You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2020/09/08 12:52:28 UTC
svn commit: r1881558 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/core/
oak-core/src/test/java/org/apache/jackrabbit/oak/core/ oak-jcr/
oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/
oak-jcr/src/test/java/...
Author: angela
Date: Tue Sep 8 12:52:27 2020
New Revision: 1881558
URL: http://svn.apache.org/viewvc?rev=1881558&view=rev
Log:
OAK-9185 : AbstractAccessControlManager: improve refresh strategy of PermissionProvider
Added:
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/delegate/
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegateTest.java (with props)
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionAware.java (with props)
jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/PermissionAwareTest.java (with props)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/MutableRoot.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/MutableRootTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestPermissionProvider.java
jackrabbit/oak/trunk/oak-jcr/pom.xml
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegate.java
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManager.java
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/package-info.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/MutableRoot.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/MutableRoot.java?rev=1881558&r1=1881557&r2=1881558&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/MutableRoot.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/MutableRoot.java Tue Sep 8 12:52:27 2020
@@ -61,13 +61,14 @@ import org.apache.jackrabbit.oak.spi.que
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionAware;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.spi.state.NodeStore;
import org.jetbrains.annotations.NotNull;
-class MutableRoot implements Root {
+class MutableRoot implements Root, PermissionAware {
/**
* The underlying store to which this root belongs
@@ -374,6 +375,13 @@ class MutableRoot implements Root {
.build();
}
+ //--------------------------------------------------------------------------------------------< PermissionAware >---
+ @NotNull
+ @Override
+ public PermissionProvider getPermissionProvider() {
+ return permissionProvider.get();
+ }
+
//---------------------------------------------------------< MoveRecord >---
/**
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/MutableRootTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/MutableRootTest.java?rev=1881558&r1=1881557&r2=1881558&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/MutableRootTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/MutableRootTest.java Tue Sep 8 12:52:27 2020
@@ -20,8 +20,10 @@ import java.security.Principal;
import java.util.Set;
import javax.security.auth.Subject;
+import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.commons.LazyValue;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.memory.MemoryNodeStore;
import org.apache.jackrabbit.oak.spi.commit.EmptyHook;
@@ -40,13 +42,19 @@ import org.junit.Test;
import org.mockito.Mockito;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
public class MutableRootTest {
private final NodeStore store = new MemoryNodeStore();
- private final TestPermissionProvider permissionProvider = new TestPermissionProvider();
+ private final TestPermissionProvider permissionProvider = spy(new TestPermissionProvider());
private MutableRoot root;
@@ -100,6 +108,29 @@ public class MutableRootTest {
assertEquals(nb2.exists(), nb.exists());
}
+ @Test
+ public void testPermissionAware() throws CommitFailedException {
+ PermissionProvider pp = root.getPermissionProvider();
+ assertNotNull(pp);
+ assertSame(permissionProvider, pp);
+ assertSame(permissionProvider, root.getPermissionProvider());
+ root.refresh();
+ assertSame(permissionProvider, root.getPermissionProvider());
+ root.rebase();
+ assertSame(permissionProvider, root.getPermissionProvider());
+ root.commit();
+ assertSame(permissionProvider, root.getPermissionProvider());
+ verify(permissionProvider, times(3)).refresh();
+ }
+
+ @Test
+ public void testPermissionAwareNoValue() throws CommitFailedException {
+ root.refresh();
+ root.rebase();
+ root.commit();
+ verify(permissionProvider, never()).refresh();
+ }
+
private boolean canReadRootTree(@NotNull Tree t) {
return permissionProvider.getTreePermission(t, TreePermission.EMPTY).canRead();
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestPermissionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestPermissionProvider.java?rev=1881558&r1=1881557&r2=1881558&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestPermissionProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestPermissionProvider.java Tue Sep 8 12:52:27 2020
@@ -30,7 +30,7 @@ import org.jetbrains.annotations.Nullabl
* Dummy permission provider implementation that grants read access to all trees
* that have a name that isn't equal to {@link #NAME_NON_ACCESSIBLE}.
