You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/10/10 13:51:19 UTC
svn commit: r1396552 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/core/
main/java/org/apache/jackrabbit/oak/security/
main/java/org/apache/jackrabbit/oak/security/authentication/
main/java/org/apache/jackrabbit/oak/secur...
Author: angela
Date: Wed Oct 10 11:51:18 2012
New Revision: 1396552
URL: http://svn.apache.org/viewvc?rev=1396552&view=rev
Log:
OAK-91 - Implement Authentication Support (WIP)
OAK-50 - User Management (WIP)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ConfigurationParametersTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/OpenPrincipalProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java Wed Oct 10 11:51:18 2012
@@ -293,7 +293,7 @@ public class RootImpl implements Root {
}
CompiledPermissions getPermissions() {
- return accProvider.createAccessControlContext(subject).getPermissions();
+ return accProvider.getAccessControlContext(subject).getPermissions();
}
//------------------------------------------------------------< private >---
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java Wed Oct 10 11:51:18 2012
@@ -25,12 +25,15 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.security.authentication.ConfigurationImpl;
import org.apache.jackrabbit.oak.security.authentication.LoginContextProviderImpl;
+import org.apache.jackrabbit.oak.security.authentication.token.TokenProviderImpl;
import org.apache.jackrabbit.oak.security.authorization.AccessControlProviderImpl;
import org.apache.jackrabbit.oak.security.principal.PrincipalManagerImpl;
import org.apache.jackrabbit.oak.security.principal.PrincipalProviderImpl;
import org.apache.jackrabbit.oak.security.user.UserContextImpl;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
@@ -57,6 +60,12 @@ public class SecurityProviderImpl implem
@Nonnull
@Override
+ public TokenProvider getTokenProvider(Root root, ConfigurationParameters options) {
+ return new TokenProviderImpl(root, options, getUserContext());
+ }
+
+ @Nonnull
+ @Override
public UserContext getUserContext() {
return new UserContextImpl();
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java Wed Oct 10 11:51:18 2012
@@ -16,14 +16,17 @@
*/
package org.apache.jackrabbit.oak.security.authentication;
+import java.util.Collections;
import javax.jcr.Credentials;
import javax.jcr.GuestCredentials;
import javax.jcr.RepositoryException;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
+import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
+import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
import org.apache.jackrabbit.oak.spi.security.user.PasswordUtility;
@@ -42,8 +45,6 @@ public class AuthenticationImpl implemen
private final UserProvider userProvider;
private final PrincipalProvider principalProvider;
- private Tree userTree;
-
public AuthenticationImpl(String userId, UserProvider userProvider, PrincipalProvider principalProvider) {
this.userId = userId;
this.userProvider = userProvider;
@@ -52,48 +53,41 @@ public class AuthenticationImpl implemen
@Override
public boolean authenticate(Credentials credentials) {
- // TODO
- return true;
-
-// Tree userTree = getUserTree();
-// if (userTree == null || userProvider.isDisabled(userTree)) {
-// return false;
-// }
-//
-// if (credentials instanceof SimpleCredentials) {
-// SimpleCredentials creds = (SimpleCredentials) credentials;
-// return PasswordUtility.isSame(userProvider.getPasswordHash(userTree), creds.getPassword());
-// } else {
-// return credentials instanceof GuestCredentials;
-// }
- }
+ Tree userTree = getUserTree();
+ if (userTree == null || userProvider.isDisabled(userTree)) {
+ return false;
+ }
- @Override
- public boolean impersonate(Subject subject) {
- // TODO
- return true;
-
-// Tree userTree = getUserTree();
-// if (userTree == null || userProvider.isDisabled(userTree)) {
-// return false;
-// } else {
-// try {
-// return userProvider.getImpersonation(userTree, principalProvider).allows(subject);
-// } catch (RepositoryException e) {
-// log.debug("Error while validating impersonation", e.getMessage());
-// return false;
-// }
-// }
+ boolean success;
+ if (credentials instanceof SimpleCredentials) {
+ SimpleCredentials creds = (SimpleCredentials) credentials;
+ success = PasswordUtility.isSame(userProvider.getPasswordHash(userTree), creds.getPassword());
