You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/03/06 19:50:27 UTC
svn commit: r1453475 - in /jackrabbit/oak/trunk: ./
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/
oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/
oak-core/src/test/java/org...
Author: angela
Date: Wed Mar 6 18:50:26 2013
New Revision: 1453475
URL: http://svn.apache.org/r1453475
Log:
OAK-51 : Access Control Management (WIP)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPattern.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImpl.java
- copied, changed from r1453455, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java
- copied, changed from r1453455, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionPattern.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImplTest.java
- copied, changed from r1453455, jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java
- copied, changed from r1453455, jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImplTest.java
Removed:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImplTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java
jackrabbit/oak/trunk/pom.xml
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPattern.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPattern.java?rev=1453475&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPattern.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/GlobPattern.java Wed Mar 6 18:50:26 2013
@@ -0,0 +1,262 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.restriction;
+
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import com.google.common.base.Objects;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern;
+import org.apache.jackrabbit.util.Text;
+
+import static com.google.common.base.Preconditions.checkNotNull;
+
+/**
+ * {@code GlobPattern} defines a simplistic pattern matching. It consists
+ * of a mandatory (leading) path and an optional "glob" that may contain one or
+ * more wildcard characters ("{@code *}") according to the glob matching
+ * defined by {@link javax.jcr.Node#getNodes(String[])}. In contrast to that
+ * method the {@code GlobPattern} operates on path (not only names).
+ * <p/>
+ *
+ * <p>
+ * Please note the following special cases:
+ * <pre>
+ * NodePath | Restriction | Matches
+ * -----------------------------------------------------------------------------
+ * /foo | null | matches /foo and all children of /foo
+ * /foo | "" | matches /foo only
+ * </pre>
+ * </p>
+ *
+ * <p>
+ * Examples including wildcard char:
+ * <pre>
+ * NodePath = "/foo"
+ * Restriction | Matches
+ * -----------------------------------------------------------------------------
+ * * | all siblings of foo and foo's and the siblings' descendants
+ * /*cat | all children of /foo whose path ends with "cat"
+ * /*/cat | all non-direct descendants of /foo named "cat"
+ * /cat* | all descendant path of /foo that have the direct foo-descendant segment starting with "cat"
+ * *cat | all siblings and descendants of foo that have a name ending with cat
+ * */cat | all descendants of /foo and foo's siblings that have a name segment "cat"
+ * cat/* | all descendants of '/foocat'
+ * /cat/* | all descendants of '/foo/cat'
+ * *cat/* | all descendants of /foo that have an intermediate segment ending with 'cat'
+ * </pre>
+ * </p>
+ */
+public final class GlobPattern implements RestrictionPattern {
+
+ private static final char WILDCARD_CHAR = '*';
+
+ private final String path;
+ private final String restriction;
+
+ private final Pattern pattern;
+
+ private GlobPattern(@Nonnull String path, @Nonnull String restriction) {
+ this.path = checkNotNull(path);
+ this.restriction = restriction;
+
+ if (restriction.length() > 0) {
+ StringBuilder b = new StringBuilder(path);
+ b.append(restriction);
+
+ int lastPos = restriction.lastIndexOf(WILDCARD_CHAR);
+ if (lastPos >= 0) {
+ String end;
+ if (lastPos != restriction.length()-1) {
+ end = restriction.substring(lastPos + 1);
+ } else {
+ end = null;
+ }
+ pattern = new WildcardPattern(b.toString(), end);
+ } else {
+ pattern = new PathPattern(b.toString());
+ }
+ } else {
+ pattern = new PathPattern(restriction);
+ }
+ }
+
+ public static GlobPattern create(@Nonnull String nodePath, @Nonnull String restrictions) {
+ return new GlobPattern(nodePath, restrictions);
+ }
+
+ //-------------------------------------------------< RestrictionPattern >---
+ @Override
+ public boolean matches(@Nonnull Tree tree, @Nullable PropertyState property) {
+ // TODO
+ String path = (property == null) ? tree.getPath() : PathUtils.concat(tree.getPath(), property.getName());
+ return matches(path);
+ }
+
+ @Override
+ public boolean matches(@Nonnull String path) {
+ return pattern.matches(path);
+ }
+
+ //-------------------------------------------------------------< Object >---
+ /**
+ * @see Object#hashCode()
+ */
+ @Override
+ public int hashCode() {
+ return Objects.hashCode(path, restriction);
+ }
+
+ /**
+ * @see Object#toString()
+ */
+ @Override
+ public String toString() {
+ return path + " : " + restriction;
+ }
+
+ /**
+ * @see Object#equals(Object)
+ */
+ @Override
+ public boolean equals(Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (obj instanceof GlobPattern) {
+ GlobPattern other = (GlobPattern) obj;
+ return path.equals(other.path) && restriction.equals(other.restriction);
+ }
+ return false;
+ }
+
+ //------------------------------------------------------< inner classes >---
+ /**
+ * Base for PathPattern and WildcardPattern
+ */
+ private abstract class Pattern {
+ abstract boolean matches(@Nonnull String toMatch);
+ }
+
+ /**
+ * Path pattern: The restriction is missing or doesn't contain any wildcard character.