*/
-final class TestPermissionProvider implements PermissionProvider {
+class TestPermissionProvider implements PermissionProvider {
static final String NAME_ACCESSIBLE = "accessible";
static final String NAME_NON_ACCESSIBLE = "notAccessible";
Modified: jackrabbit/oak/trunk/oak-jcr/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/pom.xml?rev=1881558&r1=1881557&r2=1881558&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-jcr/pom.xml Tue Sep 8 12:52:27 2020
@@ -483,6 +483,11 @@
<version>1.3.2</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ <scope>test</scope>
+ </dependency>
<dependency>
<groupId>junit-addons</groupId>
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegate.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegate.java?rev=1881558&r1=1881557&r2=1881558&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegate.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegate.java Tue Sep 8 12:52:27 2020
@@ -57,6 +57,7 @@ import org.apache.jackrabbit.oak.jcr.ses
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionAware;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.stats.Clock;
import org.apache.jackrabbit.oak.stats.StatisticManager;
@@ -104,6 +105,7 @@ public class SessionDelegate {
private String userData = null;
private PermissionProvider permissionProvider;
+ private boolean refreshPermissionProvider = false;
/**
* The lock used to guarantee synchronized execution of repository
@@ -344,7 +346,7 @@ public class SessionDelegate {
info.put(EventFactory.USER_DATA, userData);
}
root.commit(info.build());
- if (permissionProvider != null) {
+ if (permissionProvider != null && refreshPermissionProvider) {
permissionProvider.refresh();
}
}
@@ -514,7 +516,7 @@ public class SessionDelegate {
} else {
root.refresh();
}
- if (permissionProvider != null) {
+ if (permissionProvider != null && refreshPermissionProvider) {
permissionProvider.refresh();
}
}
@@ -581,9 +583,14 @@ public class SessionDelegate {
@NotNull
public PermissionProvider getPermissionProvider() {
if (permissionProvider == null) {
- permissionProvider = checkNotNull(securityProvider)
- .getConfiguration(AuthorizationConfiguration.class)
- .getPermissionProvider(root, getWorkspaceName(), getAuthInfo().getPrincipals());
+ if (root instanceof PermissionAware) {
+ permissionProvider = ((PermissionAware) root).getPermissionProvider();
+ } else {
+ permissionProvider = checkNotNull(securityProvider)
+ .getConfiguration(AuthorizationConfiguration.class)
+ .getPermissionProvider(root, getWorkspaceName(), getAuthInfo().getPrincipals());
+ refreshPermissionProvider = true;
+ }
}
return permissionProvider;
}
Added: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegateTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegateTest.java?rev=1881558&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegateTest.java (added)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegateTest.java Tue Sep 8 12:52:27 2020
@@ -0,0 +1,145 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.jcr.delegate;
+
+import org.apache.jackrabbit.oak.Oak;
+import org.apache.jackrabbit.oak.api.AuthInfo;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.jcr.session.RefreshStrategy;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionAware;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
+import org.apache.jackrabbit.oak.spi.whiteboard.DefaultWhiteboard;
+import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
+import org.apache.jackrabbit.oak.stats.Clock;
+import org.apache.jackrabbit.oak.stats.StatisticManager;
+import org.jetbrains.annotations.NotNull;
+import org.junit.Test;
+import org.mockito.MockSettings;
+import org.mockito.stubbing.Answer;
+
+import java.util.Collections;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.withSettings;
+
+public class SessionDelegateTest {
+
+ @NotNull
+ private static SessionDelegate mockSessionDelegate(@NotNull Root root, @NotNull PermissionProvider pp) {
+ ScheduledExecutorService executorService = Executors.newSingleThreadScheduledExecutor();
+ Whiteboard wb = new DefaultWhiteboard();
+ StatisticManager statisticManager = new StatisticManager(wb, executorService);
+ return new SessionDelegate(mockContentSession(root), mockSecurityProvider(root, pp),
