You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/10/19 12:05:28 UTC
svn commit: r1400020 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak:
security/user/ security/user/query/ spi/security/user/
spi/security/user/action/
Author: angela
Date: Fri Oct 19 10:05:28 2012
New Revision: 1400020
URL: http://svn.apache.org/viewvc?rev=1400020&view=rev
Log:
OAK-50 : Implement User Management (WIP)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserQueryManager.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableProperties.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/OakAuthorizableProperties.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/AuthorizableType.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java?rev=1400020&r1=1400019&r2=1400020&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableImpl.java Fri Oct 19 10:05:28 2012
@@ -68,33 +68,21 @@ abstract class AuthorizableImpl implemen
}
//-------------------------------------------------------< Authorizable >---
- /**
- * @see org.apache.jackrabbit.api.security.user.Authorizable#getID()
- */
@Override
public String getID() {
return id;
}
- /**
- * @see Authorizable#declaredMemberOf()
- */
@Override
public Iterator<Group> declaredMemberOf() throws RepositoryException {
return getMembership(false);
}
- /**
- * @see Authorizable#memberOf()
- */
@Override
public Iterator<Group> memberOf() throws RepositoryException {
return getMembership(true);
}
- /**
- * @see org.apache.jackrabbit.api.security.user.Authorizable#remove()
- */
@Override
public void remove() throws RepositoryException {
// don't allow for removal of the administrator even if the executing
@@ -106,65 +94,41 @@ abstract class AuthorizableImpl implemen
getTree().remove();
}
- /**
- * @see org.apache.jackrabbit.api.security.user.Authorizable#getPropertyNames()
- */
@Override
public Iterator<String> getPropertyNames() throws RepositoryException {
return getPropertyNames(".");
}
- /**
- * @see Authorizable#getPropertyNames(String)
- */
@Override
public Iterator<String> getPropertyNames(String relPath) throws RepositoryException {
return getAuthorizableProperties().getNames(relPath);
}
- /**
- * @see org.apache.jackrabbit.api.security.user.Authorizable#hasProperty(String)
- */
@Override
public boolean hasProperty(String relPath) throws RepositoryException {
return getAuthorizableProperties().hasProperty(relPath);
}
- /**
- * @see org.apache.jackrabbit.api.security.user.Authorizable#getProperty(String)
- */
@Override
public Value[] getProperty(String relPath) throws RepositoryException {
return getAuthorizableProperties().getProperty(relPath);
}
- /**
- * @see org.apache.jackrabbit.api.security.user.Authorizable#setProperty(String, javax.jcr.Value)
- */
@Override
public void setProperty(String relPath, Value value) throws RepositoryException {
getAuthorizableProperties().setProperty(relPath, value);
}
- /**
- * @see org.apache.jackrabbit.api.security.user.Authorizable#setProperty(String, javax.jcr.Value[])
- */
@Override
public void setProperty(String relPath, Value[] values) throws RepositoryException {
getAuthorizableProperties().setProperty(relPath, values);
}
- /**
- * @see org.apache.jackrabbit.api.security.user.Authorizable#removeProperty(String)
- */
@Override
public boolean removeProperty(String relPath) throws RepositoryException {
return getAuthorizableProperties().removeProperty(relPath);
}
- /**
- * @see org.apache.jackrabbit.api.security.user.Authorizable#getPath()
- */
@Override
public String getPath() throws RepositoryException {
Node n = getNode();
@@ -176,9 +140,6 @@ abstract class AuthorizableImpl implemen
}
//-------------------------------------------------------------< Object >---
- /**
- * @see Object#hashCode()
- */
@Override
public int hashCode() {
if (hashCode == 0) {
@@ -198,9 +159,6 @@ abstract class AuthorizableImpl implemen
return hashCode;
}
- /**
- * @see Object#equals(Object)
- */
@Override
public boolean equals(Object obj) {
if (obj == this) {
@@ -214,9 +172,6 @@ abstract class AuthorizableImpl implemen
return false;
}
- /**
- * @see Object#toString()
- */
@Override
public String toString() {
String typeStr = (isGroup()) ? "Group '" : "User '";
@@ -226,15 +181,11 @@ abstract class AuthorizableImpl implemen
//--------------------------------------------------------------------------
@Nonnull
Tree getTree() {
- Tree tree = getUserProvider().getAuthorizable(id);
- if (tree == null) {
- throw new IllegalStateException("Authorizable not associated with an existing tree");
- }
- return tree;
+ return userManager.getAuthorizableTree(id);
}
+ @Nonnull
String getPrincipalName(Tree thisTree) throws RepositoryException {
- String principalName;
if (thisTree.hasProperty(REP_PRINCIPAL_NAME)) {
return thisTree.getProperty(REP_PRINCIPAL_NAME).getValue(STRING);
} else {
@@ -244,6 +195,7 @@ abstract class AuthorizableImpl implemen
}
}
+ @CheckForNull
String getJcrName(String oakName) {
return userManager.getNamePathMapper().getJcrName(oakName);
}
@@ -257,14 +209,6 @@ abstract class AuthorizableImpl implemen
}
/**
- * @return The user provider associated with this authorizable
- */
- @Nonnull
- UserProvider getUserProvider() {
- return userManager.getUserProvider();
- }
-
- /**
* @return The membership provider associated with this authorizable
*/
@Nonnull