+ */
+ private final class PathPattern extends Pattern {
+
+ private final String patternStr;
+
+ private PathPattern(@Nonnull String patternStr) {
+ this.patternStr = patternStr;
+ }
+
+ @Override
+ boolean matches(String toMatch) {
+ if (patternStr.isEmpty()) {
+ return path.equals(toMatch);
+ } else {
+ // no wildcard contained in restriction: use path defined
+ // by path + restriction to calculate the match
+ return Text.isDescendantOrEqual(patternStr, toMatch);
+ }
+ }
+ }
+
+ /**
+ * Wildcard pattern: The specified restriction contains one or more wildcard character(s).
+ */
+ private final class WildcardPattern extends Pattern {
+
+ private final String patternEnd;
+ private final char[] patternChars;
+
+ private WildcardPattern(@Nonnull String patternStr, @Nullable String patternEnd) {
+ patternChars = patternStr.toCharArray();
+ this.patternEnd = patternEnd;
+ }
+
+ @Override
+ boolean matches(String toMatch) {
+ if (patternEnd != null && !toMatch.endsWith(patternEnd)) {
+ // shortcut: verify if end of pattern matches end of toMatch
+ return false;
+ }
+ char[] tm = (toMatch.endsWith("/")) ? toMatch.substring(0, toMatch.length()-1).toCharArray() : toMatch.toCharArray();
+ // shortcut didn't reveal mismatch -> need to process the internal match method.
+ return matches(patternChars, 0, tm, 0);
+ }
+
+ /**
+ *
+ * @param pattern The pattern
+ * @param pOff
+ * @param s
+ * @param sOff
+ * @return {@code true} if matches, {@code false} otherwise
+ */
+ private boolean matches(char[] pattern, int pOff,
+ char[] s, int sOff) {
+ int pLength = pattern.length;
+ int sLength = s.length;
+
+ while (true) {
+ // end of pattern reached: matches only if sOff points at the end
+ // of the string to match.
+ if (pOff >= pLength) {
+ return sOff >= sLength;
+ }
+
+ // the end of the string to match has been reached but pattern
+ // doesn't have '*' at patternIndex -> no match
+ if (sOff >= sLength && pattern[pOff] != WILDCARD_CHAR) {
+ return false;
+ }
+
+ // the next character of the pattern is '*'
+ // -> recursively test if the rest of the specified string matches
+ if (pattern[pOff] == WILDCARD_CHAR) {
+ if (++pOff >= pLength) {
+ return true;
+ }
+
+ while (true) {
+ if (matches(pattern, pOff, s, sOff)) {
+ return true;
+ }
+ if (sOff >= sLength) {
+ return false;
+ }
+ sOff++;
+ }
+ }
+
+ // not yet reached end of patter nor string and not wildcard character.
+ // the 2 strings don't match in case the characters at the current
+ // position are not the same.