+ } else if (credentials instanceof ImpersonationCredentials) {
+ AuthInfo info = ((ImpersonationCredentials) credentials).getImpersonatorInfo();
+ success = impersonate(info, userTree);
+ } else {
+ // guest login is allowed if an anonymous user exists in the content (see getUserTree above)
+ success = (credentials instanceof GuestCredentials);
+ }
+ return success;
}
//--------------------------------------------------------------------------
private Tree getUserTree() {
if (userProvider == null || userId == null) {
return null;
+ } else {
+ return userProvider.getAuthorizable(userId, AuthorizableType.USER);
}
- if (userTree == null) {
- userTree = userProvider.getAuthorizable(userId, AuthorizableType.USER);
+ }
+
+ private boolean impersonate(AuthInfo info, Tree userTree) {
+ Subject subject = new Subject(true, info.getPrincipals(), Collections.emptySet(), Collections.emptySet());
+ try {
+ return userProvider.getImpersonation(userTree, principalProvider).allows(subject);
+ } catch (RepositoryException e) {
+ log.debug("Error while validating impersonation", e.getMessage());
}
- return userTree;
+ return false;
}
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java Wed Oct 10 11:51:18 2012
@@ -18,7 +18,6 @@ package org.apache.jackrabbit.oak.securi
import java.io.IOException;
import java.security.Principal;
-import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@@ -35,6 +34,7 @@ import javax.security.auth.callback.Unsu
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.oak.api.AuthInfo;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
@@ -111,16 +111,11 @@ public class LoginModuleImpl extends Abs
@Override
public boolean login() throws LoginException {
- // TODO
credentials = getCredentials();
userID = getUserID();
Authentication authentication = new AuthenticationImpl(userID, getUserProvider(), getPrincipalProvider());
boolean success = authentication.authenticate(credentials);
- if (!success) {
- success = impersonate(authentication);
- }
-
if (success) {
principals = getPrincipals(userID);
@@ -157,7 +152,6 @@ public class LoginModuleImpl extends Abs
}
//------------------------------------------------< AbstractLoginModule >---
-
@Override
protected Set<Class> getSupportedCredentials() {
return SUPPORTED_CREDENTIALS;
@@ -197,19 +191,12 @@ public class LoginModuleImpl extends Abs
}
private String getAnonymousID() {
- // TODO
- return "anonymous";
- }
-
- private boolean impersonate(Authentication authentication) {
- if (credentials instanceof ImpersonationCredentials) {
- AuthInfo info = ((ImpersonationCredentials) credentials).getImpersonatorInfo();
- Subject subject = new Subject(true, info.getPrincipals(), Collections.emptySet(), Collections.emptySet());
- if (authentication.impersonate(subject)) {
- return true;
- }
+ SecurityProvider sp = getSecurityProvider();
+ if (sp == null) {
+ return null;
+ } else {
+ return sp.getUserContext().getUserConfig().getAnonymousId();
}
- return false;
}
private AuthInfo createAuthInfo() {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java Wed Oct 10 11:51:18 2012
@@ -19,7 +19,6 @@ package org.apache.jackrabbit.oak.securi
import java.util.Date;
import javax.annotation.Nonnull;
import javax.jcr.Credentials;
-import javax.security.auth.Subject;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
@@ -58,14 +57,6 @@ class TokenAuthentication implements Aut
return success;
}
- /**
- * Always returns {@code false}
- */
- @Override
- public boolean impersonate(Subject subject) {
- return false;
- }
-
//-----------------------------------------------------------< internal >---
@Nonnull
TokenInfo getTokenInfo() {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java Wed Oct 10 11:51:18 2012
@@ -29,7 +29,9 @@ import javax.security.auth.login.LoginEx
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.oak.api.AuthInfo;
+import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.security.authentication.AuthInfoImpl;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.TokenProviderCallback;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
@@ -38,7 +40,8 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
- * TokenLoginModule... TODO
+ * {@code LoginModule} implementation that is able to handle login request
+ * based on {@link TokenCredentials}.