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java?rev=1400020&r1=1400019&r2=1400020&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableIterator.java Fri Oct 19 10:05:28 2012
@@ -57,7 +57,7 @@ class AuthorizableIterator implements It
return new AuthorizableIterator(Iterators.filter(it, Predicates.<Object>notNull()), size);
}
- AuthorizableIterator(Iterator<Authorizable> authorizables, long size) {
+ private AuthorizableIterator(Iterator<Authorizable> authorizables, long size) {
this.authorizables = authorizables;
this.size = size;
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableProperties.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableProperties.java?rev=1400020&r1=1400019&r2=1400020&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableProperties.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableProperties.java Fri Oct 19 10:05:28 2012
@@ -23,7 +23,7 @@ import javax.jcr.Value;
/**
* AuthorizableProperty... TODO
*/
-public interface AuthorizableProperties {
+interface AuthorizableProperties {
Iterator<String> getNames(String relPath) throws RepositoryException;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java?rev=1400020&r1=1400019&r2=1400020&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java Fri Oct 19 10:05:28 2012
@@ -50,6 +50,7 @@ class GroupImpl extends AuthorizableImpl
super(id, tree, userManager);
}
+ //---------------------------------------------------< AuthorizableImpl >---
@Override
void checkValidTree(Tree tree) throws RepositoryException {
if (tree == null || !UserUtility.isType(tree, AuthorizableType.GROUP)) {
@@ -58,17 +59,11 @@ class GroupImpl extends AuthorizableImpl
}
//-------------------------------------------------------< Authorizable >---
- /**
- * @see org.apache.jackrabbit.api.security.user.Authorizable#isGroup()
- */
@Override
public boolean isGroup() {
return true;
}
- /**
- * @see org.apache.jackrabbit.api.security.user.Authorizable#getPrincipal()
- */
@Override
public Principal getPrincipal() throws RepositoryException {
Tree groupTree = getTree();
@@ -76,41 +71,26 @@ class GroupImpl extends AuthorizableImpl
}
//--------------------------------------------------------------< Group >---
- /**
- * @see org.apache.jackrabbit.api.security.user.Group#getDeclaredMembers()
- */
@Override
public Iterator<Authorizable> getDeclaredMembers() throws RepositoryException {
return getMembers(false);
}
- /**
- * @see org.apache.jackrabbit.api.security.user.Group#getMembers()
- */
@Override
public Iterator<Authorizable> getMembers() throws RepositoryException {
return getMembers(true);
}
- /**
- * @see org.apache.jackrabbit.api.security.user.Group#isDeclaredMember(org.apache.jackrabbit.api.security.user.Authorizable)
- */
@Override
public boolean isDeclaredMember(Authorizable authorizable) throws RepositoryException {
return isMember(authorizable, false);
}
- /**
- * @see org.apache.jackrabbit.api.security.user.Group#isMember(org.apache.jackrabbit.api.security.user.Authorizable)
- */
@Override
public boolean isMember(Authorizable authorizable) throws RepositoryException {
return isMember(authorizable, true);
}
- /**
- * @see org.apache.jackrabbit.api.security.user.Group#addMember(org.apache.jackrabbit.api.security.user.Authorizable)
- */
@Override
public boolean addMember(Authorizable authorizable) throws RepositoryException {
if (!isValidAuthorizableImpl(authorizable)) {
@@ -144,9 +124,6 @@ class GroupImpl extends AuthorizableImpl
return getMembershipProvider().addMember(getTree(), authorizableImpl.getTree());
}
- /**
- * @see org.apache.jackrabbit.api.security.user.Group#removeMember(org.apache.jackrabbit.api.security.user.Authorizable)
- */
@Override
public boolean removeMember(Authorizable authorizable) throws RepositoryException {
if (!isValidAuthorizableImpl(authorizable)) {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/OakAuthorizableProperties.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/OakAuthorizableProperties.java?rev=1400020&r1=1400019&r2=1400020&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/OakAuthorizableProperties.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/OakAuthorizableProperties.java Fri Oct 19 10:05:28 2012
@@ -28,6 +28,7 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.TreeLocation;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.plugins.name.NamespaceConstants;
import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.util.Text;
@@ -37,7 +38,7 @@ import org.slf4j.LoggerFactory;
/**
* OakAuthorizableProperty... TODO
*/
-public class OakAuthorizableProperties implements AuthorizableProperties {
+class OakAuthorizableProperties implements AuthorizableProperties {
/**
* logger instance
@@ -198,20 +199,10 @@ public class OakAuthorizableProperties i
}
private boolean isAuthorizableProperty(Tree authorizableTree, PropertyState property) throws RepositoryException {
-
- // TODO: check protection and declaring nt of the property
- return true;
-// PropertyDefinition def = prop.getDefinition();
-// if (def.isProtected()) {
-// return false;
-// } else if (node.isSame(prop.getParent())) {
-// NodeType declaringNt = prop.getDefinition().getDeclaringNodeType();
-// return declaringNt.isNodeType(getJcrName(NT_REP_AUTHORIZABLE));
-// } else {
-// // another non-protected property somewhere in the subtree of this
-// // authorizable node -> is a property that can be set using #setProperty.
