You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2016/01/28 10:43:12 UTC
svn commit: r1727293 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/
oak-core/src/main/java/org/apache/jackrabbit/oa...
Author: angela
Date: Thu Jan 28 09:43:12 2016
New Revision: 1727293
URL: http://svn.apache.org/viewvc?rev=1727293&view=rev
Log:
OAK-3901 : SecurityProviderRegistration must respect service ranking of aggregated configurations
OAK-3902 : SecurityProviderRegistration doesn't fill the composite context
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/CompositeTokenConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/package-info.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java
jackrabbit/oak/trunk/oak-pojosr/src/test/groovy/org/apache/jackrabbit/oak/run/osgi/SecurityProviderRegistrationTest.groovy
jackrabbit/oak/trunk/oak-pojosr/src/test/java/org/apache/jackrabbit/oak/run/osgi/OakOSGiRepositoryFactoryTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java Thu Jan 28 09:43:12 2016
@@ -103,6 +103,7 @@ import org.apache.jackrabbit.oak.spi.xml
intValue = 100)
})
public class AuthorizationConfigurationImpl extends ConfigurationBase implements AuthorizationConfiguration {
+
public AuthorizationConfigurationImpl() {
super();
}
@@ -113,7 +114,6 @@ public class AuthorizationConfigurationI
setParameters(ConfigurationParameters.of(properties));
}
-
public AuthorizationConfigurationImpl(SecurityProvider securityProvider) {
super(securityProvider, securityProvider.getParameters(NAME));
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java Thu Jan 28 09:43:12 2016
@@ -29,6 +29,7 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.CompositeConfiguration;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider;
@@ -44,6 +45,10 @@ import org.apache.jackrabbit.oak.spi.sec
*/
public class CompositeAuthorizationConfiguration extends CompositeConfiguration<AuthorizationConfiguration> implements AuthorizationConfiguration {
+ public CompositeAuthorizationConfiguration() {
+ super(AuthorizationConfiguration.NAME);
+ }
+
public CompositeAuthorizationConfiguration(@Nonnull SecurityProvider securityProvider) {
super(AuthorizationConfiguration.NAME, securityProvider);
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java Thu Jan 28 09:43:12 2016
@@ -29,7 +29,9 @@ import org.apache.felix.scr.annotations.
import org.apache.felix.scr.annotations.References;
import org.apache.jackrabbit.oak.commons.PropertiesUtil;
import org.apache.jackrabbit.oak.osgi.OsgiWhiteboard;
+import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
import org.apache.jackrabbit.oak.security.user.UserConfigurationImpl;
+import org.apache.jackrabbit.oak.spi.security.CompositeConfiguration;
import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
@@ -58,12 +60,13 @@ import org.osgi.framework.ServiceRegistr
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.util.ArrayList;
import java.util.Dictionary;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
+import javax.annotation.Nonnull;
+
import static com.google.common.collect.Lists.newArrayList;
import static com.google.common.collect.Lists.newCopyOnWriteArrayList;
@@ -81,10 +84,11 @@ import static com.google.common.collect.
"unless the services identified by these PIDs are " +
"registered first. Only the PIDs of implementations of " +
"the following interfaces are checked: " +
- "PrincipalConfiguration, TokenConfiguration, " +
- "AuthorizableActionProvider, " +
+ "AuthorizationConfiguration, PrincipalConfiguration, " +
+ "TokenConfiguration, AuthorizableActionProvider, " +
"RestrictionProvider and UserAuthenticationFactory.",
value = {
+ "org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl",
"org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl",
"org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl",
"org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider",
@@ -96,6 +100,12 @@ import static com.google.common.collect.