*/
public class TokenLoginModule extends AbstractLoginModule {
@@ -55,7 +58,6 @@ public class TokenLoginModule extends Ab
private Set<? extends Principal> principals;
//--------------------------------------------------------< LoginModule >---
-
@Override
public boolean login() throws LoginException {
tokenProvider = getTokenProvider();
@@ -131,7 +133,12 @@ public class TokenLoginModule extends Ab
//--------------------------------------------------------------------------
private TokenProvider getTokenProvider() {
TokenProvider provider = null;
- if (callbackHandler != null) {
+ SecurityProvider securityProvider = getSecurityProvider();
+ Root root = getRoot();
+ if (root != null && securityProvider != null) {
+ provider = securityProvider.getTokenProvider(root, options);
+ }
+ if (provider == null && callbackHandler != null) {
try {
TokenProviderCallback tcCallback = new TokenProviderCallback();
callbackHandler.handle(new Callback[] {tcCallback});
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java Wed Oct 10 11:51:18 2012
@@ -40,6 +40,7 @@ import org.apache.jackrabbit.oak.api.Cor
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
@@ -99,10 +100,13 @@ public class TokenProviderImpl implement
private final UserProvider userProvider;
private final long tokenExpiration;
+ public TokenProviderImpl(Root root, ConfigurationParameters options, UserContext userContext) {
+ this(root, options.getConfigValue(PARAM_TOKEN_EXPIRATION, Long.valueOf(DEFAULT_TOKEN_EXPIRATION)), userContext);
+ }
+
public TokenProviderImpl(Root root, long tokenExpiration, UserContext userContext) {
this.root = root;
this.tokenExpiration = tokenExpiration;
-
this.userProvider = userContext.getUserProvider(root);
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlProviderImpl.java Wed Oct 10 11:51:18 2012
@@ -32,7 +32,7 @@ import org.apache.jackrabbit.oak.spi.sec
public class AccessControlProviderImpl implements AccessControlProvider {
@Override
- public AccessControlContext createAccessControlContext(Subject subject) {
+ public AccessControlContext getAccessControlContext(Subject subject) {
return new AccessControlContextImpl(subject);
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java Wed Oct 10 11:51:18 2012
@@ -44,7 +44,7 @@ public class PermissionValidatorProvider
// FIXME: should use same provider as in ContentRepositoryImpl
AccessControlContext context = new AccessControlProviderImpl()
- .createAccessControlContext(subject);
+ .getAccessControlContext(subject);
NodeUtil rootBefore = new NodeUtil(new ReadOnlyTree(before));
NodeUtil rootAfter = new NodeUtil(new ReadOnlyTree(after));
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserContextImpl.java Wed Oct 10 11:51:18 2012
@@ -18,6 +18,7 @@ package org.apache.jackrabbit.oak.securi
import java.util.Collections;
import java.util.List;
+import javax.annotation.Nonnull;
import javax.jcr.Session;
import org.apache.jackrabbit.api.security.user.UserManager;
@@ -38,13 +39,19 @@ public class UserContextImpl implements
// TODO add proper configuration
public UserContextImpl() {
- this(new UserConfig("admin"));
+ this(new UserConfig());
}
public UserContextImpl(UserConfig config) {
this.config = config;
}
+ @Nonnull
+ @Override
+ public UserConfig getUserConfig() {
+ return config;
+ }
+
@Override
public UserProvider getUserProvider(Root root) {
return new UserProviderImpl(root, config);
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java Wed Oct 10 11:51:18 2012
@@ -136,9 +136,10 @@ class UserValidator extends DefaultValid
return node.hasPrimaryNodeTypeName(NT_REP_USER) || node.hasPrimaryNodeTypeName(NT_REP_GROUP);
}
+ // FIXME: copied from UserProvider#isAdminUser
private boolean isAdminUser(NodeUtil userNode) {
- // FIXME: add proper implementation
- return userNode.hasPrimaryNodeTypeName(NT_REP_USER) && "admin".equals(userNode.getName());
+ String id = (userNode.getString(REP_AUTHORIZABLE_ID, Text.unescapeIllegalJcrChars(userNode.getName())));
+ return userNode.hasPrimaryNodeTypeName(NT_REP_USER) && provider.getConfig().getAdminId().equals(id);
}
private static void fail(String msg) throws CommitFailedException {
