contentSession.getCoreValueFactory(), config);
+ }
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java Tue Aug 21 15:10:37 2012
@@ -152,7 +152,7 @@ import org.slf4j.LoggerFactory;
*
* TODO
*/
-public class UserProviderImpl implements UserProvider, MembershipProvider, UserConstants {
+class UserProviderImpl implements UserProvider, MembershipProvider, UserConstants {
/**
* logger instance
@@ -174,13 +174,9 @@ public class UserProviderImpl implements
private final String groupPath;
private final String userPath;
- public UserProviderImpl(ContentSession contentSession, Root root, UserConfig config) {
- this(contentSession.getCoreValueFactory(), contentSession.getQueryEngine(), root, config);
- }
-
- public UserProviderImpl(CoreValueFactory valueFactory, SessionQueryEngine queryEngine, Root root, UserConfig config) {
- this.valueFactory = valueFactory;
- this.queryEngine = queryEngine;
+ UserProviderImpl(ContentSession contentSession, Root root, UserConfig config) {
+ this.valueFactory = contentSession.getCoreValueFactory();
+ this.queryEngine = contentSession.getQueryEngine();
this.root = root;
this.identifierManager = new IdentifierManager(queryEngine, root);
@@ -286,6 +282,30 @@ public class UserProviderImpl implements
adminId.equals(getAuthorizableId(userTree));
}
+ @Override
+ public void setProtectedProperty(Tree authorizableTree, String propertyName, String value, int type) {
+ assert authorizableTree != null;
+
+ if (value == null) {
+ authorizableTree.removeProperty(propertyName);
+ } else {
+ CoreValue cv = valueFactory.createValue(value, type);
+ authorizableTree.setProperty(propertyName, cv);
+ }
+ }
+
+ @Override
+ public void setProtectedProperty(Tree authorizableTree, String propertyName, String[] values, int type) {
+ assert authorizableTree != null;
+
+ if (values == null) {
+ authorizableTree.removeProperty(propertyName);
+ } else {
+ NodeUtil node = new NodeUtil(authorizableTree, valueFactory);
+ node.setValues(propertyName, values, type);
+ }
+ }
+
//--------------------------------------------------< MembershipProvider>---
@Override
public Iterator<String> getMembership(String authorizableId, boolean includeInherited) {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/PasswordUtility.java Tue Aug 21 15:10:37 2012
@@ -91,6 +91,27 @@ public class PasswordUtility {
}
/**
+ * Same as {@link #buildPasswordHash(String, String, int, int)} but retrieving
+ * the parameters for hash generation from the specified configuration.
+ *
+ * @param password The password to be hashed.
+ * @param config The configuration defining the details of the hash generation.
+ * @return The password hash.
+ * @throws NoSuchAlgorithmException If the specified algorithm is not supported.
+ * @throws UnsupportedEncodingException If utf-8 is not supported.
+ */
+ public static String buildPasswordHash(String password, UserConfig config) throws NoSuchAlgorithmException, UnsupportedEncodingException {
+ if (config == null) {
+ throw new IllegalArgumentException("UserConfig must not be null");
+ }
+ String algorithm = config.getConfigValue(UserConfig.PARAM_PASSWORD_HASH_ALGORITHM, DEFAULT_ALGORITHM);
+ int iterations = config.getConfigValue(UserConfig.PARAM_PASSWORD_HASH_ITERATIONS, DEFAULT_ITERATIONS);
+ int saltSize = config.getConfigValue(UserConfig.PARAM_PASSWORD_SALT_SIZE, DEFAULT_SALT_SIZE);
+
+ return buildPasswordHash(password, algorithm, iterations, saltSize);
+ }
+
+ /**
* Returns {@code true} if the specified string doesn't start with a
* valid algorithm name in curly brackets.
