You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/10/26 16:47:56 UTC
svn commit: r1402535 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak:
security/user/ spi/security/user/action/
Author: angela
Date: Fri Oct 26 14:47:56 2012
New Revision: 1402535
URL: http://svn.apache.org/viewvc?rev=1402535&view=rev
Log:
OAK-50 : Implement User Management (WIP)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/JcrAuthorizableProperties.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/JcrAuthorizableProperties.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/JcrAuthorizableProperties.java?rev=1402535&r1=1402534&r2=1402535&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/JcrAuthorizableProperties.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/JcrAuthorizableProperties.java Fri Oct 26 14:47:56 2012
@@ -25,6 +25,7 @@ import javax.jcr.Property;
import javax.jcr.PropertyIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
+import javax.jcr.nodetype.ConstraintViolationException;
import javax.jcr.nodetype.NodeType;
import javax.jcr.nodetype.PropertyDefinition;
@@ -152,6 +153,8 @@ class JcrAuthorizableProperties implemen
if (isAuthorizableProperty(p, true)) {
p.remove();
return true;
+ } else {
+ throw new ConstraintViolationException("Property " + relPath + " isn't a modifiable authorizable property");
}
}
// no such property or wasn't a property of this authorizable.
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?rev=1402535&r1=1402534&r2=1402535&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java Fri Oct 26 14:47:56 2012
@@ -239,11 +239,7 @@ public class UserManagerImpl implements
*/
void onCreate(User user, String password) throws RepositoryException {
for (AuthorizableAction action : authorizableActions) {
- if (session != null) {
- action.onCreate(user, password, session);
- } else {
- action.onCreate(user, password, root);
- }
+ action.onCreate(user, password, root);
}
}
@@ -257,11 +253,7 @@ public class UserManagerImpl implements
*/
void onCreate(Group group) throws RepositoryException {
for (AuthorizableAction action : authorizableActions) {
- if (session != null) {
- action.onCreate(group, session);
- } else {
- action.onCreate(group, root);
- }
+ action.onCreate(group, root);
}
}
@@ -275,11 +267,7 @@ public class UserManagerImpl implements
*/
void onRemove(Authorizable authorizable) throws RepositoryException {
for (AuthorizableAction action : authorizableActions) {
- if (session != null) {
- action.onRemove(authorizable, session);
- } else {
- action.onRemove(authorizable, root);
- }
+ action.onRemove(authorizable, root);
}
}
@@ -294,11 +282,7 @@ public class UserManagerImpl implements
*/
void onPasswordChange(User user, String password) throws RepositoryException {
for (AuthorizableAction action : authorizableActions) {
- if (session != null) {
- action.onPasswordChange(user, password, session);
- } else {
- action.onPasswordChange(user, password, root);
- }
+ action.onPasswordChange(user, password, root);
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java?rev=1402535&r1=1402534&r2=1402535&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java Fri Oct 26 14:47:56 2012
@@ -17,7 +17,6 @@
package org.apache.jackrabbit.oak.spi.security.user.action;
import javax.jcr.RepositoryException;
-import javax.jcr.Session;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
@@ -34,17 +33,6 @@ public abstract class AbstractAuthorizab
/**
* Doesn't perform any action.
*
- * @see AuthorizableAction#onCreate(org.apache.jackrabbit.api.security.user.Group, javax.jcr.Session)
- */
- @Override
- public void onCreate(Group group, Session session) throws RepositoryException {
- // nothing to do
-
- }
-
- /**
- * Doesn't perform any action.
- *
* @see AuthorizableAction#onCreate(org.apache.jackrabbit.api.security.user.Group, Root)
*/
@Override
@@ -55,16 +43,6 @@ public abstract class AbstractAuthorizab
/**
* Doesn't perform any action.
*
- * @see AuthorizableAction#onCreate(org.apache.jackrabbit.api.security.user.User, String, javax.jcr.Session)
- */
- @Override
- public void onCreate(User user, String password, Session session) throws RepositoryException {
- // nothing to do
- }
-
- /**
- * Doesn't perform any action.