})
@References({
@Reference(
+ name = "authorizationConfiguration",
+ referenceInterface = AuthorizationConfiguration.class,
+ cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE,
+ policy = ReferencePolicy.DYNAMIC
+ ),
+ @Reference(
name = "principalConfiguration",
referenceInterface = PrincipalConfiguration.class,
cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE,
@@ -138,9 +148,6 @@ public class SecurityProviderRegistratio
private static final Logger log = LoggerFactory.getLogger(SecurityProviderRegistration.class);
@Reference
- private AuthorizationConfiguration authorizationConfiguration;
-
- @Reference
private AuthenticationConfiguration authenticationConfiguration;
@Reference
@@ -157,18 +164,17 @@ public class SecurityProviderRegistratio
private final Preconditions preconditions = new Preconditions();
- private final List<PrincipalConfiguration> principalConfigurations = newCopyOnWriteArrayList();
-
- private final List<TokenConfiguration> tokenConfigurations = newCopyOnWriteArrayList();
+ private final CompositeAuthorizationConfiguration authorizationConfiguration = new CompositeAuthorizationConfiguration();
+ private final CompositePrincipalConfiguration principalConfiguration = new CompositePrincipalConfiguration();
+ private final CompositeTokenConfiguration tokenConfiguration = new CompositeTokenConfiguration();
private final List<AuthorizableNodeName> authorizableNodeNames = newCopyOnWriteArrayList();
-
private final List<AuthorizableActionProvider> authorizableActionProviders = newCopyOnWriteArrayList();
-
private final List<RestrictionProvider> restrictionProviders = newCopyOnWriteArrayList();
-
private final List<UserAuthenticationFactory> userAuthenticationFactories = newCopyOnWriteArrayList();
+ //----------------------------------------------------< SCR integration >---
+
@Activate
public void activate(BundleContext context, Map<String, Object> configuration) {
String[] requiredServicePids = getRequiredServicePids(configuration);
@@ -219,13 +225,7 @@ public class SecurityProviderRegistratio
}
}
- public void bindAuthorizationConfiguration(AuthorizationConfiguration authorizationConfiguration) {
- this.authorizationConfiguration = authorizationConfiguration;
- }
-
- public void unbindAuthorizationConfiguration(AuthorizationConfiguration authorizationConfiguration) {
- this.authorizationConfiguration = null;
- }
+ //--------------------------------------< unary security configurations >---
public void bindAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) {
this.authenticationConfiguration = authenticationConfiguration;
@@ -251,42 +251,50 @@ public class SecurityProviderRegistratio
this.userConfiguration = null;
}
- public void bindPrincipalConfiguration(PrincipalConfiguration principalConfiguration, Map<String, Object> properties) {
- synchronized (this) {
- principalConfigurations.add(principalConfiguration);
- addCandidate(properties);
- }
+ //-----------------------------------< multiple security configurations >---
- maybeRegister();
+ public void bindAuthorizationConfiguration(AuthorizationConfiguration configuration, Map<String, Object> properties) {
+ bindConfiguration(authorizationConfiguration, configuration, properties);
}
- public void unbindPrincipalConfiguration(PrincipalConfiguration principalConfiguration, Map<String, Object> properties) {
- synchronized (this) {
- principalConfigurations.remove(principalConfiguration);
- removeCandidate(properties);
- }
+ public void unbindAuthorizationConfiguration(AuthorizationConfiguration configuration, Map<String, Object> properties) {
+ unbindConfiguration(authorizationConfiguration, configuration, properties);
+ }
- maybeUnregister();
+ public void bindPrincipalConfiguration(PrincipalConfiguration configuration, Map<String, Object> properties) {
+ bindConfiguration(principalConfiguration, configuration, properties);
}
- public void bindTokenConfiguration(TokenConfiguration tokenConfiguration, Map<String, Object> properties) {
+ public void unbindPrincipalConfiguration(PrincipalConfiguration configuration, Map<String, Object> properties) {
+ unbindConfiguration(principalConfiguration, configuration, properties);
+ }
+
+ public void bindTokenConfiguration(TokenConfiguration configuration, Map<String, Object> properties) {
+ bindConfiguration(tokenConfiguration, configuration, properties);
+ }
+
+ public void unbindTokenConfiguration(TokenConfiguration configuration, Map<String, Object> properties) {
+ unbindConfiguration(tokenConfiguration, configuration, properties);