*
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java?rev=1375598&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java Tue Aug 21 15:10:37 2012
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.user;
+
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+
+/**
+ * UserContext... TODO
+ */
+public interface UserContext {
+
+ @Nonnull
+ UserConfig getConfig();
+
+ @Nonnull
+ UserProvider getUserProvider();
+
+ @Nonnull
+ MembershipProvider getMembershipProvider();
+
+ @Nonnull
+ ValidatorProvider getUserValidatorProvider();
+
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java Tue Aug 21 15:10:37 2012
@@ -17,10 +17,12 @@
package org.apache.jackrabbit.oak.spi.security.user;
import java.security.Principal;
+import java.util.List;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.jcr.RepositoryException;
+import org.apache.jackrabbit.oak.api.CoreValue;
import org.apache.jackrabbit.oak.api.Tree;
/**
@@ -52,4 +54,8 @@ public interface UserProvider {
boolean isAdminUser(Tree userTree);
+ void setProtectedProperty(Tree authorizableTree, String propertyName, String value, int type);
+
+ void setProtectedProperty(Tree v, String propertyName, String[] values, int type);
+
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/util/NodeUtil.java Tue Aug 21 15:10:37 2012
@@ -238,6 +238,14 @@ public class NodeUtil {
tree.setProperty(name, cvs);
}
+ public void setValues(String name, String[] values, int type) {
+ List<CoreValue> cvs = Lists.newArrayList();
+ for (String value : values) {
+ cvs.add(factory.createValue(value, type));
+ }
+ tree.setProperty(name, cvs);
+ }
+
public Value[] getValues(String name, ValueFactory vf) {
PropertyState property = tree.getProperty(name);
if (property != null) {
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionDelegate.java Tue Aug 21 15:10:37 2012
@@ -54,6 +54,7 @@ import org.apache.jackrabbit.oak.namepat
import org.apache.jackrabbit.oak.namepath.NamePathMapperImpl;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
import org.apache.jackrabbit.oak.plugins.value.AnnotatingConflictHandler;
+import org.apache.jackrabbit.oak.security.user.UserContextImpl;
import org.apache.jackrabbit.oak.util.TODO;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -479,7 +480,8 @@ public class SessionDelegate {
}
UserManager getUserManager() throws UnsupportedRepositoryOperationException {
- return TODO.unimplemented().returnValue(new UserManagerImpl(this, root, null));
+
+ return TODO.unimplemented().returnValue(new UserManagerImpl(getSession(), getNamePathMapper(), new UserContextImpl(getContentSession(), root)));
}
//--------------------------------------------------< SessionNameMapper >---
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/ImpersonationImpl.java Tue Aug 21 15:10:37 2012
@@ -20,7 +20,6 @@ import java.security.Principal;
import java.security.acl.Group;
import java.util.HashSet;
import java.util.Set;
-import javax.jcr.PropertyType;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.UnsupportedRepositoryOperationException;
@@ -191,15 +190,12 @@ class ImpersonationImpl implements Imper
return princNames;
}
- private void updateImpersonatorNames(Set<String> principalNames) throws RepositoryException {
+ private void updateImpersonatorNames(Set<String> principalNames) {
String[] pNames = principalNames.toArray(new String[principalNames.size()]);
- Tree userTree = user.getTree();
if (pNames.length == 0) {
- if (userTree.hasProperty(REP_IMPERSONATORS)) {
- userTree.removeProperty(REP_IMPERSONATORS);
- } // nothing to do.
+ user.setProtectedProperty(REP_PRINCIPAL_NAME, (String) null);
} else {
- user.getUserManager().setInternalProperty(user.getTree(), REP_IMPERSONATORS, pNames, PropertyType.STRING);
+ user.setProtectedProperty(REP_IMPERSONATORS, pNames);
}
}
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserImpl.java Tue Aug 21 15:10:37 2012
@@ -137,10 +137,10 @@ class UserImpl extends AuthorizableImpl
if (reason == null) {
if (isDisabled()) {
// enable the user again.