+ RefreshStrategy.Composite.create(), new ThreadLocal<>(), statisticManager, new Clock.Virtual());
+ }
+
+ @NotNull
+ private static Root mockRoot(@NotNull PermissionProvider pp, boolean permissionAware) {
+ MockSettings s = withSettings();
+ if (permissionAware) {
+ s.extraInterfaces(PermissionAware.class);
+ }
+ Root r = mock(Root.class, s);
+ Answer answer = invocationOnMock -> {
+ pp.refresh();
+ return invocationOnMock;
+ };
+ doAnswer(answer).when(r).refresh();
+ doAnswer(answer).when(r).rebase();
+
+ Tree t = mock(Tree.class);
+ when(t.getChild(anyString())).thenReturn(t);
+ when(r.getTree(anyString())).thenReturn(t);
+
+ if (permissionAware) {
+ when(((PermissionAware) r).getPermissionProvider()).thenReturn(pp);
+ }
+ return r;
+ }
+
+ @NotNull
+ private static SecurityProvider mockSecurityProvider(@NotNull Root root, @NotNull PermissionProvider pp) {
+ AuthorizationConfiguration authorizationConfiguration = mock(AuthorizationConfiguration.class);
+ when(authorizationConfiguration.getPermissionProvider(root, Oak.DEFAULT_WORKSPACE_NAME, Collections.emptySet())).thenReturn(pp);
+
+ SecurityProvider securityProvider = mock(SecurityProvider.class);
+ when(securityProvider.getConfiguration(AuthorizationConfiguration.class)).thenReturn(authorizationConfiguration);
+ return securityProvider;
+ }
+
+ @NotNull
+ private static ContentSession mockContentSession(@NotNull Root root) {
+ ContentSession cs = when(mock(ContentSession.class).getAuthInfo()).thenReturn(AuthInfo.EMPTY).getMock();
+ when(cs.getWorkspaceName()).thenReturn(Oak.DEFAULT_WORKSPACE_NAME);
+ when(cs.getLatestRoot()).thenReturn(root);
+ when(root.getContentSession()).thenReturn(cs);
+ return cs;
+ }
+
+ @Test
+ public void testRefreshAware() {
+ PermissionProvider pp = mock(PermissionProvider.class);
+ Root r = mockRoot(pp, true);
+ SessionDelegate delegate = mockSessionDelegate(r, pp);
+
+ PermissionAware pa = (PermissionAware) r;
+ verify(pa, never()).getPermissionProvider();
+
+ // calling refresh without permissionprovider field being assigned
+ delegate.refresh(true);
+ delegate.refresh(false);
+ verify(pp, times(2)).refresh();
+
+ // calling refresh with permissionprovider field being assigned
+ delegate.getPermissionProvider();
+ delegate.refresh(true);
+ delegate.refresh(false);
+ verify(pp, times(4)).refresh();
+
+ verify(pa, times(1)).getPermissionProvider();
+ }
+
+ @Test
+ public void testRefreshUnaware() {
+ PermissionProvider pp = mock(PermissionProvider.class);
+ Root r = mockRoot(pp, false);
+ SessionDelegate delegate = mockSessionDelegate(r, pp);
+
+ // calling refresh without permissionprovider field being assigned
+ delegate.refresh(true);
+ delegate.refresh(false);
+ verify(pp, times(2)).refresh();
+
+ // calling refresh with permissionprovider field being assigned
+ delegate.getPermissionProvider();
+ delegate.refresh(true);
+ delegate.refresh(false);
+ verify(pp, times(6)).refresh();
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegateTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManager.java?rev=1881558&r1=1881557&r2=1881558&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManager.java (original)
+++ jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManager.java Tue Sep 8 12:52:27 2020
@@ -16,16 +16,6 @@
*/
package org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol;
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Set;
-
-import javax.jcr.AccessDeniedException;
-import javax.jcr.PathNotFoundException;
-import javax.jcr.RepositoryException;
-import javax.jcr.security.AccessControlException;
-import javax.jcr.security.Privilege;
-
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.oak.api.Root;
@@ -34,6 +24,7 @@ import org.apache.jackrabbit.oak.commons
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionAware;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
@@ -42,6 +33,15 @@ import org.jetbrains.annotations.Nullabl
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import javax.jcr.AccessDeniedException;
+import javax.jcr.PathNotFoundException;
+import javax.jcr.RepositoryException;
+import javax.jcr.security.AccessControlException;
+import javax.jcr.security.Privilege;
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
+
/**
* Default implementation of the {@code JackrabbitAccessControlManager} interface.