-// return true;
-// }
+ // FIXME: add proper check for protection and declaring nt of the
+ // FIXME: property using nt functionality provided by nt-plugins
+ String prefix = Text.getNamespacePrefix(property.getName());
+ return NamespaceConstants.RESERVED_PREFIXES.contains(prefix);
}
/**
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java?rev=1400020&r1=1400019&r2=1400020&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImpl.java Fri Oct 19 10:05:28 2012
@@ -32,8 +32,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
import org.apache.jackrabbit.oak.spi.security.user.util.UserUtility;
import org.apache.jackrabbit.oak.util.NodeUtil;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import static org.apache.jackrabbit.oak.api.Type.STRING;
@@ -42,11 +40,6 @@ import static org.apache.jackrabbit.oak.
*/
class UserImpl extends AuthorizableImpl implements User {
- /**
- * logger instance
- */
- private static final Logger log = LoggerFactory.getLogger(UserImpl.class);
-
private final boolean isAdmin;
UserImpl(String id, Tree tree, UserManagerImpl userManager) throws RepositoryException {
@@ -55,6 +48,8 @@ class UserImpl extends AuthorizableImpl
isAdmin = UserUtility.getAdminId(userManager.getConfig()).equals(id);
}
+ //---------------------------------------------------< AuthorizableImpl >---
+ @Override
void checkValidTree(Tree tree) throws RepositoryException {
if (tree == null || !UserUtility.isType(tree, AuthorizableType.USER)) {
throw new IllegalArgumentException("Invalid user node: node type rep:User expected.");
@@ -62,17 +57,11 @@ class UserImpl extends AuthorizableImpl
}
//-------------------------------------------------------< Authorizable >---
- /**
- * @see org.apache.jackrabbit.api.security.user.Authorizable#isGroup()
- */
@Override
public boolean isGroup() {
return false;
}
- /**
- * @see org.apache.jackrabbit.api.security.user.Authorizable#getPrincipal()
- */
@Override
public Principal getPrincipal() throws RepositoryException {
Tree userTree = getTree();
@@ -85,35 +74,21 @@ class UserImpl extends AuthorizableImpl
}
//---------------------------------------------------------------< User >---
- /**
- * @see org.apache.jackrabbit.api.security.user.User#isAdmin()
- */
@Override
public boolean isAdmin() {
return isAdmin;
}
- /**
- * Always throws {@code UnsupportedRepositoryOperationException}
- *
- * @see org.apache.jackrabbit.api.security.user.User#getCredentials()
- */
@Override
public Credentials getCredentials() {
return new CredentialsImpl(getID(), getPasswordHash());
}
- /**
- * @see org.apache.jackrabbit.api.security.user.User#getImpersonation()
- */
@Override
public Impersonation getImpersonation() throws RepositoryException {
return new ImpersonationImpl(this);
}
- /**
- * @see org.apache.jackrabbit.api.security.user.User#changePassword(String)
- */
@Override
public void changePassword(String password) throws RepositoryException {
if (password == null) {
@@ -124,9 +99,6 @@ class UserImpl extends AuthorizableImpl
userManager.setPassword(getTree(), password, true);
}
- /**
- * @see org.apache.jackrabbit.api.security.user.User#changePassword(String, String)
- */
@Override
public void changePassword(String password, String oldPassword) throws RepositoryException {
// make sure the old password matches.
@@ -137,9 +109,6 @@ class UserImpl extends AuthorizableImpl
changePassword(password);
}
- /**
- * @see org.apache.jackrabbit.api.security.user.User#disable(String)
- */
@Override
public void disable(String reason) throws RepositoryException {
if (isAdmin) {
@@ -156,17 +125,11 @@ class UserImpl extends AuthorizableImpl
}
}
- /**
- * @see org.apache.jackrabbit.api.security.user.User#isDisabled()
- */
@Override
public boolean isDisabled() throws RepositoryException {
return getTree().hasProperty(REP_DISABLED);
}
- /**
- * @see org.apache.jackrabbit.api.security.user.User#getDisabledReason()
- */
@Override
public String getDisabledReason() throws RepositoryException {
PropertyState disabled = getTree().getProperty(REP_DISABLED);
@@ -177,7 +140,7 @@ class UserImpl extends AuthorizableImpl
}
}
- //--------------------------------------------------------------------------
+ //------------------------------------------------------------< private >---
@CheckForNull
private String getPasswordHash() {
NodeUtil n = new NodeUtil(getTree());
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?rev=1400020&r1=1400019&r2=1400020&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java Fri Oct 19 10:05:28 2012
@@ -21,6 +21,7 @@ import java.security.NoSuchAlgorithmExce
import java.security.Principal;
import java.util.Iterator;
import javax.annotation.CheckForNull;
+import javax.annotation.Nonnull;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