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java?rev=1396552&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.java Wed Oct 10 11:51:18 2012
@@ -0,0 +1,83 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security;
+
+import java.util.Collections;
+import java.util.Map;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * ConfigurationParameters... TODO
+ */
+public class ConfigurationParameters {
+
+ /**
+ * logger instance
+ */
+ private static final Logger log = LoggerFactory.getLogger(ConfigurationParameters.class);
+
+ private final Map<String, Object> options;
+
+ public ConfigurationParameters() {
+ this(null);
+ }
+
+ public ConfigurationParameters(Map<String, ?> options) {
+ this.options = (options == null) ? Collections.<String, Object>emptyMap() : Collections.unmodifiableMap(options);
+ }
+
+ public <T> T getConfigValue(String key, T defaultValue) {
+ if (options != null && options.containsKey(key)) {
+ return convert(options.get(key), defaultValue);
+ } else {
+ return defaultValue;
+ }
+ }
+
+ //--------------------------------------------------------< private >---
+ @SuppressWarnings("unchecked")
+ private static <T> T convert(Object configProperty, T defaultValue) {
+ T value;
+ String str = configProperty.toString();
+ Class targetClass = (defaultValue == null) ? configProperty.getClass() : defaultValue.getClass();
+ try {
+ if (targetClass == configProperty.getClass()) {
+ value = (T) configProperty;
+ } else if (targetClass == String.class) {
+ value = (T) str;
+ } else if (targetClass == Integer.class) {
+ value = (T) Integer.valueOf(str);
+ } else if (targetClass == Long.class) {
+ value = (T) Long.valueOf(str);
+ } else if (targetClass == Double.class) {
+ value = (T) Double.valueOf(str);
+ } else if (targetClass == Boolean.class) {
+ value = (T) Boolean.valueOf(str);
+ } else {
+ // unsupported target type
+ log.warn("Unsupported target type {} for value {}", targetClass.getName(), str);
+ throw new IllegalArgumentException("Cannot convert config entry " + str + " to " + targetClass.getName());
+ }
+ } catch (NumberFormatException e) {
+ log.warn("Invalid value {}; cannot be parsed into {}", str, targetClass.getName());
+ value = defaultValue;
+ }
+ return value;
+ }
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java Wed Oct 10 11:51:18 2012
@@ -28,12 +28,14 @@ import org.apache.jackrabbit.oak.namepat
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.OpenLoginContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlProvider;
import org.apache.jackrabbit.oak.spi.security.principal.OpenPrincipalProvider;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
+import org.apache.jackrabbit.oak.spi.security.user.UserConfig;
import org.apache.jackrabbit.oak.spi.security.user.UserContext;
import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
import org.apache.jackrabbit.oak.spi.state.NodeStore;
@@ -57,11 +59,23 @@ public class OpenSecurityProvider implem
@Nonnull
@Override
+ public TokenProvider getTokenProvider(Root root, ConfigurationParameters options) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Nonnull
+ @Override
public UserContext getUserContext() {
// TODO
return new UserContext() {
@Nonnull
@Override
+ public UserConfig getUserConfig() {
+ return new UserConfig();
+ }
+
+ @Nonnull
+ @Override
public UserProvider getUserProvider(Root root) {
throw new UnsupportedOperationException();
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityProvider.java Wed Oct 10 11:51:18 2012
@@ -18,7 +18,9 @@ package org.apache.jackrabbit.oak.spi.se
import javax.annotation.Nonnull;
+import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserContext;
@@ -36,6 +38,9 @@ public interface SecurityProvider {
AccessControlProvider getAccessControlProvider();
@Nonnull
+ TokenProvider getTokenProvider(Root root, ConfigurationParameters options);
+
+ @Nonnull
UserContext getUserContext(); // TODO review naming consistency
@Nonnull
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java Wed Oct 10 11:51:18 2012
@@ -33,12 +33,12 @@ import javax.security.auth.spi.LoginModu