- userTree.removeProperty(REP_DISABLED);
+ setProtectedProperty(REP_DISABLED, (String) null);
}
} else {
- getUserManager().setInternalProperty(getTree(), REP_DISABLED, reason, PropertyType.STRING);
+ setProtectedProperty(REP_DISABLED, reason);
}
}
@@ -163,4 +163,14 @@ class UserImpl extends AuthorizableImpl
} else
return null;
}
+
+ //--------------------------------------------------------------------------
+
+ void setProtectedProperty(String oakName, String value) {
+ getUserManager().getUserProvider().setProtectedProperty(getTree(), oakName, value, PropertyType.STRING);
+ }
+
+ void setProtectedProperty(String oakName, String[] values) {
+ getUserManager().getUserProvider().setProtectedProperty(getTree(), oakName, values, PropertyType.STRING);
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java?rev=1375598&r1=1375597&r2=1375598&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java Tue Aug 21 15:10:37 2012
@@ -20,7 +20,6 @@ import java.io.UnsupportedEncodingExcept
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.Iterator;
-import java.util.List;
import javax.annotation.CheckForNull;
import javax.jcr.Node;
import javax.jcr.PropertyType;
@@ -34,20 +33,15 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.api.security.user.Query;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
-import org.apache.jackrabbit.oak.api.CoreValue;
-import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
-import org.apache.jackrabbit.oak.jcr.SessionDelegate;
import org.apache.jackrabbit.oak.jcr.security.user.query.XPathQueryBuilder;
import org.apache.jackrabbit.oak.jcr.security.user.query.XPathQueryEvaluator;
-import org.apache.jackrabbit.oak.jcr.value.ValueConverter;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.security.user.UserProviderImpl;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
-import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
+import org.apache.jackrabbit.oak.spi.security.user.UserContext;
import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
import org.slf4j.Logger;
@@ -60,18 +54,15 @@ public class UserManagerImpl implements
private static final Logger log = LoggerFactory.getLogger(UserManagerImpl.class);
- private final SessionDelegate sessionDelegate;
- private final UserConfig config;
- private final UserProviderImpl userProvider;
- private final NodeTreeUtil util;
-
- public UserManagerImpl(SessionDelegate sessionDelegate, Root root, UserConfig config) {
- this.sessionDelegate = sessionDelegate;
- this.config = (config == null) ? new UserConfig("admin") : config;
- userProvider = new UserProviderImpl(sessionDelegate.getContentSession(), root, this.config);
+ private final Session session;
+ private final NamePathMapper namePathMapper;
- // FIXME: remove again. only tmp workaround
- this.util = new NodeTreeUtil(sessionDelegate.getSession(), root, sessionDelegate.getNamePathMapper());
+ private final UserContext userContext;
+
+ public UserManagerImpl(Session session, NamePathMapper namePathMapper, UserContext userContext) {
+ this.session = session;
+ this.namePathMapper = namePathMapper;
+ this.userContext = userContext;
}
//--------------------------------------------------------< UserManager >---
@@ -81,7 +72,7 @@ public class UserManagerImpl implements
@Override
public Authorizable getAuthorizable(String id) throws RepositoryException {
Authorizable authorizable = null;
- Tree tree = userProvider.getAuthorizable(id);
+ Tree tree = getUserProvider().getAuthorizable(id);
if (tree != null) {
authorizable = getAuthorizable(tree);
}
@@ -93,7 +84,7 @@ public class UserManagerImpl implements
*/
@Override
public Authorizable getAuthorizable(Principal principal) throws RepositoryException {
- return getAuthorizable(userProvider.getAuthorizableByPrincipal(principal));
+ return getAuthorizable(getUserProvider().getAuthorizableByPrincipal(principal));
}
/**
@@ -101,8 +92,11 @@ public class UserManagerImpl implements