+ }
+
+ private void bindConfiguration(@Nonnull CompositeConfiguration composite, @Nonnull SecurityConfiguration configuration, Map<String, Object> properties) {
synchronized (this) {
- tokenConfigurations.add(tokenConfiguration);
+ composite.addConfiguration(configuration, ConfigurationParameters.of(properties));
addCandidate(properties);
}
-
maybeRegister();
}
- public void unbindTokenConfiguration(TokenConfiguration tokenConfiguration, Map<String, Object> properties) {
+ private void unbindConfiguration(@Nonnull CompositeConfiguration composite, @Nonnull SecurityConfiguration configuration, Map<String, Object> properties) {
synchronized (this) {
- tokenConfigurations.remove(tokenConfiguration);
+ composite.removeConfiguration(configuration);
removeCandidate(properties);
}
-
maybeUnregister();
}
+ //------------------------------------------------------------< add ons >---
+
public void bindAuthorizableNodeName(AuthorizableNodeName authorizableNodeName, Map<String, Object> properties) {
synchronized (this) {
authorizableNodeNames.add(authorizableNodeName);
@@ -469,20 +477,31 @@ public class SecurityProviderRegistratio
log.info("SecurityProvider instance unregistered");
}
- private SecurityProvider createSecurityProvider(BundleContext context) {
+ private SecurityProvider createSecurityProvider(@Nonnull BundleContext context) {
InternalSecurityProvider securityProvider = new InternalSecurityProvider();
// Static, mandatory references
securityProvider.setAuthenticationConfiguration(initializeConfiguration(securityProvider, authenticationConfiguration));
- securityProvider.setAuthorizationConfiguration(initializeConfiguration(securityProvider, authorizationConfiguration));
- securityProvider.setUserConfiguration(initializeConfiguration(securityProvider, userConfiguration));
securityProvider.setPrivilegeConfiguration(initializeConfiguration(securityProvider, privilegeConfiguration));
+ ConfigurationParameters userParams = ConfigurationParameters.of(
+ ConfigurationParameters.of(UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER, createWhiteboardAuthorizableActionProvider()),
+ ConfigurationParameters.of(UserConstants.PARAM_AUTHORIZABLE_NODE_NAME, createWhiteboardAuthorizableNodeName()),
+ ConfigurationParameters.of(UserConstants.PARAM_USER_AUTHENTICATION_FACTORY, createWhiteboardUserAuthenticationFactory()));
+ securityProvider.setUserConfiguration(initializeConfiguration(securityProvider, userConfiguration, userParams));
+
// Multiple, dynamic references
- securityProvider.setPrincipalConfiguration(createCompositePrincipalConfiguration(securityProvider));
- securityProvider.setTokenConfiguration(createCompositeTokenConfiguration(securityProvider));
+ ConfigurationParameters restrictionParams = ConfigurationParameters.of(AccessControlConstants.PARAM_RESTRICTION_PROVIDER, createWhiteboardRestrictionProvider());
+ initializeConfigurations(securityProvider, authorizationConfiguration, restrictionParams);
+ securityProvider.setAuthorizationConfiguration(authorizationConfiguration);
+
+ initializeConfigurations(securityProvider, principalConfiguration, ConfigurationParameters.EMPTY);
+ securityProvider.setPrincipalConfiguration(principalConfiguration);
+
+ initializeConfigurations(securityProvider, tokenConfiguration, ConfigurationParameters.EMPTY);
+ securityProvider.setTokenConfiguration(tokenConfiguration);
// Whiteboard
@@ -491,59 +510,11 @@ public class SecurityProviderRegistratio
return securityProvider;
}
- private PrincipalConfiguration createCompositePrincipalConfiguration(SecurityProvider securityProvider) {
- return new CompositePrincipalConfiguration(securityProvider) {
-
- @Override
- protected List<PrincipalConfiguration> getConfigurations() {
- ArrayList<PrincipalConfiguration> configurations = newArrayList(principalConfigurations);
-
- for (PrincipalConfiguration configuration : configurations) {
- initializeConfiguration(getSecurityProvider(), configuration);
- }
-
- return configurations;
- }
-
- };
- }
-
- private TokenConfiguration createCompositeTokenConfiguration(SecurityProvider securityProvider) {
- return new CompositeTokenConfiguration(securityProvider) {
-
- @Override
- protected List<TokenConfiguration> getConfigurations() {
- List<TokenConfiguration> configurations = newArrayList(tokenConfigurations);
-
- for (TokenConfiguration configuration : configurations) {
- initializeConfiguration(getSecurityProvider(), configuration);
- }
-
- return configurations;
- }
-
- };
- }
-