@@ -35,8 +36,6 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.security.user.query.XPathQueryBuilder;
-import org.apache.jackrabbit.oak.security.user.query.XPathQueryEvaluator;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
@@ -69,6 +68,8 @@ public class UserManagerImpl implements
private final ConfigurationParameters config;
private final AuthorizableAction[] authorizableActions;
+ private UserQueryManager queryManager;
+
public UserManagerImpl(Session session, Root root, NamePathMapper namePathMapper,
SecurityProvider securityProvider) {
this.session = session;
@@ -84,32 +85,23 @@ public class UserManagerImpl implements
}
//--------------------------------------------------------< UserManager >---
- /**
- * @see UserManager#getAuthorizable(String)
- */
@Override
public Authorizable getAuthorizable(String id) throws RepositoryException {
checkIsLive();
Authorizable authorizable = null;
- Tree tree = getUserProvider().getAuthorizable(id);
+ Tree tree = userProvider.getAuthorizable(id);
if (tree != null) {
authorizable = getAuthorizable(id, tree);
}
return authorizable;
}
- /**
- * @see UserManager#getAuthorizable(Principal)
- */
@Override
public Authorizable getAuthorizable(Principal principal) throws RepositoryException {
checkIsLive();
- return getAuthorizable(getUserProvider().getAuthorizableByPrincipal(principal));
+ return getAuthorizable(userProvider.getAuthorizableByPrincipal(principal));
}
- /**
- * @see UserManager#getAuthorizableByPath(String)
- */
@Override
public Authorizable getAuthorizableByPath(String path) throws RepositoryException {
checkIsLive();
@@ -117,7 +109,7 @@ public class UserManagerImpl implements
if (oakPath == null) {
throw new RepositoryException("Invalid path " + path);
}
- return getAuthorizable(getUserProvider().getAuthorizableByPath(oakPath));
+ return getAuthorizable(userProvider.getAuthorizableByPath(oakPath));
}
@Override
@@ -128,24 +120,13 @@ public class UserManagerImpl implements
@Override
public Iterator<Authorizable> findAuthorizables(String relPath, String value, int searchType) throws RepositoryException {
checkIsLive();
- String[] oakPaths = new String[] {namePathMapper.getOakPath(relPath)};
- AuthorizableType authorizableType = getAuthorizableType(searchType);
- Iterator<Tree> result = userProvider.findAuthorizables(oakPaths, value, null, true, Long.MAX_VALUE, authorizableType);
-
- return AuthorizableIterator.create(result, this);
+ return getQueryManager().findAuthorizables(relPath, value, AuthorizableType.getType(searchType));
}
@Override
public Iterator<Authorizable> findAuthorizables(Query query) throws RepositoryException {
checkIsLive();
- if (session != null) {
- XPathQueryBuilder builder = new XPathQueryBuilder();
- query.build(builder);
- return new XPathQueryEvaluator(builder, this, session.getWorkspace().getQueryManager(), namePathMapper).eval();
- } else {
- // TODO: implement
- throw new UnsupportedOperationException("not implemented");
- }
+ return getQueryManager().find(query);
}
@Override
@@ -211,7 +192,7 @@ public class UserManagerImpl implements
if (intermediatePath != null) {
intermediatePath = namePathMapper.getOakPath(intermediatePath);
}
- Tree groupTree = getUserProvider().createGroup(groupID, intermediatePath);
+ Tree groupTree = userProvider.createGroup(groupID, intermediatePath);
setPrincipal(groupTree, principal);
Group group = new GroupImpl(groupID, groupTree, this);
@@ -256,9 +237,12 @@ public class UserManagerImpl implements
* @throws RepositoryException If an exception occurs.
*/
void onCreate(User user, String password) throws RepositoryException {
- // TODO
for (AuthorizableAction action : authorizableActions) {
- action.onCreate(user, password, session);
+ if (session != null) {
+ action.onCreate(user, password, session);
+ } else {
+ action.onCreate(user, password, root);
+ }
}
}
@@ -271,9 +255,12 @@ public class UserManagerImpl implements
* @throws RepositoryException If an exception occurs.
*/
void onCreate(Group group) throws RepositoryException {
- // TODO
for (AuthorizableAction action : authorizableActions) {
- action.onCreate(group, session);
+ if (session != null) {
+ action.onCreate(group, session);
+ } else {
+ action.onCreate(group, root);
+ }
}
}
@@ -286,9 +273,12 @@ public class UserManagerImpl implements
* @throws RepositoryException If an exception occurs.
*/
void onRemove(Authorizable authorizable) throws RepositoryException {
- // TODO
for (AuthorizableAction action : authorizableActions) {
- action.onRemove(authorizable, session);
+ if (session != null) {
+ action.onRemove(authorizable, session);
+ } else {
+ action.onRemove(authorizable, root);
+ }
}
}
@@ -302,9 +292,12 @@ public class UserManagerImpl implements
* @throws RepositoryException If an exception occurs.