+ if (pOff < pLength && sOff < sLength) {
+ if (pattern[pOff] != s[sOff]) {
+ return false;
+ }
+ }
+ pOff++;
+ sOff++;
+ }
+ }
+ }
+}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java?rev=1453475&r1=1453474&r2=1453475&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java Wed Mar 6 18:50:26 2013
@@ -34,6 +34,9 @@ import org.apache.jackrabbit.oak.plugins
import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinitionImpl;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionImpl;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
/**
@@ -88,4 +91,10 @@ public class PrincipalRestrictionProvide
public void validateRestrictions(String oakPath, @Nonnull Tree aceTree) throws AccessControlException {
base.validateRestrictions(oakPath, aceTree);
}
+
+ @Nonnull
+ @Override
+ public RestrictionPattern getPattern(@Nullable String oakPath, @Nonnull Tree tree) {
+ return base.getPattern(oakPath, tree);
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java?rev=1453475&r1=1453474&r2=1453475&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java Wed Mar 6 18:50:26 2013
@@ -32,11 +32,15 @@ import com.google.common.collect.Immutab
import com.google.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinitionImpl;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionImpl;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.util.Text;
@@ -83,7 +87,7 @@ public class RestrictionProviderImpl imp
throw new AccessControlException("Unsupported restriction: Expected value of type " + PropertyType.nameFromValue(definition.getRequiredType()));
}
PropertyState propertyState = PropertyStates.createProperty(oakName, value);
- return createRestriction(propertyState, definition.isMandatory());
+ return createRestriction(propertyState, definition);
}
@Override
@@ -97,7 +101,7 @@ public class RestrictionProviderImpl imp
if (isRestrictionProperty(propName) && supported.containsKey(propName)) {
RestrictionDefinition def = supported.get(propName);
if (def.getRequiredType() == propertyState.getType().tag()) {
- restrictions.add(createRestriction(propertyState, def.isMandatory()));
+ restrictions.add(createRestriction(propertyState, def));
}
}
}
@@ -119,7 +123,7 @@ public class RestrictionProviderImpl imp
}
@Override
- public void validateRestrictions(String oakPath, Tree aceTree) throws javax.jcr.security.AccessControlException {
+ public void validateRestrictions(String oakPath, Tree aceTree) throws AccessControlException {
Map<String, PropertyState> restrictionProperties = getRestrictionProperties(aceTree);
if (isUnsupportedPath(oakPath) && !restrictionProperties.isEmpty()) {
throw new AccessControlException("Restrictions not supported with 'null' path.");
@@ -142,10 +146,21 @@ public class RestrictionProviderImpl imp
}
}
+ @Override
+ public RestrictionPattern getPattern(String oakPath, Tree tree) {
+ if (oakPath != null) {
+ PropertyState glob = tree.getProperty(REP_GLOB);
+ if (glob != null) {
+ return GlobPattern.create(oakPath, glob.getValue(Type.STRING));
+ }
+ }
+ return RestrictionPattern.EMPTY;
+ }
+
//------------------------------------------------------------< private >---
@Nonnull
- private Restriction createRestriction(PropertyState propertyState, boolean isMandatory) {
- return new RestrictionImpl(propertyState, isMandatory, namePathMapper);
+ private Restriction createRestriction(PropertyState propertyState, RestrictionDefinition definition) {
+ return new RestrictionImpl(propertyState, definition.isMandatory(), namePathMapper);
}
@Nonnull
Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImpl.java (from r1453455, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImpl.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImpl.java&r1=1453455&r2=1453475&rev=1453475&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImpl.java Wed Mar 6 18:50:26 2013
@@ -14,21 +14,20 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.jackrabbit.oak.security.authorization.restriction;
+package org.apache.jackrabbit.oak.spi.security.authorization.restriction;
import javax.annotation.Nonnull;
import javax.jcr.PropertyType;
import com.google.common.base.Objects;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
import static com.google.common.base.Preconditions.checkNotNull;
/**
* RestrictionDefinitionImpl... TODO
*/
-class RestrictionDefinitionImpl implements RestrictionDefinition {
+public class RestrictionDefinitionImpl implements RestrictionDefinition {
private final String name;
private final int type;
@@ -45,8 +44,8 @@ class RestrictionDefinitionImpl implemen
* @param isMandatory A boolean indicating if the restriction is mandatory.
* @param namePathMapper The name path mapper used to calculate the JCR name.
*/
- RestrictionDefinitionImpl(@Nonnull String name, int type, boolean isMandatory,
- @Nonnull NamePathMapper namePathMapper) {
+ public RestrictionDefinitionImpl(@Nonnull String name, int type, boolean isMandatory,
+ @Nonnull NamePathMapper namePathMapper) {
this.name = checkNotNull(name);
if (type == PropertyType.UNDEFINED) {
throw new IllegalArgumentException("'undefined' is not a valid required definition type.");
@@ -56,7 +55,7 @@ class RestrictionDefinitionImpl implemen
this.namePathMapper = checkNotNull(namePathMapper);
}
- NamePathMapper getNamePathMapper() {
+ protected NamePathMapper getNamePathMapper() {
return namePathMapper;
}
Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java (from r1453455, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java&r1=1453455&r2=1453475&rev=1453475&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java Wed Mar 6 18:50:26 2013
@@ -14,11 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.jackrabbit.oak.security.authorization.restriction;