- *
* @see AuthorizableAction#onCreate(org.apache.jackrabbit.api.security.user.User, String, Root)
*/
@Override
@@ -75,16 +53,6 @@ public abstract class AbstractAuthorizab
/**
* Doesn't perform any action.
*
- * @see AuthorizableAction#onRemove(org.apache.jackrabbit.api.security.user.Authorizable, javax.jcr.Session)
- */
- @Override
- public void onRemove(Authorizable authorizable, Session session) throws RepositoryException {
- // nothing to do
- }
-
- /**
- * Doesn't perform any action.
- *
* @see AuthorizableAction#onRemove(org.apache.jackrabbit.api.security.user.Authorizable, Root)
*/
@Override
@@ -95,20 +63,10 @@ public abstract class AbstractAuthorizab
/**
* Doesn't perform any action.
*
- * @see AuthorizableAction#onPasswordChange(org.apache.jackrabbit.api.security.user.User, String, javax.jcr.Session)
- */
- @Override
- public void onPasswordChange(User user, String newPassword, Session session) throws RepositoryException {
- // nothing to do
- }
-
- /**
- * Doesn't perform any action.
- *
* @see AuthorizableAction#onPasswordChange(org.apache.jackrabbit.api.security.user.User, String, Root)
*/
@Override
public void onPasswordChange(User user, String newPassword, Root root) throws RepositoryException {
// nothing to do
}
-}
\ No newline at end of file
+}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java?rev=1402535&r1=1402534&r2=1402535&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java Fri Oct 26 14:47:56 2012
@@ -16,18 +16,12 @@
*/
package org.apache.jackrabbit.oak.spi.security.user.action;
-import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
-import javax.jcr.Node;
import javax.jcr.RepositoryException;
-import javax.jcr.Session;
import javax.jcr.security.AccessControlManager;
-import javax.jcr.security.AccessControlPolicy;
-import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
@@ -103,22 +97,6 @@ public class AccessControlAction extends
private String[] userPrivilegeNames = new String[0];
//-------------------------------------------------< AuthorizableAction >---
- /**
- * @see AuthorizableAction#onCreate(org.apache.jackrabbit.api.security.user.Group, javax.jcr.Session)
- */
- @Override
- public void onCreate(Group group, Session session) throws RepositoryException {
- setAC(group, session);
- }
-
- /**
- * @see AuthorizableAction#onCreate(org.apache.jackrabbit.api.security.user.User, String, javax.jcr.Session)
- */
- @Override
- public void onCreate(User user, String password, Session session) throws RepositoryException {
- setAC(user, session);
- }
-
@Override
public void onCreate(Group group, Root root) throws RepositoryException {
setAC(group, root);
@@ -154,46 +132,45 @@ public class AccessControlAction extends
}
//------------------------------------------------------------< private >---
- private void setAC(Authorizable authorizable, Session session) throws RepositoryException {
- Node aNode;
- String path = authorizable.getPath();
-
- JackrabbitAccessControlList acl = null;
- AccessControlManager acMgr = session.getAccessControlManager();
- for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path); it.hasNext();) {
- AccessControlPolicy plc = it.nextAccessControlPolicy();
- if (plc instanceof JackrabbitAccessControlList) {
- acl = (JackrabbitAccessControlList) plc;
- break;
- }
- }
-
- if (acl == null) {
- log.warn("Cannot process AccessControlAction: no applicable ACL at " + path);
- } else {
- // setup acl according to configuration.