- private AuthorizationConfiguration initializeConfiguration(SecurityProvider securityProvider, AuthorizationConfiguration authorizationConfiguration) {
- return initializeConfiguration(securityProvider, authorizationConfiguration, ConfigurationParameters.of(
- AccessControlConstants.PARAM_RESTRICTION_PROVIDER, createCompositeRestrictionProvider()
- ));
- }
-
- private UserConfiguration initializeConfiguration(SecurityProvider securityProvider, UserConfiguration userConfiguration) {
- return initializeConfiguration(securityProvider, userConfiguration, ConfigurationParameters.of(
- ConfigurationParameters.of(UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER, createCompositeAuthorizableActionProvider()),
- ConfigurationParameters.of(UserConstants.PARAM_AUTHORIZABLE_NODE_NAME, createCompositeAuthorizableNodeName()),
- ConfigurationParameters.of(UserConstants.PARAM_USER_AUTHENTICATION_FACTORY, createCompositeUserAuthenticationFactory())
- ));
- }
-
- private <T extends SecurityConfiguration> T initializeConfiguration(SecurityProvider securityProvider, T configuration) {
+ private static <T extends SecurityConfiguration> T initializeConfiguration(@Nonnull SecurityProvider securityProvider, @Nonnull T configuration) {
return initializeConfiguration(securityProvider, configuration, ConfigurationParameters.EMPTY);
}
- private <T extends SecurityConfiguration> T initializeConfiguration(SecurityProvider securityProvider, T configuration, ConfigurationParameters parameters) {
+ private static <T extends SecurityConfiguration> T initializeConfiguration(@Nonnull SecurityProvider securityProvider, @Nonnull T configuration, @Nonnull ConfigurationParameters parameters) {
if (configuration instanceof ConfigurationBase) {
ConfigurationBase base = (ConfigurationBase) configuration;
base.setSecurityProvider(securityProvider);
@@ -553,7 +524,17 @@ public class SecurityProviderRegistratio
return configuration;
}
- private RestrictionProvider createCompositeRestrictionProvider() {
+ private static void initializeConfigurations(@Nonnull SecurityProvider securityProvider,
+ @Nonnull CompositeConfiguration configuration,
+ @Nonnull ConfigurationParameters parameters) {
+ configuration.setSecurityProvider(securityProvider);
+ List<? extends SecurityConfiguration> configs = configuration.getConfigurations();
+ for (SecurityConfiguration config : configs) {
+ initializeConfiguration(securityProvider, config, parameters);
+ }
+ }
+
+ private RestrictionProvider createWhiteboardRestrictionProvider() {
return new WhiteboardRestrictionProvider() {
@Override
@@ -564,7 +545,7 @@ public class SecurityProviderRegistratio
};
}
- private AuthorizableActionProvider createCompositeAuthorizableActionProvider() {
+ private AuthorizableActionProvider createWhiteboardAuthorizableActionProvider() {
return new WhiteboardAuthorizableActionProvider() {
@Override
@@ -575,7 +556,7 @@ public class SecurityProviderRegistratio
};
}
- private AuthorizableNodeName createCompositeAuthorizableNodeName() {
+ private AuthorizableNodeName createWhiteboardAuthorizableNodeName() {
return new WhiteboardAuthorizableNodeName() {
@Override
@@ -586,7 +567,7 @@ public class SecurityProviderRegistratio
};
}
- private UserAuthenticationFactory createCompositeUserAuthenticationFactory() {
+ private UserAuthenticationFactory createWhiteboardUserAuthenticationFactory() {
return new WhiteboardUserAuthenticationFactory(UserConfigurationImpl.getDefaultAuthenticationFactory()) {
@Override
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java Thu Jan 28 09:43:12 2016
@@ -43,6 +43,7 @@ import org.apache.jackrabbit.oak.spi.lif
import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
+import org.osgi.framework.Constants;
/**
* Abstract base implementation for {@link SecurityConfiguration}s that can
@@ -66,11 +67,16 @@ public abstract class CompositeConfigura
private final List<T> configurations = new CopyOnWriteArrayList<T>();
private final String name;
- private final SecurityProvider securityProvider;
private final CompositeContext ctx = new CompositeContext();
+ private SecurityProvider securityProvider;
+
private T defaultConfig;
+ public CompositeConfiguration(@Nonnull String name) {
+ this.name = name;
+ }
+
public CompositeConfiguration(@Nonnull String name, @Nonnull SecurityProvider securityProvider) {
this.name = name;
this.securityProvider = securityProvider;
@@ -87,7 +93,14 @@ public abstract class CompositeConfigura
}
public void addConfiguration(@Nonnull T configuration) {
+ addConfiguration(configuration, ConfigurationParameters.EMPTY);