-
-/**
- * {@code RestrictionImpl}
- */
+package org.apache.jackrabbit.oak.spi.security.authorization.restriction;
import javax.annotation.Nonnull;
import javax.jcr.Value;
@@ -27,14 +23,16 @@ import com.google.common.base.Objects;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
-import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
-class RestrictionImpl extends RestrictionDefinitionImpl implements Restriction {
+/**
+ * {@code RestrictionImpl}
+ */
+public class RestrictionImpl extends RestrictionDefinitionImpl implements Restriction {
private final PropertyState property;
- RestrictionImpl(@Nonnull PropertyState property, boolean isMandatory,
- @Nonnull NamePathMapper namePathMapper) {
+ public RestrictionImpl(@Nonnull PropertyState property, boolean isMandatory,
+ @Nonnull NamePathMapper namePathMapper) {
super(property.getName(), property.getType().tag(), isMandatory, namePathMapper);
this.property = property;
}
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionPattern.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionPattern.java?rev=1453475&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionPattern.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionPattern.java Wed Mar 6 18:50:26 2013
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization.restriction;
+
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
+
+/**
+ * RestrictionPattern... TODO
+ */
+public interface RestrictionPattern {
+
+ boolean matches(@Nonnull Tree tree, @Nullable PropertyState property);
+
+ boolean matches(@Nonnull String path);
+
+ RestrictionPattern EMPTY = new RestrictionPattern() {
+ @Override
+ public boolean matches(@Nonnull Tree tree, @Nullable PropertyState property) {
+ return true;
+ }
+
+ @Override
+ public boolean matches(@Nonnull String path) {
+ return true;
+ }
+ };
+}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java?rev=1453475&r1=1453474&r2=1453475&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionProvider.java Wed Mar 6 18:50:26 2013
@@ -43,4 +43,7 @@ public interface RestrictionProvider {
void writeRestrictions(String oakPath, Tree aceTree, Set<Restriction> restrictions) throws AccessControlException;
void validateRestrictions(@Nullable String oakPath, @Nonnull Tree aceTree) throws AccessControlException;
+
+ @Nonnull
+ RestrictionPattern getPattern(@Nullable String oakPath, @Nonnull Tree tree);
}
Copied: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImplTest.java (from r1453455, jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImplTest.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImplTest.java?p2=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImplTest.java&p1=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImplTest.java&r1=1453455&r2=1453475&rev=1453475&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionDefinitionImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionDefinitionImplTest.java Wed Mar 6 18:50:26 2013
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.jackrabbit.oak.security.authorization.restriction;
+package org.apache.jackrabbit.oak.spi.security.authorization.restriction;
import java.util.ArrayList;
import java.util.List;
@@ -25,7 +25,6 @@ import org.apache.jackrabbit.oak.namepat
import org.apache.jackrabbit.oak.namepath.NamePathMapperImpl;
import org.apache.jackrabbit.oak.plugins.name.Namespaces;
import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
-import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
import org.junit.Before;
import org.junit.Test;
@@ -141,4 +140,4 @@ public class RestrictionDefinitionImplTe
assertFalse(definition.equals(rd));
}
}
-}
\ No newline at end of file
+}
Copied: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java (from r1453455, jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImplTest.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java?p2=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java&p1=jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImplTest.java&r1=1453455&r2=1453475&rev=1453475&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java Wed Mar 6 18:50:26 2013
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.jackrabbit.oak.security.authorization.restriction;
+package org.apache.jackrabbit.oak.spi.security.authorization.restriction;
import java.util.ArrayList;
import java.util.List;
@@ -31,7 +31,6 @@ import org.apache.jackrabbit.oak.plugins
import org.apache.jackrabbit.oak.plugins.name.Namespaces;
import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
-import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
import org.junit.Before;
import org.junit.Test;
@@ -155,4 +154,4 @@ public class RestrictionImplTest extends
assertFalse(restriction.equals(r));
}
}
-}
\ No newline at end of file
+}
Modified: jackrabbit/oak/trunk/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/pom.xml?rev=1453475&r1=1453474&r2=1453475&view=diff
==============================================================================
--- jackrabbit/oak/trunk/pom.xml (original)
+++ jackrabbit/oak/trunk/pom.xml Wed Mar 6 18:50:26 2013
@@ -41,18 +41,18 @@
<module>oak-mk-api</module>
<module>oak-mk</module>
<module>oak-mk-remote</module>
- <module>oak-mongomk</module>
+ <!--module>oak-mongomk</module-->
<module>oak-core</module>
<module>oak-jcr</module>
<module>oak-sling</module>
<module>oak-http</module>
<module>oak-lucene</module>
- <module>oak-solr-core</module>
+ <!--module>oak-solr-core</module>
<module>oak-solr-remote</module>
- <module>oak-solr-embedded</module>
+ <module>oak-solr-embedded</module-->
<module>oak-run</module>
<module>oak-it</module>
- <module>oak-mk-perf</module>
+ <!--module>oak-mk-perf</module-->
</modules>
<scm>