*/
void onPasswordChange(User user, String password) throws RepositoryException {
- // TODO
for (AuthorizableAction action : authorizableActions) {
- action.onPasswordChange(user, password, session);
+ if (session != null) {
+ action.onPasswordChange(user, password, session);
+ } else {
+ action.onPasswordChange(user, password, root);
+ }
}
}
@@ -323,6 +316,24 @@ public class UserManagerImpl implements
return session.getNode(jcrPath);
}
+ @CheckForNull
+ Tree getAuthorizableTree(String id) {
+ Tree tree = userProvider.getAuthorizable(id);
+ if (tree == null) {
+ throw new IllegalStateException("Authorizable not associated with an existing tree");
+ }
+ return tree;
+ }
+
+ @CheckForNull
+ Authorizable getAuthorizable(Tree tree) throws RepositoryException {
+ if (tree == null) {
+ return null;
+ }
+ return getAuthorizable(userProvider.getAuthorizableId(tree), tree);
+ }
+
+ @Nonnull
AuthorizableProperties getAuthorizableProperties(String id) throws RepositoryException {
if (session != null) {
return new JcrAuthorizableProperties(getAuthorizableNode(id), namePathMapper);
@@ -331,35 +342,27 @@ public class UserManagerImpl implements
}
}
+ @Nonnull
NamePathMapper getNamePathMapper() {
return namePathMapper;
}
- UserProvider getUserProvider() {
- return userProvider;
- }
-
+ @Nonnull
MembershipProvider getMembershipProvider() {
return membershipProvider;
}
+ @Nonnull
PrincipalProvider getPrincipalProvider() throws RepositoryException {
return securityProvider.getPrincipalConfiguration().getPrincipalProvider(root, namePathMapper);
}
+ @Nonnull
ConfigurationParameters getConfig() {
return config;
}
@CheckForNull
- Authorizable getAuthorizable(Tree tree) throws RepositoryException {
- if (tree == null) {
- return null;
- }
- return getAuthorizable(userProvider.getAuthorizableId(tree), tree);
- }
-
- @CheckForNull
private Authorizable getAuthorizable(String id, Tree tree) throws RepositoryException {
if (id == null || tree == null) {
return null;
@@ -390,6 +393,11 @@ public class UserManagerImpl implements
}
}
+ private void setPrincipal(Tree authorizableTree, Principal principal) {
+ checkNotNull(principal);
+ authorizableTree.setProperty(UserConstants.REP_PRINCIPAL_NAME, principal.getName());
+ }
+
void setPassword(Tree userTree, String password, boolean forceHash) throws RepositoryException {
String pwHash;
if (forceHash || PasswordUtility.isPlainTextPassword(password)) {
@@ -406,27 +414,16 @@ public class UserManagerImpl implements
userTree.setProperty(UserConstants.REP_PASSWORD, pwHash);
}
- private void setPrincipal(Tree authorizableTree, Principal principal) {
- checkNotNull(principal);
- authorizableTree.setProperty(UserConstants.REP_PRINCIPAL_NAME, principal.getName());
- }
-
private void checkIsLive() throws RepositoryException {
if (session != null && !session.isLive()) {
throw new RepositoryException("UserManager has been closed.");
}
}
- private static AuthorizableType getAuthorizableType(int searchType) {
- switch (searchType) {
- case UserManager.SEARCH_TYPE_USER:
- return AuthorizableType.USER;
- case UserManager.SEARCH_TYPE_GROUP:
- return AuthorizableType.GROUP;
- case UserManager.SEARCH_TYPE_AUTHORIZABLE:
- return AuthorizableType.AUTHORIZABLE;
- default:
- throw new IllegalArgumentException("Invalid search type " + searchType);
+ private UserQueryManager getQueryManager() throws RepositoryException {
+ if (queryManager == null) {
+ queryManager = new UserQueryManager(this, session, root);
}
+ return queryManager;
}
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java?rev=1400020&r1=1400019&r2=1400020&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java Fri Oct 19 10:05:28 2012
@@ -136,10 +136,6 @@ import static org.apache.jackrabbit.oak.
* TODO
* <h3>By Principal Name</h3>
* TODO
- *
- * <h3>Search for authorizables</h3>
- *
- * TODO
*/
class UserProvider extends AuthorizableBaseProvider {
@@ -230,37 +226,6 @@ class UserProvider extends AuthorizableB
return null;
}
- /**
- * Find the authorizable trees matching the following search parameters within
- * the sub-tree defined by an authorizable tree:
- *
- * @param propertyRelPaths An array of property names or relative paths
- * pointing to properties within the tree defined by a given authorizable node.
- * @param value The property value to look for.
- * @param ntNames An array of node type names to restrict the search within
- * the authorizable tree to a subset of nodes that match any of the node
- * type names; {@code null} indicates that no filtering by node type is
- * desired. Specifying a node type name that defines an authorizable node
- * )e.g. {@link UserConstants#NT_REP_USER rep:User} will limit the search to
- * properties defined with the authorizable node itself instead of searching
- * the complete sub-tree.
- * @param exact A boolean flag indicating if the value must match exactly or not.s
- * @param maxSize The maximal number of search results to look for.
- * @param authorizableType Filter the search results to only return authorizable
- * trees of a given type. Passing {@link AuthorizableType#AUTHORIZABLE} indicates that
- * no filtering for a specific authorizable type is desired. However, properties
- * might still be search in the complete sub-tree of authorizables depending
- * on the other query parameters.
- * @return An iterator of authorizable trees that match the specified
- * search parameters and filters or an empty iterator if no result can be
- * found.