+ }
+
+ public void addConfiguration(@Nonnull T configuration, @Nonnull ConfigurationParameters params) {
int ranking = configuration.getParameters().getConfigValue(PARAM_RANKING, NO_RANKING);
+ if (ranking == NO_RANKING) {
+ ranking = params.getConfigValue(Constants.SERVICE_RANKING, NO_RANKING);
+ }
if (ranking == NO_RANKING || configurations.isEmpty()) {
configurations.add(configuration);
} else {
@@ -110,7 +123,8 @@ public abstract class CompositeConfigura
ctx.refresh(configurations);
}
- protected List<T> getConfigurations() {
+ @Nonnull
+ public List<T> getConfigurations() {
if (configurations.isEmpty() && defaultConfig != null) {
return ImmutableList.of(defaultConfig);
} else {
@@ -118,7 +132,15 @@ public abstract class CompositeConfigura
}
}
+ public void setSecurityProvider(@Nonnull SecurityProvider securityProvider) {
+ this.securityProvider = securityProvider;
+ }
+
+ @Nonnull
protected SecurityProvider getSecurityProvider() {
+ if (securityProvider == null) {
+ throw new IllegalStateException("SecurityProvider missing => CompositeConfiguration is not ready.");
+ }
return securityProvider;
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/CompositeTokenConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/CompositeTokenConfiguration.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/CompositeTokenConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/CompositeTokenConfiguration.java Thu Jan 28 09:43:12 2016
@@ -30,6 +30,10 @@ import org.apache.jackrabbit.oak.spi.sec
*/
public class CompositeTokenConfiguration extends CompositeConfiguration<TokenConfiguration> implements TokenConfiguration {
+ public CompositeTokenConfiguration() {
+ super(TokenConfiguration.NAME);
+ }
+
public CompositeTokenConfiguration(@Nonnull SecurityProvider securityProvider) {
super(TokenConfiguration.NAME, securityProvider);
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java Thu Jan 28 09:43:12 2016
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("1.3.0")
+@Version("1.4.0")
@Export(optional = "provide:=true")
package org.apache.jackrabbit.oak.spi.security.authentication.token;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/package-info.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/package-info.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/package-info.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/package-info.java Thu Jan 28 09:43:12 2016
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("2.0.0")
+@Version("2.1.0")
@Export(optional = "provide:=true")
package org.apache.jackrabbit.oak.spi.security;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalConfiguration.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalConfiguration.java Thu Jan 28 09:43:12 2016
@@ -32,6 +32,10 @@ import org.apache.jackrabbit.oak.spi.sec
*/
public class CompositePrincipalConfiguration extends CompositeConfiguration<PrincipalConfiguration> implements PrincipalConfiguration {
+ public CompositePrincipalConfiguration() {
+ super(PrincipalConfiguration.NAME);
+ }
+
public CompositePrincipalConfiguration(@Nonnull SecurityProvider securityProvider) {
super(PrincipalConfiguration.NAME, securityProvider);
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java Thu Jan 28 09:43:12 2016
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("1.2.0")
+@Version("1.3.0")
@Export(optional = "provide:=true")
package org.apache.jackrabbit.oak.spi.security.principal;
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java?rev=1727293&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java Thu Jan 28 09:43:12 2016
@@ -0,0 +1,270 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.internal;
+
+import java.lang.reflect.Field;
+import java.security.Principal;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import javax.annotation.Nonnull;
+import javax.jcr.security.AccessControlManager;
+
+import com.google.common.collect.ImmutableMap;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
+import org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl;
+import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
+import org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl;
+import org.apache.jackrabbit.oak.spi.security.CompositeConfiguration;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.Context;
+import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.CompositePrincipalConfiguration;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
+import org.junit.Test;