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.CredentialsCallback;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.PrincipalProviderCallback;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.RepositoryCallback;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.SecurityProviderCallback;
-import org.apache.jackrabbit.oak.spi.security.principal.OpenPrincipalProvider;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
import org.slf4j.Logger;
@@ -70,6 +70,7 @@ public abstract class AbstractLoginModul
protected Subject subject;
protected CallbackHandler callbackHandler;
protected Map sharedState;
+ protected ConfigurationParameters options;
private SecurityProvider securityProvider;
private Root root;
@@ -80,6 +81,7 @@ public abstract class AbstractLoginModul
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
+ this.options = new ConfigurationParameters(options);
}
@Override
@@ -175,44 +177,40 @@ public abstract class AbstractLoginModul
@CheckForNull
protected PrincipalProvider getPrincipalProvider() {
- // TODO: replace fake pp to enable proper principal resolution.
- return new OpenPrincipalProvider();
-// PrincipalProvider principalProvider = null;
-//
-// SecurityProvider sp = getSecurityProvider();
-// Root r = getRoot();
-// if (root != null && securityProvider != null) {
-// principalProvider = securityProvider.getPrincipalConfiguration().getPrincipalProvider(root, NamePathMapper.DEFAULT);
-// }
-//
-// if (principalProvider == null && callbackHandler != null) {
-// try {
-// PrincipalProviderCallback principalCallBack = new PrincipalProviderCallback();
-// callbackHandler.handle(new Callback[] {principalCallBack});
-// principalProvider = principalCallBack.getPrincipalProvider();
-// } catch (IOException e) {
-// log.debug(e.getMessage());
-// } catch (UnsupportedCallbackException e) {
-// log.debug(e.getMessage());
-// }
-// }
-// return principalProvider;
+ PrincipalProvider principalProvider = null;
+ SecurityProvider sp = getSecurityProvider();
+ Root root = getRoot();
+ if (root != null && sp != null) {
+ principalProvider = sp.getPrincipalConfiguration().getPrincipalProvider(root, NamePathMapper.DEFAULT);
+ }
+
+ if (principalProvider == null && callbackHandler != null) {
+ try {
+ PrincipalProviderCallback principalCallBack = new PrincipalProviderCallback();
+ callbackHandler.handle(new Callback[] {principalCallBack});
+ principalProvider = principalCallBack.getPrincipalProvider();
+ } catch (IOException e) {
+ log.debug(e.getMessage());
+ } catch (UnsupportedCallbackException e) {
+ log.debug(e.getMessage());
+ }
+ }
+ return principalProvider;
}
@CheckForNull
protected UserProvider getUserProvider() {
- return null; // TODO
-// SecurityProvider sp = getSecurityProvider();
-// Root r = getRoot();
-// if (root != null && securityProvider != null) {
-// return securityProvider.getUserContext().getUserProvider(root);
-// } else {
-// return null;
-// }
+ SecurityProvider sp = getSecurityProvider();
+ Root root = getRoot();
+ if (root != null && sp != null) {
+ return sp.getUserContext().getUserProvider(root);
+ } else {
+ return null;
+ }
}
@CheckForNull
- private SecurityProvider getSecurityProvider() {
+ protected SecurityProvider getSecurityProvider() {
if (securityProvider == null && callbackHandler != null) {
SecurityProviderCallback scb = new SecurityProviderCallback();
try {
@@ -228,8 +226,8 @@ public abstract class AbstractLoginModul
}
@CheckForNull
- private Root getRoot() {
- if (root == null) {
+ protected Root getRoot() {
+ if (root == null && callbackHandler != null) {
RepositoryCallback rcb = new RepositoryCallback();
try {
callbackHandler.handle(new Callback[] {rcb});
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java Wed Oct 10 11:51:18 2012
@@ -17,7 +17,6 @@
package org.apache.jackrabbit.oak.spi.security.authentication;
import javax.jcr.Credentials;
-import javax.security.auth.Subject;
/**
* The {@code Authentication} interface defines methods to validate
@@ -46,15 +45,4 @@ public interface Authentication {
* if the specified credentials are not supported or if validation failed.
