You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2014/08/06 14:28:14 UTC
svn commit: r1616207 - in
/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl:
CugAccessControlManager.java CugConfiguration.java CugImporter.java
CugPolicyImpl.java
Author: angela
Date: Wed Aug 6 12:28:13 2014
New Revision: 1616207
URL: http://svn.apache.org/r1616207
Log:
OAK-2008 : authorization setup for closed user groups (wip)
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugImporter.java
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImpl.java
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java?rev=1616207&r1=1616206&r2=1616207&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java Wed Aug 6 12:28:13 2014
@@ -31,6 +31,7 @@ import javax.jcr.security.AccessControlP
import javax.jcr.security.Privilege;
import com.google.common.base.Function;
+import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
@@ -102,7 +103,7 @@ class CugAccessControlManager extends Ab
Root r = getRoot().getContentSession().getLatestRoot();
List<AccessControlPolicy> effective = new ArrayList<AccessControlPolicy>();
- while (!oakPath.isEmpty()) {
+ while (!Strings.isNullOrEmpty(oakPath)) {
if (isSupportedPath(oakPath)) {
CugPolicy cug = getCugPolicy(oakPath, r.getTree(oakPath));
if (cug != null) {
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java?rev=1616207&r1=1616206&r2=1616207&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java Wed Aug 6 12:28:13 2014
@@ -75,7 +75,6 @@ import org.apache.jackrabbit.oak.spi.sta
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.spi.state.NodeStore;
import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
-import org.osgi.service.component.ComponentContext;
@Component()
@Service({AuthorizationConfiguration.class, SecurityConfiguration.class})
@@ -184,7 +183,7 @@ public class CugConfiguration extends Co
//----------------------------------------------------< SCR Integration >---
@Activate
- private void activate(ComponentContext context) throws IOException, CommitFailedException, PrivilegedActionException, RepositoryException {
+ protected void activate() throws IOException, CommitFailedException, PrivilegedActionException, RepositoryException {
ContentSession systemSession = null;
try {
systemSession = Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction<ContentSession>() {
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugImporter.java?rev=1616207&r1=1616206&r2=1616207&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugImporter.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugImporter.java Wed Aug 6 12:28:13 2014
@@ -16,6 +16,7 @@
*/
package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;
+import java.lang.IllegalArgumentException;
import java.security.AccessControlException;
import java.security.Principal;
import java.util.HashSet;
@@ -106,6 +107,9 @@ class CugImporter implements ProtectedPr
throw new AccessControlException("Unknown principal " + principalName);
case ImportBehavior.BESTEFFORT:
principalNames.add(principalName);
+ break;
+ default:
+ throw new IllegalArgumentException("Invalid import behavior " + importBehavior);
}
} else {
principalNames.add(principalName);
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImpl.java?rev=1616207&r1=1616206&r2=1616207&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImpl.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImpl.java Wed Aug 6 12:28:13 2014
@@ -16,6 +16,7 @@
*/
package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;
+import java.lang.IllegalArgumentException;
import java.security.Principal;
import java.util.Collections;
import java.util.HashSet;
@@ -75,7 +76,7 @@ class CugPolicyImpl implements CugPolicy
throw new AccessControlException("Invalid principal " + name);
}
- Principal p = principal;
+ Principal p = principal;
switch (importBehavior) {
case ImportBehavior.ABORT:
if (!principalManager.hasPrincipal(name)) {
@@ -88,6 +89,11 @@ class CugPolicyImpl implements CugPolicy
p = null;
}
break;
+ case ImportBehavior.BESTEFFORT:
+ log.debug("Best effort: don't verify existence of principals.");
+ break;
+ default:
+ throw new IllegalArgumentException("Unsupported import behavior " + importBehavior);
}
if (p != null) {