+import org.osgi.framework.Constants;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+
+public class SecurityProviderRegistrationTest extends AbstractSecurityTest {
+
+ private static final Map<String, Object> PROPS = ImmutableMap.<String, Object>of("prop", "val");
+
+ private SecurityProviderRegistration registration = new SecurityProviderRegistration();
+
+ private static void assertContext(@Nonnull Context context, int expectedSize, @Nonnull Tree tree, boolean isDefined) throws Exception {
+ Class c = context.getClass();
+ assertTrue(c.getName().endsWith("CompositeContext"));
+
+ Field f = c.getDeclaredField("delegatees");
+ f.setAccessible(true);
+
+ if (expectedSize == 0) {
+ assertNull(f.get(context));
+ } else {
+ assertEquals(expectedSize, ((Context[]) f.get(context)).length);
+ }
+
+ assertEquals(isDefined, context.definesContextRoot(tree));
+ assertEquals(isDefined, context.definesTree(tree));
+ assertEquals(isDefined, context.definesProperty(tree, PropertyStates.createProperty("abc", "abc")));
+ assertEquals(isDefined, context.definesLocation(TreeLocation.create(tree)));
+ }
+
+ @Test
+ public void testAuthorizationRanking() throws Exception {
+ Field f = registration.getClass().getDeclaredField("authorizationConfiguration");
+ f.setAccessible(true);
+
+ AuthorizationConfiguration testAc = new TestAuthorizationConfiguration();
+ registration.bindAuthorizationConfiguration(testAc, ConfigurationParameters.EMPTY);
+
+ AuthorizationConfigurationImpl ac = new AuthorizationConfigurationImpl();
+ ac.setParameters(ConfigurationParameters.of(CompositeConfiguration.PARAM_RANKING, 500));
+ registration.bindAuthorizationConfiguration(ac, PROPS);
+
+ AuthorizationConfiguration testAc2 = new TestAuthorizationConfiguration();
+ Map<String, Object> props = ImmutableMap.<String, Object>of(Constants.SERVICE_RANKING, new Integer(100));
+ registration.bindAuthorizationConfiguration(testAc2, props);
+
+ CompositeAuthorizationConfiguration cac = (CompositeAuthorizationConfiguration) f.get(registration);
+
+ List<AuthorizationConfiguration> list = cac.getConfigurations();
+ assertEquals(3, list.size());
+
+ assertSame(ac, list.get(0));
+ assertSame(testAc2, list.get(1));
+ assertSame(testAc, list.get(2));
+ }
+
+ @Test
+ public void testAuthorizationContext() throws Exception {
+ Tree t = root.getTree("/");
+
+ Field f = registration.getClass().getDeclaredField("authorizationConfiguration");
+ f.setAccessible(true);
+
+ AuthorizationConfiguration ac = new AuthorizationConfigurationImpl();
+ registration.bindAuthorizationConfiguration(ac, PROPS);
+ CompositeAuthorizationConfiguration cac = (CompositeAuthorizationConfiguration) f.get(registration);
+ Context ctx = cac.getContext();
+ assertContext(ctx, 1, t, false);
+
+ AuthorizationConfiguration ac1 = new TestAuthorizationConfiguration();
+ registration.bindAuthorizationConfiguration(ac1, PROPS);
+ cac = (CompositeAuthorizationConfiguration) f.get(registration);
+ ctx = cac.getContext();
+ assertContext(ctx, 2, t, true);
+
+ AuthorizationConfiguration ac2 = new TestAuthorizationConfiguration();
+ registration.bindAuthorizationConfiguration(ac2, PROPS);
+ cac = (CompositeAuthorizationConfiguration) f.get(registration);
+ ctx = cac.getContext();
+ assertContext(ctx, 3, t, true);
+
+ // unbind again:
+
+ registration.unbindAuthorizationConfiguration(ac1, PROPS);
+ cac = (CompositeAuthorizationConfiguration) f.get(registration);
+ ctx = cac.getContext();
+ assertContext(ctx, 2, t, true);
+
+ registration.unbindAuthorizationConfiguration(ac, PROPS);
+ cac = (CompositeAuthorizationConfiguration) f.get(registration);
+ ctx = cac.getContext();
+ assertContext(ctx, 1, t, true);
+
+ registration.unbindAuthorizationConfiguration(ac2, PROPS);
+ cac = (CompositeAuthorizationConfiguration) f.get(registration);
+ ctx = cac.getContext();
+ assertContext(ctx, 0, t, false);
+ }
+
+ @Test
+ public void testPrincipalContext() throws Exception {
+ Tree t = root.getTree("/");
+
+ Field f = registration.getClass().getDeclaredField("principalConfiguration");
+ f.setAccessible(true);
+
+ PrincipalConfiguration pc = new PrincipalConfigurationImpl();
+ registration.bindPrincipalConfiguration(pc, PROPS);
+ CompositePrincipalConfiguration cpc = (CompositePrincipalConfiguration) f.get(registration);
+ Context ctx = cpc.getContext();
+ // expected size = 0 because PrincipalConfigurationImpl comes with the default ctx
+ assertContext(ctx, 0, t, false);
+
+ PrincipalConfiguration pc1 = new TestPrincipalConfiguration();