- */
- @Nonnull
- public Iterator<Tree> findAuthorizables(String[] propertyRelPaths, String value, String[] ntNames, boolean exact, long maxSize, AuthorizableType authorizableType) {
- // TODO
- throw new UnsupportedOperationException("not yet implemented");
- }
-
//------------------------------------------------------------< private >---
private Tree createAuthorizableNode(String authorizableId, boolean isGroup, String intermediatePath) throws RepositoryException {
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserQueryManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserQueryManager.java?rev=1400020&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserQueryManager.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserQueryManager.java Fri Oct 19 10:05:28 2012
@@ -0,0 +1,106 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.user;
+
+import java.util.Iterator;
+import javax.annotation.Nonnull;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.query.QueryManager;
+
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Query;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.security.user.query.XPathQueryBuilder;
+import org.apache.jackrabbit.oak.security.user.query.XPathQueryEvaluator;
+import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * UserQueryManager... TODO
+ */
+class UserQueryManager {
+
+ /**
+ * logger instance
+ */
+ private static final Logger log = LoggerFactory.getLogger(UserQueryManager.class);
+
+ private final UserManagerImpl userManager;
+ private final Root root;
+ private final QueryManager queryManager;
+
+ // TODO: replace usage of jcr-query-manager by oak query manager and drop session from constructor.
+ UserQueryManager(UserManagerImpl userManager, Session session, Root root) throws RepositoryException {
+ this.userManager = userManager;
+ this.root = root;
+ this.queryManager = (session != null) ? session.getWorkspace().getQueryManager() : null;
+ }
+
+ Iterator<Authorizable> find(Query query) throws RepositoryException {
+ // TODO: create query builder depending query-language configured with user-mgt configuration.
+ if (queryManager != null) {
+ XPathQueryBuilder builder = new XPathQueryBuilder();
+ query.build(builder);
+ return new XPathQueryEvaluator(builder, userManager, queryManager, userManager.getNamePathMapper()).eval();
+ } else {
+ // TODO: implement
+ throw new UnsupportedOperationException("not implemented");
+ }
+ }
+
+ @Nonnull
+ Iterator<Authorizable> findAuthorizables(String relativePath, String value, AuthorizableType authorizableType) {
+ String[] oakPaths = new String[] {userManager.getNamePathMapper().getOakPath(relativePath)};
+ return findAuthorizables(oakPaths, value, null, true, Long.MAX_VALUE, authorizableType);
+ }
+
+ /**
+ * Find the authorizable trees matching the following search parameters within
+ * the sub-tree defined by an authorizable tree:
+ *
+ * @param propertyRelPaths An array of property names or relative paths
+ * pointing to properties within the tree defined by a given authorizable node.
+ * @param value The property value to look for.
+ * @param ntNames An array of node type names to restrict the search within
+ * the authorizable tree to a subset of nodes that match any of the node
+ * type names; {@code null} indicates that no filtering by node type is
+ * desired. Specifying a node type name that defines an authorizable node
+ * )e.g. {@link org.apache.jackrabbit.oak.spi.security.user.UserConstants#NT_REP_USER rep:User} will limit the search to
+ * properties defined with the authorizable node itself instead of searching
+ * the complete sub-tree.
+ * @param exact A boolean flag indicating if the value must match exactly or not.s
+ * @param maxSize The maximal number of search results to look for.
+ * @param authorizableType Filter the search results to only return authorizable
+ * trees of a given type. Passing {@link org.apache.jackrabbit.oak.spi.security.user.AuthorizableType#AUTHORIZABLE} indicates that
+ * no filtering for a specific authorizable type is desired. However, properties
+ * might still be search in the complete sub-tree of authorizables depending
+ * on the other query parameters.
+ * @return An iterator of authorizable trees that match the specified
+ * search parameters and filters or an empty iterator if no result can be
+ * found.
+ */
+ @Nonnull
+ Iterator<Authorizable> findAuthorizables(String[] propertyRelPaths, String value, String[] ntNames, boolean exact, long maxSize, AuthorizableType authorizableType) {
+ // TODO
+ throw new UnsupportedOperationException("not yet implemented");
+
+ //return AuthorizableIterator.create(result, this);
+
+ }
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java?rev=1400020&r1=1400019&r2=1400020&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/query/XPathQueryEvaluator.java Fri Oct 19 10:05:28 2012
@@ -44,6 +44,8 @@ import org.slf4j.LoggerFactory;
/**
* This evaluator for {@link org.apache.jackrabbit.api.security.user.Query}s use XPath
* and some minimal client side filtering.
+ *
+ * FIXME: replace usage of jcr-query manager by oak-api SessionQueryEngine.
