You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/03/13 18:40:07 UTC
svn commit: r1456059 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak:
core/RootImpl.java
security/authorization/permission/PermissionValidatorProvider.java
Author: angela
Date: Wed Mar 13 17:40:07 2013
New Revision: 1456059
URL: http://svn.apache.org/r1456059
Log:
OAK-527: permissions (wip, use permission provider associated with the committing root instance)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java?rev=1456059&r1=1456058&r2=1456059&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java Wed Mar 13 17:40:07 2013
@@ -20,9 +20,9 @@ package org.apache.jackrabbit.oak.core;
import java.io.IOException;
import java.io.InputStream;
-import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.List;
import javax.annotation.Nonnull;
@@ -267,7 +267,7 @@ public class RootImpl implements Root {
rebase();
purgePendingChanges();
CommitFailedException exception = Subject.doAs(
- getCombinedSubject(), new PrivilegedAction<CommitFailedException>() {
+ getCommitSubject(), new PrivilegedAction<CommitFailedException>() {
@Override
public CommitFailedException run() {
try {
@@ -312,19 +312,16 @@ public class RootImpl implements Root {
return CompositeHook.compose(commitHooks);
}
- // TODO: find a better solution for passing in additional principals
- private Subject getCombinedSubject() {
- Subject accSubject = Subject.getSubject(AccessController.getContext());
- if (accSubject == null) {
- return subject;
- } else {
- Subject combinedSubject = new Subject(false,
- subject.getPrincipals(), subject.getPublicCredentials(), subject.getPrivateCredentials());
- combinedSubject.getPrincipals().addAll(accSubject.getPrincipals());
- combinedSubject.getPrivateCredentials().addAll(accSubject.getPrivateCredentials());
- combinedSubject.getPublicCredentials().addAll((accSubject.getPublicCredentials()));
- return combinedSubject;
- }
+ /**
+ * TODO: review again once the permission validation is completed.
+ * Build a read only subject for the {@link #commit()} call that makes the
+ * principals and the permission provider available to the commit hooks.
+ *
+ * @return a new read only subject.
+ */
+ private Subject getCommitSubject() {
+ return new Subject(true, subject.getPrincipals(),
+ Collections.singleton(getPermissionProvider()), Collections.<Object>emptySet());
}
@Override
@@ -443,7 +440,7 @@ public class RootImpl implements Root {
return securityProvider.getAccessControlConfiguration().getPermissionProvider(this, subject.getPrincipals());
}
- //------------------------------------------------------------< MoveRecord >---
+ //---------------------------------------------------------< MoveRecord >---
/**
* Instances of this class record move operations which took place on this root.
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java?rev=1456059&r1=1456058&r2=1456059&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java Wed Mar 13 17:40:07 2013
@@ -31,7 +31,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.PermissionProvider;
-import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.apache.jackrabbit.oak.spi.state.NodeState;
/**
@@ -80,7 +79,7 @@ public class PermissionValidatorProvider
private PermissionProvider getPermissionProvider(NodeState before) {
Subject subject = Subject.getSubject(AccessController.getContext());
- if (subject == null || subject.getPublicCredentials(PrincipalProvider.class).isEmpty()) {
+ if (subject == null || subject.getPublicCredentials(PermissionProvider.class).isEmpty()) {
Set<Principal> principals = (subject != null) ? subject.getPrincipals() : Collections.<Principal>emptySet();
AccessControlConfiguration acConfig = securityProvider.getAccessControlConfiguration();
return acConfig.getPermissionProvider(new ImmutableRoot(createTree(before)), principals);