You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by ro...@apache.org on 2017/08/02 13:57:07 UTC
svn commit: r1803820 - in /jackrabbit/oak/trunk:
oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/
oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug...
Author: rombert
Date: Wed Aug 2 13:57:06 2017
New Revision: 1803820
URL: http://svn.apache.org/viewvc?rev=1803820&view=rev
Log:
OAK-6450 - Stop relying on the service.pid property in
SecurityProviderRegistration
Use the oak.component.name component property if the service.pid
is not available. The SecurityProviderRegistration property name is
unchanged, for backwards compatibility reasons.
The objectClass property may not be used as it points to the service
name(s) under which the component is registered. The component.name
property was considered and discarded as it is specific to DS.
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/RegistrationConstants.java
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/RandomAuthorizableNodeName.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationFactoryImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md
Modified: jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java Wed Aug 2 13:57:06 2017
@@ -16,6 +16,8 @@
*/
package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal;
+import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+
import java.security.Principal;
import java.security.acl.Group;
import java.util.Arrays;
@@ -85,7 +87,10 @@ import org.slf4j.LoggerFactory;
@Property(name = ExternalIdentityConstants.PARAM_PROTECT_EXTERNAL_IDS,
label = "External Identity Protection",
description = "If disabled rep:externalId properties won't be properly protected (backwards compatible behavior). NOTE: for security reasons it is strongly recommend to keep the protection enabled!",
- boolValue = ExternalIdentityConstants.DEFAULT_PROTECT_EXTERNAL_IDS)
+ boolValue = ExternalIdentityConstants.DEFAULT_PROTECT_EXTERNAL_IDS),
+ @Property(name = OAK_SECURITY_NAME,
+ propertyPrivate= true,
+ value = "org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.ExternalPrincipalConfiguration")
})
public class ExternalPrincipalConfiguration extends ConfigurationBase implements PrincipalConfiguration {
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java Wed Aug 2 13:57:06 2017
@@ -16,6 +16,8 @@
*/
package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;
+import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+
import java.io.IOException;
import java.io.InputStream;
import java.security.Principal;
@@ -89,7 +91,10 @@ import org.apache.jackrabbit.oak.spi.xml
@Property(name = CompositeConfiguration.PARAM_RANKING,
label = "Ranking",
description = "Ranking of this configuration in a setup with multiple authorization configurations.",
- intValue = 200)
+ intValue = 200),
+ @Property(name = OAK_SECURITY_NAME,
+ propertyPrivate = true,
+ value = "org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugConfiguration")
})
public class CugConfiguration extends ConfigurationBase implements AuthorizationConfiguration, CugConstants {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java Wed Aug 2 13:57:06 2017
@@ -16,6 +16,8 @@
*/
package org.apache.jackrabbit.oak.security.authentication.token;
+import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+
import java.security.Principal;
import java.util.List;
import java.util.Map;
@@ -73,7 +75,10 @@ import org.apache.jackrabbit.oak.spi.sec
@Property(name = UserConstants.PARAM_PASSWORD_SALT_SIZE,
label = "Hash Salt Size",
description = "Size of the salt used to generate the hash.",
- intValue = PasswordUtil.DEFAULT_SALT_SIZE)
+ intValue = PasswordUtil.DEFAULT_SALT_SIZE),
+ @Property(name = OAK_SECURITY_NAME,
+ propertyPrivate = true,
+ value = "org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl")
})
public class TokenConfigurationImpl extends ConfigurationBase implements TokenConfiguration {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java Wed Aug 2 13:57:06 2017
@@ -16,6 +16,8 @@
*/
package org.apache.jackrabbit.oak.security.authorization;
+import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