+ registration.bindPrincipalConfiguration(pc1, PROPS);
+ cpc = (CompositePrincipalConfiguration) f.get(registration);
+ ctx = cpc.getContext();
+ // expected size 1 because the PrincipalConfigurationImpl comes with the default ctx
+ assertContext(ctx, 1, t, true);
+
+ PrincipalConfiguration pc2 = new TestPrincipalConfiguration();
+ registration.bindPrincipalConfiguration(pc2, PROPS);
+ cpc = (CompositePrincipalConfiguration) f.get(registration);
+ ctx = cpc.getContext();
+ assertContext(ctx, 2, t, true);
+
+ // unbind again:
+
+ registration.unbindPrincipalConfiguration(pc, PROPS);
+ cpc = (CompositePrincipalConfiguration) f.get(registration);
+ ctx = cpc.getContext();
+ assertContext(ctx, 2, t, true);
+
+ registration.unbindPrincipalConfiguration(pc1, PROPS);
+ cpc = (CompositePrincipalConfiguration) f.get(registration);
+ ctx = cpc.getContext();
+ assertContext(ctx, 1, t, true);
+
+ registration.unbindPrincipalConfiguration(pc2, PROPS);
+ cpc = (CompositePrincipalConfiguration) f.get(registration);
+ ctx = cpc.getContext();
+ assertContext(ctx, 0, t, false);
+ }
+
+ private class TestAuthorizationConfiguration extends ConfigurationBase implements AuthorizationConfiguration {
+
+ @Nonnull
+ @Override
+ public AccessControlManager getAccessControlManager(@Nonnull Root root, @Nonnull NamePathMapper namePathMapper) {
+ return null;
+ }
+
+ @Nonnull
+ @Override
+ public RestrictionProvider getRestrictionProvider() {
+ return null;
+ }
+
+ @Nonnull
+ @Override
+ public PermissionProvider getPermissionProvider(@Nonnull Root root, @Nonnull String workspaceName, @Nonnull Set<Principal> principals) {
+ return null;
+ }
+
+ @Nonnull
+ @Override
+ public Context getContext() {
+ return new ContextImpl();
+ }
+ }
+
+ private class TestPrincipalConfiguration extends ConfigurationBase implements PrincipalConfiguration {
+ @Nonnull
+ @Override
+ public PrincipalManager getPrincipalManager(Root root, NamePathMapper namePathMapper) {
+ return null;
+ }
+
+ @Nonnull
+ @Override
+ public PrincipalProvider getPrincipalProvider(Root root, NamePathMapper namePathMapper) {
+ return null;
+ }
+
+ @Nonnull
+ @Override
+ public Context getContext() {
+ return new ContextImpl();
+ }
+ }
+
+ private static class ContextImpl implements Context {
+
+ @Override
+ public boolean definesProperty(@Nonnull Tree parent, @Nonnull PropertyState property) {
+ return true;
+ }
+
+ @Override
+ public boolean definesContextRoot(@Nonnull Tree tree) {
+ return true;
+ }
+
+ @Override
+ public boolean definesTree(@Nonnull Tree tree) {
+ return true;
+ }
+
+ @Override
+ public boolean definesLocation(@Nonnull TreeLocation location) {
+ return true;
+ }
+
+ @Override
+ public boolean definesInternal(@Nonnull Tree tree) {
+ return true;
+ }
+ }
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-pojosr/src/test/groovy/org/apache/jackrabbit/oak/run/osgi/SecurityProviderRegistrationTest.groovy
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-pojosr/src/test/groovy/org/apache/jackrabbit/oak/run/osgi/SecurityProviderRegistrationTest.groovy?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-pojosr/src/test/groovy/org/apache/jackrabbit/oak/run/osgi/SecurityProviderRegistrationTest.groovy (original)
+++ jackrabbit/oak/trunk/oak-pojosr/src/test/groovy/org/apache/jackrabbit/oak/run/osgi/SecurityProviderRegistrationTest.groovy Thu Jan 28 09:43:12 2016
@@ -17,6 +17,8 @@
package org.apache.jackrabbit.oak.run.osgi
import org.apache.felix.connect.launch.PojoServiceRegistry
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters
+import org.apache.jackrabbit.oak.spi.security.Context
import org.apache.jackrabbit.oak.spi.security.SecurityProvider
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration
@@ -33,6 +35,7 @@ import org.osgi.service.cm.Configuration
import java.util.concurrent.TimeUnit
import static org.mockito.Mockito.mock
+import static org.mockito.Mockito.when
class SecurityProviderRegistrationTest extends AbstractRepositoryFactoryTest {
@@ -54,11 +57,28 @@ class SecurityProviderRegistrationTest e
/**
* A SecurityProvider shouldn't start without a required
+ * AuthorizationConfiguration service.
+ */
+ @Test
+ public void testRequiredAuthorizationConfigurationNotAvailable() {
+ def m = mock(AuthorizationConfiguration)
+ when(m.getParameters()).thenReturn(ConfigurationParameters.EMPTY)
+ when(m.getContext()).thenReturn(Context.DEFAULT)
+
+ testRequiredService(AuthorizationConfiguration, m)
+ }
+
+ /**
+ * A SecurityProvider shouldn't start without a required
* PrincipalConfiguration service.