*/
@Override
public Authorizable getAuthorizableByPath(String path) throws RepositoryException {
- String oakPath = sessionDelegate.getOakPathOrThrow(path);
- return getAuthorizable(userProvider.getAuthorizableByPath(oakPath));
+ String oakPath = namePathMapper.getOakPath(path);
+ if (oakPath == null) {
+ throw new RepositoryException("Invalid path " + path);
+ }
+ return getAuthorizable(getUserProvider().getAuthorizableByPath(oakPath));
}
@Override
@@ -120,7 +114,7 @@ public class UserManagerImpl implements
public Iterator<Authorizable> findAuthorizables(Query query) throws RepositoryException {
XPathQueryBuilder builder = new XPathQueryBuilder();
query.build(builder);
- return new XPathQueryEvaluator(builder, this, sessionDelegate.getQueryManager(), sessionDelegate.getNamePathMapper()).eval();
+ return new XPathQueryEvaluator(builder, this, session.getWorkspace().getQueryManager(), namePathMapper).eval();
}
@Override
@@ -139,11 +133,11 @@ public class UserManagerImpl implements
checkValidID(userID);
checkValidPrincipal(principal, false);
- Tree userTree = userProvider.createUser(userID, intermediatePath);
+ Tree userTree = getUserProvider().createUser(userID, intermediatePath);
setPrincipal(userTree, principal);
setPassword(userTree, password, true);
- User user = new UserImpl(util.getNode(userTree), userTree, this);
+ User user = new UserImpl(getNode(userTree), userTree, this);
onCreate(user, password);
log.debug("User created: " + userID);
@@ -176,10 +170,10 @@ public class UserManagerImpl implements
checkValidID(groupID);
checkValidPrincipal(principal, true);
- Tree groupTree = userProvider.createGroup(groupID, intermediatePath);
+ Tree groupTree = getUserProvider().createGroup(groupID, intermediatePath);
setPrincipal(groupTree, principal);
- Group group = new GroupImpl(util.getNode(groupTree), groupTree, this);
+ Group group = new GroupImpl(getNode(groupTree), groupTree, this);
onCreate(group);
log.debug("Group created: " + groupID);
@@ -221,7 +215,7 @@ public class UserManagerImpl implements
* @throws RepositoryException If an exception occurs.
*/
void onCreate(User user, String password) throws RepositoryException {
- for (AuthorizableAction action : config.getAuthorizableActions()) {
+ for (AuthorizableAction action : getAuthorizableActions()) {
action.onCreate(user, password, getSession());
}
}
@@ -235,7 +229,7 @@ public class UserManagerImpl implements
* @throws RepositoryException If an exception occurs.
*/
void onCreate(Group group) throws RepositoryException {
- for (AuthorizableAction action : config.getAuthorizableActions()) {
+ for (AuthorizableAction action : getAuthorizableActions()) {
action.onCreate(group, getSession());
}
}
@@ -249,7 +243,7 @@ public class UserManagerImpl implements
* @throws RepositoryException If an exception occurs.
*/
void onRemove(Authorizable authorizable) throws RepositoryException {
- for (AuthorizableAction action : config.getAuthorizableActions()) {
+ for (AuthorizableAction action : getAuthorizableActions()) {
action.onRemove(authorizable, getSession());
}
}
@@ -264,21 +258,25 @@ public class UserManagerImpl implements
* @throws RepositoryException If an exception occurs.
*/
void onPasswordChange(User user, String password) throws RepositoryException {
- for (AuthorizableAction action : config.getAuthorizableActions()) {
+ for (AuthorizableAction action : getAuthorizableActions()) {
action.onPasswordChange(user, password, getSession());
}
}
+ private AuthorizableAction[] getAuthorizableActions() {
+ return userContext.getConfig().getAuthorizableActions();
+ }
+
//--------------------------------------------------------------------------
/**
*
*
- * @param userNode The node representing the user.
+ * @param userTree The tree representing the user.
* @param password The plaintext password to set.
* @param forceHash If true the specified password will always be hashed.