*/
boolean authenticate(Credentials credentials);
-
- /**
- * Test if the given subject (i.e. any of the principals it contains) is
- * allowed to impersonate.
- *
- * @param subject The subject that wants to impersonate.
- * @return true if this {@code Impersonation} allows the specified
- * set of principals to impersonate.
- */
- boolean impersonate(Subject subject);
-
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenProvider.java Wed Oct 10 11:51:18 2012
@@ -25,9 +25,14 @@ import javax.jcr.Credentials;
public interface TokenProvider {
/**
+ * Optional configuration parameter to set the token expiration time in ms.
+ */
+ public static final String PARAM_TOKEN_EXPIRATION = "tokenExpiration";
+
+ /**
* Default expiration time in ms for login tokens is 2 hours.
*/
- long TOKEN_EXPIRATION = 2 * 3600 * 1000;
+ long DEFAULT_TOKEN_EXPIRATION = 2 * 3600 * 1000;
boolean doCreateToken(Credentials credentials);
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlProvider.java Wed Oct 10 11:51:18 2012
@@ -26,7 +26,7 @@ import org.apache.jackrabbit.oak.spi.com
*/
public interface AccessControlProvider {
- public AccessControlContext createAccessControlContext(Subject subject);
+ public AccessControlContext getAccessControlContext(Subject subject);
public List<ValidatorProvider> getValidatorProviders();
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java Wed Oct 10 11:51:18 2012
@@ -24,13 +24,13 @@ import org.apache.jackrabbit.oak.spi.com
/**
* This class implements an {@link AccessControlProvider} which grants
- * full access to any {@link Subject} passed to {@link #createAccessControlContext(Subject)}.
+ * full access to any {@link Subject} passed to {@link #getAccessControlContext(Subject)}.
*/
public class OpenAccessControlProvider
implements AccessControlProvider {
@Override
- public AccessControlContext createAccessControlContext(Subject subject) {
+ public AccessControlContext getAccessControlContext(Subject subject) {
return new AccessControlContext() {
@Override
public CompiledPermissions getPermissions() {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/OpenPrincipalProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/OpenPrincipalProvider.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/OpenPrincipalProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/OpenPrincipalProvider.java Wed Oct 10 11:51:18 2012
@@ -50,10 +50,6 @@ public class OpenPrincipalProvider imple
Principal p = getPrincipal(userID);
principals.add(p);
principals.addAll(getGroupMembership(p));
- // TODO: remove again (currently needed because LoginContextProviderImpl uses this dummy principal provider)
- if ("admin".equals(userID)) {
- principals.add(AdminPrincipal.INSTANCE);
- }
return principals;
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConfig.java Wed Oct 10 11:51:18 2012
@@ -21,22 +21,26 @@ import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import static com.google.common.base.Preconditions.checkNotNull;
-
/**
* UserConfig provides utilities to retrieve configuration options
* related to user management. In addition it defines some constants that
* have been used in Jackrabbit 2.0 default user management implementation.
*/
-public class UserConfig {
+public class UserConfig extends ConfigurationParameters {
private static final Logger log = LoggerFactory.getLogger(UserConfig.class);
/**
+ * Configuration option defining the ID of the administrator user.