* This implementation covers both editing access control content by path and
@@ -58,6 +58,7 @@ public abstract class AbstractAccessCont
private final PrivilegeManager privilegeManager;
private PermissionProvider permissionProvider;
+ private boolean doRefresh = false;
protected AbstractAccessControlManager(@NotNull Root root,
@NotNull NamePathMapper namePathMapper,
@@ -176,9 +177,16 @@ public abstract class AbstractAccessCont
@NotNull
protected PermissionProvider getPermissionProvider() {
if (permissionProvider == null) {
- permissionProvider = config.getPermissionProvider(root, workspaceName, getPrincipals());
+ if (root instanceof PermissionAware) {
+ permissionProvider = ((PermissionAware) root).getPermissionProvider();
+ } else {
+ permissionProvider = config.getPermissionProvider(root, workspaceName, getPrincipals());
+ doRefresh = true;
+ }
} else {
- permissionProvider.refresh();
+ if (doRefresh) {
+ permissionProvider.refresh();
+ }
}
return permissionProvider;
}
Added: jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionAware.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionAware.java?rev=1881558&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionAware.java (added)
+++ jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionAware.java Tue Sep 8 12:52:27 2020
@@ -0,0 +1,25 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization.permission;
+
+import org.jetbrains.annotations.NotNull;
+
+public interface PermissionAware {
+
+ @NotNull
+ PermissionProvider getPermissionProvider();
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionAware.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/package-info.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/package-info.java?rev=1881558&r1=1881557&r2=1881558&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/package-info.java (original)
+++ jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/package-info.java Tue Sep 8 12:52:27 2020
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("4.2.0")
+@Version("4.3.0")
package org.apache.jackrabbit.oak.spi.security.authorization.permission;
import org.osgi.annotation.versioning.Version;
Added: jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/PermissionAwareTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/PermissionAwareTest.java?rev=1881558&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/PermissionAwareTest.java (added)
+++ jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/PermissionAwareTest.java Tue Sep 8 12:52:27 2020
@@ -0,0 +1,99 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol;
+
+import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
+import org.apache.jackrabbit.oak.api.AuthInfo;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionAware;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+import java.util.Collections;
+
+import static org.junit.Assert.assertSame;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.CALLS_REAL_METHODS;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+import static org.mockito.Mockito.withSettings;
+
+public class PermissionAwareTest extends AbstractAccessControlTest {
+
+ private PermissionProvider permissionProvider = mock(PermissionProvider.class);
+
+ private Root awareRoot;
+ private Root unawareRoot;
+
+ private SecurityProvider securityProvider;
+
+ @Before
+ public void before() throws Exception {
+ ContentSession cs = when(mock(ContentSession.class).getAuthInfo()).thenReturn(AuthInfo.EMPTY).getMock();
+ when(cs.getWorkspaceName()).thenReturn("wsp");
+
+ awareRoot = when(mock(Root.class, withSettings().extraInterfaces(PermissionAware.class)).getContentSession()).thenReturn(cs).getMock();
+ when(((PermissionAware) awareRoot).getPermissionProvider()).thenReturn(permissionProvider);
+
+ unawareRoot = when(mock(Root.class).getContentSession()).thenReturn(cs).getMock();
+
+ PrivilegeManager privilegeManager = mock(PrivilegeManager.class);
+ PrivilegeConfiguration privilegeConfiguration = Mockito.mock(PrivilegeConfiguration.class);
+ when(privilegeConfiguration.getPrivilegeManager(any(Root.class), any(NamePathMapper.class))).thenReturn(privilegeManager);
+
+ AuthorizationConfiguration authorizationConfiguration = mock(AuthorizationConfiguration.class);
+ when(authorizationConfiguration.getPermissionProvider(unawareRoot, "wsp", Collections.emptySet())).thenReturn(permissionProvider);
+
+ securityProvider = mock(SecurityProvider.class);
+ when(securityProvider.getConfiguration(PrivilegeConfiguration.class)).thenReturn(privilegeConfiguration);
+ when(securityProvider.getConfiguration(AuthorizationConfiguration.class)).thenReturn(authorizationConfiguration);
+ }
+
+ @Test
+ public void testGetPermissionProviderRootAware() {
+ PermissionAware pa = (PermissionAware) awareRoot;
+ AbstractAccessControlManager acMgr = mock(AbstractAccessControlManager.class, withSettings().useConstructor(awareRoot, getNamePathMapper(), securityProvider).defaultAnswer(CALLS_REAL_METHODS));
+ verify(pa, never()).getPermissionProvider();
+
+ assertSame(permissionProvider, acMgr.getPermissionProvider());
+ assertSame(permissionProvider, acMgr.getPermissionProvider());
+
+ verify(permissionProvider, never()).refresh();
+ verify(pa, times(1)).getPermissionProvider();
+ }
+
+ @Test
+ public void testGetPermissionProviderRootNotAware() {
+ AbstractAccessControlManager acMgr = mock(AbstractAccessControlManager.class, withSettings().useConstructor(unawareRoot, getNamePathMapper(), securityProvider).defaultAnswer(CALLS_REAL_METHODS));
+ assertSame(permissionProvider, acMgr.getPermissionProvider());
+ verify(permissionProvider, never()).refresh();
+
+ assertSame(permissionProvider, acMgr.getPermissionProvider());
+ assertSame(permissionProvider, acMgr.getPermissionProvider());
+ verify(permissionProvider, times(2)).refresh();
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/PermissionAwareTest.java
------------------------------------------------------------------------------
svn:eol-style = native