*/
public class XPathQueryEvaluator implements ConditionVisitor {
static final Logger log = LoggerFactory.getLogger(XPathQueryEvaluator.class);
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/AuthorizableType.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/AuthorizableType.java?rev=1400020&r1=1400019&r2=1400020&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/AuthorizableType.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/AuthorizableType.java Fri Oct 19 10:05:28 2012
@@ -32,8 +32,21 @@ public enum AuthorizableType {
private final int userType;
- private AuthorizableType(int userType) {
- this.userType = userType;
+ private AuthorizableType(int jcrUserType) {
+ this.userType = jcrUserType;
+ }
+
+ public static AuthorizableType getType(int jcrUserType) {
+ switch (jcrUserType) {
+ case UserManager.SEARCH_TYPE_AUTHORIZABLE:
+ return AUTHORIZABLE;
+ case UserManager.SEARCH_TYPE_GROUP:
+ return GROUP;
+ case UserManager.SEARCH_TYPE_USER:
+ return USER;
+ default:
+ throw new IllegalArgumentException("Invalid authorizable type "+jcrUserType);
+ }
}
public boolean isType(Authorizable authorizable) {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java?rev=1400020&r1=1400019&r2=1400020&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractAuthorizableAction.java Fri Oct 19 10:05:28 2012
@@ -22,6 +22,7 @@ import javax.jcr.Session;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.oak.api.Root;
/**
* Abstract implementation of the {@code AuthorizableAction} interface that
@@ -35,6 +36,7 @@ public abstract class AbstractAuthorizab
*
* @see AuthorizableAction#onCreate(org.apache.jackrabbit.api.security.user.Group, javax.jcr.Session)
*/
+ @Override
public void onCreate(Group group, Session session) throws RepositoryException {
// nothing to do
@@ -43,8 +45,19 @@ public abstract class AbstractAuthorizab
/**
* Doesn't perform any action.
*
+ * @see AuthorizableAction#onCreate(org.apache.jackrabbit.api.security.user.Group, Root)
+ */
+ @Override
+ public void onCreate(Group group, Root root) throws RepositoryException {
+ // nothing to do
+ }
+
+ /**
+ * Doesn't perform any action.
+ *
* @see AuthorizableAction#onCreate(org.apache.jackrabbit.api.security.user.User, String, javax.jcr.Session)
*/
+ @Override
public void onCreate(User user, String password, Session session) throws RepositoryException {
// nothing to do
}
@@ -52,8 +65,19 @@ public abstract class AbstractAuthorizab
/**
* Doesn't perform any action.
*
+ * @see AuthorizableAction#onCreate(org.apache.jackrabbit.api.security.user.User, String, Root)
+ */
+ @Override
+ public void onCreate(User user, String password, Root root) throws RepositoryException {
+ // nothing to do
+ }
+
+ /**
+ * Doesn't perform any action.
+ *
* @see AuthorizableAction#onRemove(org.apache.jackrabbit.api.security.user.Authorizable, javax.jcr.Session)
*/
+ @Override
public void onRemove(Authorizable authorizable, Session session) throws RepositoryException {
// nothing to do
}
@@ -61,9 +85,30 @@ public abstract class AbstractAuthorizab
/**
* Doesn't perform any action.
*
+ * @see AuthorizableAction#onRemove(org.apache.jackrabbit.api.security.user.Authorizable, Root)
+ */
+ @Override
+ public void onRemove(Authorizable authorizable, Root root) throws RepositoryException {
+ // nothing to do
+ }
+
+ /**
+ * Doesn't perform any action.
+ *
* @see AuthorizableAction#onPasswordChange(org.apache.jackrabbit.api.security.user.User, String, javax.jcr.Session)
*/
+ @Override
public void onPasswordChange(User user, String newPassword, Session session) throws RepositoryException {
// nothing to do
}
+
+ /**
+ * Doesn't perform any action.
+ *
+ * @see AuthorizableAction#onPasswordChange(org.apache.jackrabbit.api.security.user.User, String, Root)
+ */
+ @Override
+ public void onPasswordChange(User user, String newPassword, Root root) throws RepositoryException {
+ // nothing to do
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java?rev=1400020&r1=1400019&r2=1400020&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java Fri Oct 19 10:05:28 2012
@@ -31,6 +31,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -118,6 +119,16 @@ public class AccessControlAction extends
setAC(user, session);
}
+ @Override
+ public void onCreate(Group group, Root root) throws RepositoryException {
+ setAC(group, root);
+ }
+
+ @Override
+ public void onCreate(User user, String password, Root root) throws RepositoryException {
+ setAC(user, root);
+ }
+
//------------------------------------------------------< Configuration >---
/**
* Sets the privileges a new group will be granted on the group's home directory.
@@ -180,6 +191,11 @@ public class AccessControlAction extends
}
}
+ private void setAC(Authorizable authorizable, Root root) throws RepositoryException {
+ // TODO: add implementation
+ log.error("Not yet implemented");
+ }
+
/**
* Retrieve privileges for the specified privilege names.
*
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java?rev=1400020&r1=1400019&r2=1400020&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AuthorizableAction.java Fri Oct 19 10:05:28 2012
@@ -22,22 +22,24 @@ import javax.jcr.Session;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.oak.api.Root;
/**
* The {@code AuthorizableAction} interface provide an implementation
* specific way to execute additional validation or write tasks upon
*
* <ul>
- * <li>{@link #onCreate(org.apache.jackrabbit.api.security.user.User, String, javax.jcr.Session) User creation},</li>
- * <li>{@link #onCreate(org.apache.jackrabbit.api.security.user.Group, javax.jcr.Session) Group creation},</li>
- * <li>{@link #onRemove(org.apache.jackrabbit.api.security.user.Authorizable, javax.jcr.Session) Authorizable removal} and</li>
- * <li>{@link #onPasswordChange(org.apache.jackrabbit.api.security.user.User, String, javax.jcr.Session) User password modification}.</li>
+ * <li>{@link #onCreate User creation},</li>
+ * <li>{@link #onCreate Group creation},</li>
+ * <li>{@link #onRemove Authorizable removal} and</li>
+ * <li>{@link #onPasswordChange User password modification}.</li>
* </ul>
*
* @see org.apache.jackrabbit.oak.spi.security.ConfigurationParameters
*/
public interface AuthorizableAction {
+ // TODO: review (rather split into OAK and JCR level interface?)