+ */
+ public static final String PARAM_ADMIN_ID = "adminId";
+
+ /**
* Configuration option defining the ID of the anonymous user. The ID
* might be {@code null} of no anonymous user exists. In this case
* Session#getUserID() may return {@code null} if it has been obtained
@@ -93,68 +97,28 @@ public class UserConfig {
*/
public static final String PARAM_PASSWORD_SALT_SIZE = "passwordSaltSize";
- private final String adminId;
- private final Map<String, Object> options;
private final Set<AuthorizableAction> actions;
- public UserConfig(String adminId) {
- this(adminId, null, null);
+ public UserConfig() {
+ this(null, null);
}
- public UserConfig(String adminId, Map<String, Object> options, Set<AuthorizableAction> actions) {
- this.adminId = checkNotNull(adminId);
- this.options = (options == null) ? Collections.<String, Object>emptyMap() : Collections.unmodifiableMap(options);
+ public UserConfig(Map<String, Object> options, Set<AuthorizableAction> actions) {
+ super(options);
this.actions = (actions == null) ? Collections.<AuthorizableAction>emptySet() : Collections.unmodifiableSet(actions);
}
@Nonnull
public String getAdminId() {
- return adminId;
+ return getConfigValue(PARAM_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID);
}
public String getAnonymousId() {
- return getConfigValue(PARAM_ANONYMOUS_ID, null);
- }
-
- public <T> T getConfigValue(String key, T defaultValue) {
- if (options != null && options.containsKey(key)) {
- return convert(options.get(key), defaultValue);
- } else {
- return defaultValue;
- }
+ return getConfigValue(PARAM_ANONYMOUS_ID, UserConstants.DEFAULT_ANONYMOUS_ID);
}
@Nonnull
public AuthorizableAction[] getAuthorizableActions() {
return actions.toArray(new AuthorizableAction[actions.size()]);
}
-
- //--------------------------------------------------------< private >---
- @SuppressWarnings("unchecked")
- private static <T> T convert(Object configProperty, T defaultValue) {
- T value;
- String str = configProperty.toString();
- Class targetClass = (defaultValue == null) ? String.class : defaultValue.getClass();
- try {
- if (targetClass == String.class) {
- value = (T) str;
- } else if (targetClass == Integer.class) {
- value = (T) Integer.valueOf(str);
- } else if (targetClass == Long.class) {
- value = (T) Long.valueOf(str);
- } else if (targetClass == Double.class) {
- value = (T) Double.valueOf(str);
- } else if (targetClass == Boolean.class) {
- value = (T) Boolean.valueOf(str);
- } else {
- // unsupported target type
- log.warn("Unsupported target type {} for value {}", targetClass.getName(), str);
- throw new IllegalArgumentException("Cannot convert config entry " + str + " to " + targetClass.getName());
- }
- } catch (NumberFormatException e) {
- log.warn("Invalid value {}; cannot be parsed into {}", str, targetClass.getName());
- value = defaultValue;
- }
- return value;
- }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserConstants.java Wed Oct 10 11:51:18 2012
@@ -36,4 +36,7 @@ public interface UserConstants {
String DEFAULT_USER_PATH = "/rep:security/rep:authorizables/rep:users";
String DEFAULT_GROUP_PATH = "/rep:security/rep:authorizables/rep:groups";
int DEFAULT_DEPTH = 2;
+
+ String DEFAULT_ADMIN_ID = "admin";
+ String DEFAULT_ANONYMOUS_ID = "anonymous";
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserContext.java Wed Oct 10 11:51:18 2012
@@ -31,6 +31,9 @@ import org.apache.jackrabbit.oak.spi.com
public interface UserContext {
@Nonnull
+ UserConfig getUserConfig();
+
+ @Nonnull
UserProvider getUserProvider(Root root);
@Nonnull
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ConfigurationParametersTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ConfigurationParametersTest.java?rev=1396552&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ConfigurationParametersTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ConfigurationParametersTest.java Wed Oct 10 11:51:18 2012
@@ -0,0 +1,112 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.user;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertNotNull;
+import static junit.framework.Assert.assertNull;
+
+/**
+ * ConfigurationParametersTest...