- Principal principal = authorizable.getPrincipal();
- boolean modified = false;
- if (authorizable.isGroup()) {
- // new authorizable is a Group
- if (groupPrivilegeNames.length > 0) {
- modified = acl.addAccessControlEntry(principal, getPrivileges(groupPrivilegeNames, acMgr));
- }
- } else {
- // new authorizable is a User
- if (userPrivilegeNames.length > 0) {
- modified = acl.addAccessControlEntry(principal, getPrivileges(userPrivilegeNames, acMgr));
- }
- }
- if (modified) {
- acMgr.setPolicy(path, acl);
- }
- }
- }
private void setAC(Authorizable authorizable, Root root) throws RepositoryException {
// TODO: add implementation
log.error("Not yet implemented");
+
+// Node aNode;
+// String path = authorizable.getPath();
+//
+// JackrabbitAccessControlList acl = null;
+// AccessControlManager acMgr = session.getAccessControlManager();
+// for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path); it.hasNext();) {
+// AccessControlPolicy plc = it.nextAccessControlPolicy();
+// if (plc instanceof JackrabbitAccessControlList) {
+// acl = (JackrabbitAccessControlList) plc;
+// break;
+// }
+// }
+//
+// if (acl == null) {
+// log.warn("Cannot process AccessControlAction: no applicable ACL at " + path);
+// } else {
+// // setup acl according to configuration.
+// Principal principal = authorizable.getPrincipal();
+// boolean modified = false;
+// if (authorizable.isGroup()) {
+// // new authorizable is a Group
+// if (groupPrivilegeNames.length > 0) {
+// modified = acl.addAccessControlEntry(principal, getPrivileges(groupPrivilegeNames, acMgr));
+// }
+// } else {
+// // new authorizable is a User
+// if (userPrivilegeNames.length > 0) {
+// modified = acl.addAccessControlEntry(principal, getPrivileges(userPrivilegeNames, acMgr));
+// }
+// }
+// if (modified) {
+// acMgr.setPolicy(path, acl);
+// }
+// }
}
/**
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java?rev=1402535&r1=1402534&r2=1402535&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java Fri Oct 26 14:47:56 2012
@@ -17,7 +17,6 @@
package org.apache.jackrabbit.oak.spi.security.user.action;
import javax.jcr.RepositoryException;
-import javax.jcr.Session;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
@@ -43,26 +42,13 @@ import org.apache.jackrabbit.oak.api.Roo
*/
public interface AuthorizableAction {
- // TODO: review (rather split into OAK and JCR level interface?)
- /**
- * Allows to add application specific modifications or validation associated
- * with the creation of a new group. Note, that this method is called
- * <strong>before</strong> any {@code Session#save} call.
- *
- * @param group The new group that has not yet been persisted;
- * e.g. the associated node is still 'NEW'.
- * @param session The editing session associated with the user manager.
- * @throws javax.jcr.RepositoryException If an error occurs.
- */
- void onCreate(Group group, Session session) throws RepositoryException;
-
/**
* Allows to add application specific modifications or validation associated
* with the creation of a new group. Note, that this method is called
* <strong>before</strong> any {@code Root#commit()} call.
*
* @param group The new group that has not yet been persisted;
- * e.g. the associated node is still 'NEW'.
+ * e.g. the associated tree is still 'NEW'.
* @param root The root associated with the user manager.
* @throws javax.jcr.RepositoryException If an error occurs.
*/
@@ -71,23 +57,10 @@ public interface AuthorizableAction {
/**
* Allows to add application specific modifications or validation associated
* with the creation of a new user. Note, that this method is called
- * <strong>before</strong> any {@code Session#save} call.
- *
- * @param user The new user that has not yet been persisted;
- * e.g. the associated node is still 'NEW'.
- * @param password The password that was specified upon user creation.
- * @param session The editing session associated with the user manager.
- * @throws RepositoryException If an error occurs.
- */
- void onCreate(User user, String password, Session session) throws RepositoryException;
-
- /**
- * Allows to add application specific modifications or validation associated
- * with the creation of a new user. Note, that this method is called
* <strong>before</strong> any {@code Root#commit()} call.
*
* @param user The new user that has not yet been persisted;
- * e.g. the associated node is still 'NEW'.
+ * e.g. the associated tree is still 'NEW'.
* @param password The password that was specified upon user creation.
* @param root The root associated with the user manager.
* @throws RepositoryException If an error occurs.
@@ -101,18 +74,6 @@ public interface AuthorizableAction {
* target authorizable still exists.
*
* @param authorizable The authorizable to be removed.