*/
@Test
public void testRequiredPrincipalConfigurationNotAvailable() {
- testRequiredService(PrincipalConfiguration, mock(PrincipalConfiguration))
+ def m = mock(PrincipalConfiguration)
+ when(m.getParameters()).thenReturn(ConfigurationParameters.EMPTY)
+ when(m.getContext()).thenReturn(Context.DEFAULT)
+
+ testRequiredService(PrincipalConfiguration, m)
}
/**
@@ -67,7 +87,11 @@ class SecurityProviderRegistrationTest e
*/
@Test
public void testRequiredTokenConfigurationNotAvailable() {
- testRequiredService(TokenConfiguration, mock(TokenConfiguration))
+ def m = mock(TokenConfiguration)
+ when(m.getParameters()).thenReturn(ConfigurationParameters.EMPTY)
+ when(m.getContext()).thenReturn(Context.DEFAULT)
+
+ testRequiredService(TokenConfiguration, m)
}
/**
@@ -113,22 +137,40 @@ class SecurityProviderRegistrationTest e
@Test
public void testMultipleRequiredServices() {
- // Set up the SecurityProvider to require three services
+ // Set up the SecurityProvider to require 4 services
- setRequiredServicePids("test.RequiredPrincipalConfiguration", "test.RequiredTokenConfiguration", "test.AuthorizableNodeName")
+ setRequiredServicePids(
+ "test.RequiredAuthorizationConfiguration",
+ "test.RequiredPrincipalConfiguration",
+ "test.RequiredTokenConfiguration",
+ "test.RestrictionProvider")
TimeUnit.MILLISECONDS.sleep(500)
assert securityProviderServiceReferences == null
// Start the services and verify that only at the end the
// SecurityProvider registers itself
+ def ac = mock(AuthorizationConfiguration)
+ when(ac.getParameters()).thenReturn(ConfigurationParameters.EMPTY)
+ when(ac.getContext()).thenReturn(Context.DEFAULT)
+
+ registry.registerService(AuthorizationConfiguration.class.name, ac, dict("service.pid": "test.RequiredAuthorizationConfiguration"))
+ assert securityProviderServiceReferences == null
+
+ def pc = mock(PrincipalConfiguration)
+ when(pc.getParameters()).thenReturn(ConfigurationParameters.EMPTY)
+ when(pc.getContext()).thenReturn(Context.DEFAULT)
- registry.registerService(PrincipalConfiguration.class.name, mock(PrincipalConfiguration), dict("service.pid": "test.RequiredPrincipalConfiguration"))
+ registry.registerService(PrincipalConfiguration.class.name, pc, dict("service.pid": "test.RequiredPrincipalConfiguration"))
assert securityProviderServiceReferences == null
- registry.registerService(TokenConfiguration.class.name, mock(TokenConfiguration), dict("service.pid": "test.RequiredTokenConfiguration"))
+ def tc = mock(TokenConfiguration)
+ when(tc.getParameters()).thenReturn(ConfigurationParameters.EMPTY)
+ when(tc.getContext()).thenReturn(Context.DEFAULT)
+
+ registry.registerService(TokenConfiguration.class.name, tc, dict("service.pid": "test.RequiredTokenConfiguration"))
assert securityProviderServiceReferences == null
- registry.registerService(TokenConfiguration.class.name, mock(TokenConfiguration), dict("service.pid": "test.AuthorizableNodeName"))
+ registry.registerService(RestrictionProvider.class.name, mock(RestrictionProvider), dict("service.pid": "test.RestrictionProvider"))
assert securityProviderServiceReferences != null
}
Modified: jackrabbit/oak/trunk/oak-pojosr/src/test/java/org/apache/jackrabbit/oak/run/osgi/OakOSGiRepositoryFactoryTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-pojosr/src/test/java/org/apache/jackrabbit/oak/run/osgi/OakOSGiRepositoryFactoryTest.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-pojosr/src/test/java/org/apache/jackrabbit/oak/run/osgi/OakOSGiRepositoryFactoryTest.java (original)
+++ jackrabbit/oak/trunk/oak-pojosr/src/test/java/org/apache/jackrabbit/oak/run/osgi/OakOSGiRepositoryFactoryTest.java Thu Jan 28 09:43:12 2016
@@ -49,7 +49,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableActionProvider;
import org.junit.Before;
-import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;