+ */
+public class ConfigurationParametersTest {
+
+ @Before
+ public void setup() {}
+
+ @After
+ public void tearDown() {}
+
+ @Test
+ public void testDefaultValue() {
+ TestObject testObject = new TestObject("t");
+ Integer int1000 = new Integer(1000);
+
+ ConfigurationParameters options = new ConfigurationParameters();
+
+ assertNull(options.getConfigValue("some", null));
+ assertEquals(testObject, options.getConfigValue("some", testObject));
+ assertEquals(int1000, options.getConfigValue("some", int1000));
+ }
+
+ @Test
+ public void testConversion() {
+ TestObject testObject = new TestObject("t");
+ Integer int1000 = new Integer(1000);
+
+ Map<String,Object> m = new HashMap<String, Object>();
+ m.put("TEST", testObject);
+ m.put("String", "1000");
+ m.put("Int2", new Integer(1000));
+ m.put("Int3", 1000);
+
+
+ ConfigurationParameters options = new ConfigurationParameters(m);
+
+ assertNotNull(options.getConfigValue("TEST", null));
+ assertEquals(testObject, options.getConfigValue("TEST", null));
+ assertEquals(testObject, options.getConfigValue("TEST", testObject));
+ assertEquals("t", options.getConfigValue("TEST", "defaultString"));
+
+ assertEquals("1000", options.getConfigValue("String", null));
+ assertEquals(int1000, options.getConfigValue("String", new Integer(10)));
+ assertEquals(new Long(1000), options.getConfigValue("String", new Long(10)));
+ assertEquals("1000", options.getConfigValue("String", "10"));
+
+ assertEquals(int1000, options.getConfigValue("Int2", null));
+ assertEquals(int1000, options.getConfigValue("Int2", new Integer(10)));
+ assertEquals("1000", options.getConfigValue("Int2", "1000"));
+
+ assertEquals(1000, options.getConfigValue("Int3", null));
+ assertEquals(int1000, options.getConfigValue("Int3", null));
+ assertEquals(int1000, options.getConfigValue("Int3", new Integer(10)));
+ assertEquals("1000", options.getConfigValue("Int3", "1000"));
+ }
+
+
+
+ private class TestObject {
+
+ private final String name;
+
+ private TestObject(String name) {
+ this.name = name;
+ }
+
+ public String toString() {
+ return name;
+ }
+
+ public boolean equals(Object object) {
+ if (object == this) {
+ return true;
+ }
+ if (object instanceof TestObject) {
+ return name.equals(((TestObject) object).name);
+ }
+ return false;
+ }
+ }
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java?rev=1396552&r1=1396551&r2=1396552&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java Wed Oct 10 11:51:18 2012
@@ -76,7 +76,7 @@ public class UserProviderImplTest extend
contentSession = createAdminSession();
root = contentSession.getLatestRoot();
- defaultConfig = new UserConfig("admin");
+ defaultConfig = new UserConfig();
defaultUserPath = defaultConfig.getConfigValue(UserConfig.PARAM_USER_PATH, UserConstants.DEFAULT_USER_PATH);
defaultGroupPath = defaultConfig.getConfigValue(UserConfig.PARAM_GROUP_PATH, UserConstants.DEFAULT_GROUP_PATH);
@@ -113,7 +113,7 @@ public class UserProviderImplTest extend
private UserProvider createUserProvider(int defaultDepth) {
Map<String, Object> options = new HashMap<String, Object>(customOptions);
options.put(UserConfig.PARAM_DEFAULT_DEPTH, defaultDepth);
- return new UserProviderImpl(root, new UserConfig("admin", options, Collections.<AuthorizableAction>emptySet()));
+ return new UserProviderImpl(root, new UserConfig(options, Collections.<AuthorizableAction>emptySet()));
}
@Test