/**
* Allows to add application specific modifications or validation associated
* with the creation of a new group. Note, that this method is called
@@ -52,6 +54,18 @@ public interface AuthorizableAction {
/**
* Allows to add application specific modifications or validation associated
+ * with the creation of a new group. Note, that this method is called
+ * <strong>before</strong> any {@code Session.save} call.
+ *
+ * @param group The new group that has not yet been persisted;
+ * e.g. the associated node is still 'NEW'.
+ * @param root The root associated with the user manager.
+ * @throws javax.jcr.RepositoryException If an error occurs.
+ */
+ void onCreate(Group group, Root root) throws RepositoryException;
+
+ /**
+ * Allows to add application specific modifications or validation associated
* with the creation of a new user. Note, that this method is called
* <strong>before</strong> any {@code Session.save} call.
*
@@ -64,6 +78,19 @@ public interface AuthorizableAction {
void onCreate(User user, String password, Session session) throws RepositoryException;
/**
+ * Allows to add application specific modifications or validation associated
+ * with the creation of a new user. Note, that this method is called
+ * <strong>before</strong> any {@code Session.save} call.
+ *
+ * @param user The new user that has not yet been persisted;
+ * e.g. the associated node is still 'NEW'.
+ * @param password The password that was specified upon user creation.
+ * @param root The root associated with the user manager.
+ * @throws RepositoryException If an error occurs.
+ */
+ void onCreate(User user, String password, Root root) throws RepositoryException;
+
+ /**
* Allows to add application specific behavior associated with the removal
* of an authorizable. Note, that this method is called <strong>before</strong>
* {@link org.apache.jackrabbit.api.security.user.Authorizable#remove} is executed (and persisted); thus the
@@ -76,6 +103,18 @@ public interface AuthorizableAction {
void onRemove(Authorizable authorizable, Session session) throws RepositoryException;
/**
+ * Allows to add application specific behavior associated with the removal
+ * of an authorizable. Note, that this method is called <strong>before</strong>
+ * {@link org.apache.jackrabbit.api.security.user.Authorizable#remove} is executed (and persisted); thus the
+ * target authorizable still exists.
+ *
+ * @param authorizable The authorizable to be removed.
+ * @param root The root associated with the user manager.
+ * @throws RepositoryException If an error occurs.
+ */
+ void onRemove(Authorizable authorizable, Root root) throws RepositoryException;
+
+ /**
* Allows to add application specific action or validation associated with
* changing a user password. Note, that this method is called <strong>before</strong>
* the password property is being modified in the content.
@@ -86,4 +125,16 @@ public interface AuthorizableAction {
* @throws RepositoryException If an exception or error occurs.
*/
void onPasswordChange(User user, String newPassword, Session session) throws RepositoryException;
+
+ /**
+ * Allows to add application specific action or validation associated with
+ * changing a user password. Note, that this method is called <strong>before</strong>
+ * the password property is being modified in the content.
+ *
+ * @param user The user that whose password is going to change.
+ * @param newPassword The new password as specified in {@link User#changePassword}
+ * @param root The root associated with the user manager.
+ * @throws RepositoryException If an exception or error occurs.
+ */
+ void onPasswordChange(User user, String newPassword, Root root) throws RepositoryException;
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java?rev=1400020&r1=1400019&r2=1400020&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/ClearMembershipAction.java Fri Oct 19 10:05:28 2012
@@ -22,6 +22,7 @@ import javax.jcr.Session;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.oak.api.Root;
/**
* Authorizable action attempting to clear all group membership before removing
@@ -37,6 +38,16 @@ public class ClearMembershipAction exten
*/
@Override
public void onRemove(Authorizable authorizable, Session session) throws RepositoryException {
+ clearMembership(authorizable);
+ }
+
+ @Override
+ public void onRemove(Authorizable authorizable, Root root) throws RepositoryException {
+ clearMembership(authorizable);
+ }
+
+ //--------------------------------------------------------------------------
+ private static void clearMembership(Authorizable authorizable) throws RepositoryException {
Iterator<Group> membership = authorizable.declaredMemberOf();
while (membership.hasNext()) {
membership.next().removeMember(authorizable);
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java?rev=1400020&r1=1400019&r2=1400020&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationAction.java Fri Oct 19 10:05:28 2012
@@ -23,6 +23,7 @@ import javax.jcr.Session;
import javax.jcr.nodetype.ConstraintViolationException;
import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtility;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -60,10 +61,20 @@ public class PasswordValidationAction ex
}
@Override
+ public void onCreate(User user, String password, Root root) throws RepositoryException {
+ validatePassword(password);
+ }
+
+ @Override
public void onPasswordChange(User user, String newPassword, Session session) throws RepositoryException {
validatePassword(newPassword);
}
+ @Override
+ public void onPasswordChange(User user, String newPassword, Root root) throws RepositoryException {
+ validatePassword(newPassword);
+ }
+
//------------------------------------------------------< Configuration >---
/**
* Set the password constraint.