- * @param session The editing session associated with the user manager.
- * @throws RepositoryException If an error occurs.
- */
- void onRemove(Authorizable authorizable, Session session) throws RepositoryException;
-
- /**
- * Allows to add application specific behavior associated with the removal
- * of an authorizable. Note, that this method is called <strong>before</strong>
- * {@link org.apache.jackrabbit.api.security.user.Authorizable#remove} is executed (and persisted); thus the
- * target authorizable still exists.
- *
- * @param authorizable The authorizable to be removed.
* @param root The root associated with the user manager.
* @throws RepositoryException If an error occurs.
*/
@@ -125,18 +86,6 @@ public interface AuthorizableAction {
*
* @param user The user that whose password is going to change.
* @param newPassword The new password as specified in {@link User#changePassword}
- * @param session The editing session associated with the user manager.
- * @throws RepositoryException If an exception or error occurs.
- */
- void onPasswordChange(User user, String newPassword, Session session) throws RepositoryException;
-
- /**
- * Allows to add application specific action or validation associated with
- * changing a user password. Note, that this method is called <strong>before</strong>
- * the password property is being modified in the content.
- *
- * @param user The user that whose password is going to change.
- * @param newPassword The new password as specified in {@link User#changePassword}
* @param root The root associated with the user manager.
* @throws RepositoryException If an exception or error occurs.
*/
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java?rev=1402535&r1=1402534&r2=1402535&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java Fri Oct 26 14:47:56 2012
@@ -18,7 +18,6 @@ package org.apache.jackrabbit.oak.spi.se
import java.util.Iterator;
import javax.jcr.RepositoryException;
-import javax.jcr.Session;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
@@ -26,21 +25,13 @@ import org.apache.jackrabbit.oak.api.Roo
/**
* Authorizable action attempting to clear all group membership before removing
- * the specified authorizable. If {@link Group#removeMember(org.apache.jackrabbit.api.security.user.Authorizable)}
- * fails due to lack of permissions {@link #onRemove(org.apache.jackrabbit.api.security.user.Authorizable, javax.jcr.Session)}
+ * the specified authorizable. If {@link Group#removeMember(Authorizable)}
+ * fails due to lack of permissions {@link #onRemove(Authorizable, Root)}
* throws an exception and removing the specified authorizable will be aborted.
*/
public class ClearMembershipAction extends AbstractAuthorizableAction {
//-------------------------------------------------< AuthorizableAction >---
- /**
- * @see AuthorizableAction#onRemove(org.apache.jackrabbit.api.security.user.Authorizable, javax.jcr.Session)
- */
- @Override
- public void onRemove(Authorizable authorizable, Session session) throws RepositoryException {
- clearMembership(authorizable);
- }
-
@Override
public void onRemove(Authorizable authorizable, Root root) throws RepositoryException {
clearMembership(authorizable);
@@ -53,4 +44,4 @@ public class ClearMembershipAction exten
membership.next().removeMember(authorizable);
}
}
-}
\ No newline at end of file
+}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java?rev=1402535&r1=1402534&r2=1402535&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java Fri Oct 26 14:47:56 2012
@@ -19,7 +19,6 @@ package org.apache.jackrabbit.oak.spi.se
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.jcr.RepositoryException;
-import javax.jcr.Session;
import javax.jcr.nodetype.ConstraintViolationException;
import org.apache.jackrabbit.api.security.user.User;
@@ -56,21 +55,11 @@ public class PasswordValidationAction ex
//-------------------------------------------------< AuthorizableAction >---
@Override
- public void onCreate(User user, String password, Session session) throws RepositoryException {
- validatePassword(password, false);
- }
-
- @Override
public void onCreate(User user, String password, Root root) throws RepositoryException {
validatePassword(password, false);
}
@Override
- public void onPasswordChange(User user, String newPassword, Session session) throws RepositoryException {
- validatePassword(newPassword, true);
- }
-
- @Override
public void onPasswordChange(User user, String newPassword, Root root) throws RepositoryException {
validatePassword(newPassword, true);
}