@@ -108,7 +110,10 @@ import com.google.common.collect.Immutab
@Property(name = CompositeConfiguration.PARAM_RANKING,
label = "Ranking",
description = "Ranking of this configuration in a setup with multiple authorization configurations.",
- intValue = 100)
+ intValue = 100),
+ @Property(name = OAK_SECURITY_NAME,
+ propertyPrivate = true,
+ value = "org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl")
})
public class AuthorizationConfigurationImpl extends ConfigurationBase implements AuthorizationConfiguration {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java Wed Aug 2 13:57:06 2017
@@ -16,6 +16,8 @@
*/
package org.apache.jackrabbit.oak.security.authorization.restriction;
+import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
@@ -26,6 +28,7 @@ import javax.jcr.security.AccessControlE
import com.google.common.collect.ImmutableMap;
import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
@@ -58,6 +61,8 @@ import org.slf4j.LoggerFactory;
*/
@Component
@Service(RestrictionProvider.class)
+@Property(name = OAK_SECURITY_NAME,
+ value = "org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionProviderImpl")
public class RestrictionProviderImpl extends AbstractRestrictionProvider {
private static final Logger log = LoggerFactory.getLogger(RestrictionProviderImpl.class);
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java Wed Aug 2 13:57:06 2017
@@ -40,6 +40,7 @@ import org.apache.jackrabbit.oak.securit
import org.apache.jackrabbit.oak.security.user.UserConfigurationImpl;
import org.apache.jackrabbit.oak.spi.security.CompositeConfiguration;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.RegistrationConstants;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration;
@@ -68,6 +69,8 @@ import org.slf4j.LoggerFactory;
import static com.google.common.collect.Lists.newArrayList;
import static com.google.common.collect.Lists.newCopyOnWriteArrayList;
+import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+import static org.osgi.framework.Constants.OBJECTCLASS;
@Component(
immediate = true,
@@ -78,11 +81,13 @@ import static com.google.common.collect.
@Properties({
@Property(
name = "requiredServicePids",
- label = "Required Service PIDs",
+ label = "Required Services",
description = "The SecurityProvider will not register itself " +
- "unless the services identified by these PIDs are " +
- "registered first. Only the PIDs of implementations of " +
- "the following interfaces are checked: " +
+ "unless the services identified by the following service pids " +
+ "or the oak.security.name properties are registered first. The class name is " +
+ "identified by checking the service.pid property. If that property " +
+ "does not exist, the oak.security.name property is used as a fallback." +
+ "Only implementations of the following interfaces are checked :" +
"AuthorizationConfiguration, PrincipalConfiguration, " +
"TokenConfiguration, AuthorizableActionProvider, " +
"RestrictionProvider and UserAuthenticationFactory.",
@@ -567,27 +572,31 @@ public class SecurityProviderRegistratio
}
private void addCandidate(Map<String, Object> properties) {
- String pid = getServicePid(properties);
+ String pidOrName = getServicePidOrComponentName(properties);
- if (pid == null) {
+ if (pidOrName == null) {
return;
}
- preconditions.addCandidate(pid);
+ preconditions.addCandidate(pidOrName);
}
private void removeCandidate(Map<String, Object> properties) {
- String pid = getServicePid(properties);
+ String pidOrName = getServicePidOrComponentName(properties);
- if (pid == null) {
+ if (pidOrName == null) {
return;
}
- preconditions.removeCandidate(pid);
+ preconditions.removeCandidate(pidOrName);
}
- private static String getServicePid(Map<String, Object> properties) {
- return PropertiesUtil.toString(properties.get(Constants.SERVICE_PID), null);
+ private static String getServicePidOrComponentName(Map<String, Object> properties) {
+ String servicePid = PropertiesUtil.toString(properties.get(Constants.SERVICE_PID), null);
+ if ( servicePid != null ) {
+ return servicePid;
+ }
+ return PropertiesUtil.toString(properties.get(OAK_SECURITY_NAME), null);
}