* @throws javax.jcr.RepositoryException If an error occurs
*/
- void setPassword(Tree userNode, String password, boolean forceHash) throws RepositoryException {
+ void setPassword(Tree userTree, String password, boolean forceHash) throws RepositoryException {
if (password == null) {
log.debug("Password is null.");
return;
@@ -286,10 +284,7 @@ public class UserManagerImpl implements
String pwHash;
if (forceHash || PasswordUtility.isPlainTextPassword(password)) {
try {
- String algorithm = config.getConfigValue(UserConfig.PARAM_PASSWORD_HASH_ALGORITHM, PasswordUtility.DEFAULT_ALGORITHM);
- int iterations = config.getConfigValue(UserConfig.PARAM_PASSWORD_HASH_ITERATIONS, PasswordUtility.DEFAULT_ITERATIONS);
- int saltSize = config.getConfigValue(UserConfig.PARAM_PASSWORD_SALT_SIZE, PasswordUtility.DEFAULT_SALT_SIZE);
- pwHash = PasswordUtility.buildPasswordHash(password, algorithm, saltSize, iterations);
+ pwHash = PasswordUtility.buildPasswordHash(password, userContext.getConfig());
} catch (NoSuchAlgorithmException e) {
throw new RepositoryException(e);
} catch (UnsupportedEncodingException e) {
@@ -298,40 +293,31 @@ public class UserManagerImpl implements
} else {
pwHash = password;
}
- setInternalProperty(userNode, UserConstants.REP_PASSWORD, pwHash, PropertyType.STRING);
+ getUserProvider().setProtectedProperty(userTree, UserConstants.REP_PASSWORD, pwHash, PropertyType.STRING);
}
- void setPrincipal(Tree userNode, Principal principal) throws RepositoryException {
- if (userNode.getStatus() != Tree.Status.NEW || userNode.hasProperty(UserConstants.REP_PRINCIPAL_NAME)) {
+ void setPrincipal(Tree userTree, Principal principal) throws RepositoryException {
+ // TODO: remove check once user-validator properly enforces that constraint
+ if (userTree.getStatus() != Tree.Status.NEW || userTree.hasProperty(UserConstants.REP_PRINCIPAL_NAME)) {
throw new RepositoryException("rep:principalName can only be set once on a new node.");
}
- setInternalProperty(userNode, UserConstants.REP_PRINCIPAL_NAME, principal.getName(), PropertyType.STRING);
- }
-
- void setInternalProperty(Tree userNode, String oakName, String value, int type) throws RepositoryException {
- CoreValue cv = ValueConverter.toCoreValue(value, type, sessionDelegate);
- userNode.setProperty(oakName, cv);
- }
-
- void setInternalProperty(Tree userNode, String oakName, String[] values, int type) throws RepositoryException {
- List<CoreValue> cvs = ValueConverter.toCoreValues(values, type, sessionDelegate);
- userNode.setProperty(oakName, cvs);
+ getUserProvider().setProtectedProperty(userTree, UserConstants.REP_PRINCIPAL_NAME, principal.getName(), PropertyType.STRING);
}
Session getSession() {
- return sessionDelegate.getSession();
+ return session;
}
NamePathMapper getNamePathMapper() {
- return sessionDelegate.getNamePathMapper();
+ return namePathMapper;
}
UserProvider getUserProvider() {
- return userProvider;
+ return userContext.getUserProvider();
}
MembershipProvider getMembershipProvider() {
- return userProvider;
+ return userContext.getMembershipProvider();
}
@CheckForNull
@@ -339,7 +325,7 @@ public class UserManagerImpl implements
if (tree == null) {
return null;
}
- Node node = util.getNode(tree);
+ Node node = getNode(tree);
if (node.isNodeType(getJcrName(UserConstants.NT_REP_USER))) {
return new UserImpl(node, tree, this);
} else if (node.isNodeType(getJcrName(UserConstants.NT_REP_GROUP))) {
@@ -350,7 +336,11 @@ public class UserManagerImpl implements
}
String getJcrName(String oakName) {
- return sessionDelegate.getNamePathMapper().getJcrName(oakName);
+ return namePathMapper.getJcrName(oakName);
+ }
+
+ private Node getNode(Tree tree) throws RepositoryException {
+ return session.getNode(namePathMapper.getJcrPath(tree.getPath()));
}
private void checkValidID(String ID) throws RepositoryException {