private static String[] getRequiredServicePids(Map<String, Object> configuration) {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImpl.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImpl.java Wed Aug 2 13:57:06 2017
@@ -16,12 +16,15 @@
*/
package org.apache.jackrabbit.oak.security.principal;
+import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+
import java.util.Map;
import javax.annotation.Nonnull;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.oak.api.Root;
@@ -40,6 +43,8 @@ import org.apache.jackrabbit.oak.spi.sec
*/
@Component()
@Service({PrincipalConfiguration.class, SecurityConfiguration.class})
+@Property(name = OAK_SECURITY_NAME,
+ value = "org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl" )
public class PrincipalConfigurationImpl extends ConfigurationBase implements PrincipalConfiguration {
@SuppressWarnings("UnusedDeclaration")
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/RandomAuthorizableNodeName.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/RandomAuthorizableNodeName.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/RandomAuthorizableNodeName.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/RandomAuthorizableNodeName.java Wed Aug 2 13:57:06 2017
@@ -16,6 +16,8 @@
*/
package org.apache.jackrabbit.oak.security.user;
+import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+
import java.security.SecureRandom;
import java.util.Map;
import java.util.Random;
@@ -35,6 +37,9 @@ import org.apache.jackrabbit.oak.spi.sec
*/
@Component(metatype = true, label = "Apache Jackrabbit Oak Random Authorizable Node Name", description = "Generates a random name for the authorizable node.", policy = ConfigurationPolicy.REQUIRE)
@Service(AuthorizableNodeName.class)
+@Property(name = OAK_SECURITY_NAME,
+ propertyPrivate = true,
+ value = "org.apache.jackrabbit.oak.security.user.RandomAuthorizableNodeName")
public class RandomAuthorizableNodeName implements AuthorizableNodeName {
/**
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationFactoryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationFactoryImpl.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationFactoryImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationFactoryImpl.java Wed Aug 2 13:57:06 2017
@@ -16,18 +16,23 @@
*/
package org.apache.jackrabbit.oak.security.user;
+import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
import org.apache.jackrabbit.oak.spi.security.user.UserAuthenticationFactory;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
-import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
-
@Component
@Service
+@Property(name = OAK_SECURITY_NAME,
+ value = "org.apache.jackrabbit.oak.security.user.UserAuthenticationFactoryImpl")
public class UserAuthenticationFactoryImpl implements UserAuthenticationFactory {
@Nonnull
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/RegistrationConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/RegistrationConstants.java?rev=1803820&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/RegistrationConstants.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/RegistrationConstants.java Wed Aug 2 13:57:06 2017
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jackrabbit.oak.spi.security;
+
+import org.apache.jackrabbit.oak.security.internal.SecurityProviderRegistration;
+
+/**
+ * Holds the names of well-known registration properties for security-related components
+ *
+ */
+public abstract class RegistrationConstants {
+
+ /**
+ * Name to be used when registering components that are required by the {@link SecurityProviderRegistration}
+ */
+ public static final String OAK_SECURITY_NAME = "oak.security.name";
+
+ private RegistrationConstants() {
+
+ }
+}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java Wed Aug 2 13:57:06 2017
@@ -16,6 +16,8 @@
*/
package org.apache.jackrabbit.oak.spi.security.user.action;
+import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
@@ -60,7 +62,10 @@ import org.slf4j.LoggerFactory;
cardinality = Integer.MAX_VALUE),
@Property(name = PasswordValidationAction.CONSTRAINT,
label = "Configure PasswordValidationAction: Password Constraint",
- description = "A regular expression specifying the pattern that must be matched by a user's password.")
+ description = "A regular expression specifying the pattern that must be matched by a user's password."),
+ @Property(name = OAK_SECURITY_NAME,
+ propertyPrivate = true,
+ value = "org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider")
})
public class DefaultAuthorizableActionProvider implements AuthorizableActionProvider {
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java Wed Aug 2 13:57:06 2017
@@ -36,6 +36,7 @@ import org.apache.jackrabbit.oak.securit
import org.apache.jackrabbit.oak.spi.security.CompositeConfiguration;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.Context;
+import org.apache.jackrabbit.oak.spi.security.RegistrationConstants;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration;
@@ -92,11 +93,11 @@ public class SecurityProviderRegistratio
assertEquals(isDefined, context.definesLocation(TreeLocation.create(tree)));
}
- private static <T> T mockConfiguration(Class<? extends SecurityConfiguration> cl) {
- SecurityConfiguration sc = Mockito.mock(cl);
+ private static <T extends SecurityConfiguration> T mockConfiguration(Class<T> cl) {
+ T sc = Mockito.mock(cl);
when(sc.getContext()).thenReturn(new ContextImpl());
when(sc.getParameters()).thenReturn(ConfigurationParameters.EMPTY);
- return (T) sc;
+ return sc;
}
private static Map<String, Object> requiredServiceIdMap(@Nonnull String... ids) {
@@ -564,6 +565,32 @@ public class SecurityProviderRegistratio
SecurityProvider service = context.getService(SecurityProvider.class);
RestrictionProvider rp = service.getConfiguration(AuthorizationConfiguration.class).getRestrictionProvider();
+ assertTrue(rp instanceof WhiteboardRestrictionProvider);
+ }
+
+ @Test
+ public void testActivateWithRequiredOakSecurityName() {
+ registration.activate(context.bundleContext(), requiredServiceIdMap("serviceId"));
+
+ SecurityProvider service = context.getService(SecurityProvider.class);
+ assertNull(service);
+
+ registration.bindAuthorizableNodeName(Mockito.mock(AuthorizableNodeName.class), ImmutableMap.of(RegistrationConstants.OAK_SECURITY_NAME, "serviceId"));
+
+ service = context.getService(SecurityProvider.class);
+ assertNotNull(service);
+ }
+
+ @Test
+ public void testActivateWithMixedServicePiAnddOakServiceName() {
+ registration.activate(context.bundleContext(), requiredServiceIdMap("rpId", "authorizationId"));
+
+ RestrictionProvider mockRp = Mockito.mock(RestrictionProvider.class);
+ registration.bindRestrictionProvider(mockRp, ImmutableMap.of(Constants.SERVICE_PID, "rpId"));
+ registration.bindAuthorizationConfiguration(new AuthorizationConfigurationImpl(), ImmutableMap.of(RegistrationConstants.OAK_SECURITY_NAME, "authorizationId"));
+
+ SecurityProvider service = context.getService(SecurityProvider.class);
+ RestrictionProvider rp = service.getConfiguration(AuthorizationConfiguration.class).getRestrictionProvider();
assertTrue(rp instanceof WhiteboardRestrictionProvider);
}
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md Wed Aug 2 13:57:06 2017
@@ -55,7 +55,8 @@ and base implementations:
- [ConfigurationBase]: Abstract base implementation of the `SecurityConfiguration` interface.
- [CompositeConfiguration]: Abstract base implementation for all composite configurations that allow for aggregation of multiple modules.
- [ConfigurationParameters]: Utility used to pass around parameters and options.
-- [Context]: Context information that allows to identify items defined and maintained by a give security module implementation.
+- [Context]: Context information that allows to identify items defined and maintained by a give security module implementation.
+- [RegistrationConstants]: Utility used to define well-known registration properties
#### SecurityProvider
@@ -190,7 +191,12 @@ the corresponding sections. The followin
| Parameter | Type | Default | Description |
|--------------------------|----------|-----------|------------------------|
-| `Required Service PIDs` | String[] | see below | Service references mandatory for the SecurityProvider registration. |
+| `Required Services` | String[] | see below | Service references mandatory for the SecurityProvider registration. |
+
+The value of the individual configuration entries can be one of:
+
+- the value of the `service.pid` registration property
+- the value of the `oak.security.name` registration property
By default the `SecurityProviderRegistration` defines the following mandatory services.
As long as these required references are not resolved the `SecurityProviderRegistration`
@@ -315,6 +321,7 @@ the `SecurityProvider` in order to avoid
[ConfigurationBase]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/ConfigurationBase.html
[ConfigurationParameters]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.html
[Context]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/Context.html
+[RegistrationConstants]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/RegistrationConstants.html
[AuthenticationConfiguration]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/AuthenticationConfiguration.html
[TokenConfiguration]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenConfiguration.html
[AuthorizationConfiguration]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authorization/AuthorizationConfiguration.html