You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2009/12/02 11:34:37 UTC
svn commit: r886107 - in /jackrabbit/trunk/jackrabbit-core/src:
main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java
test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java
Author: angela
Date: Wed Dec 2 10:34:34 2009
New Revision: 886107
URL: http://svn.apache.org/viewvc?rev=886107&view=rev
Log:
JCR-2419 WorkspaceAccessManager defined with SecurityManager that keeps users per workspace must test if user exists
Modified:
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java?rev=886107&r1=886106&r2=886107&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java Wed Dec 2 10:34:34 2009
@@ -28,8 +28,6 @@
import org.apache.jackrabbit.core.security.simple.SimpleWorkspaceAccessManager;
import org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager;
import org.apache.jackrabbit.core.security.user.UserManagerImpl;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import javax.jcr.Credentials;
import javax.jcr.Repository;
@@ -37,6 +35,7 @@
import javax.jcr.Session;
import javax.security.auth.Subject;
import java.security.Principal;
+import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
@@ -63,11 +62,6 @@
*/
public class UserPerWorkspaceSecurityManager extends DefaultSecurityManager {
- /**
- * the default logger
- */
- private static final Logger log = LoggerFactory.getLogger(UserPerWorkspaceSecurityManager.class);
-
private final Map<String, PrincipalProviderRegistry> ppRegistries = new HashMap<String, PrincipalProviderRegistry>();
/**
@@ -304,14 +298,47 @@
}
}
- private final class WorkspaceAccessManagerImpl extends SimpleWorkspaceAccessManager {
- @Override
+ private final class WorkspaceAccessManagerImpl implements WorkspaceAccessManager {
+ /**
+ * Does nothing.
+ * @see WorkspaceAccessManager#init(javax.jcr.Session)
+ */
+ public void init(Session systemSession) throws RepositoryException {
+ // nothing to do.
+ }
+
+ /**
+ * Does nothing.
+ * @see org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager#close()
+ */
+ public void close() throws RepositoryException {
+ // nothing to do.
+ }
+
+ /**
+ * Returns <code>true</code> if a workspace with the given
+ * <code>workspaceName</code> exists and if that workspace defines a
+ * user that matches any of the given <code>principals</code>;
+ * <code>false</code> otherwise.
+ *
+ * @see WorkspaceAccessManager#grants(java.util.Set, String)
+ */
public boolean grants(Set<Principal> principals, String workspaceName) throws RepositoryException {
if (!(Arrays.asList(((RepositoryImpl) getRepository()).getWorkspaceNames())).contains(workspaceName)) {
return false;
} else {
- return super.grants(principals, workspaceName);
+ UserManager umgr = UserPerWorkspaceSecurityManager.this.getSystemUserManager(workspaceName);
+ for (Principal principal : principals) {
+ if (!(principal instanceof Group)) {
+ // check if the workspace identified by the given workspace
+ // name contains a user with this principal
+ if (umgr.getAuthorizable(principal) != null) {
+ return true;
+ }
+ }
+ }
}
+ return false;
}
}
}
\ No newline at end of file
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java?rev=886107&r1=886106&r2=886107&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java Wed Dec 2 10:34:34 2009
@@ -18,36 +18,30 @@
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
+import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
-import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.core.security.JackrabbitSecurityManager;
import org.apache.jackrabbit.test.AbstractJCRTest;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.util.Text;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import javax.jcr.Item;
import javax.jcr.LoginException;
+import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.jcr.UnsupportedRepositoryOperationException;
-import javax.jcr.Node;
import javax.jcr.Value;
import java.security.Principal;
+import java.util.Arrays;
/**
* <code>SecurityManagerTest</code>...
*/
public class UserPerWorkspaceSecurityManagerTest extends AbstractJCRTest {
- /**
- * logger instance
- */
- private static final Logger log = LoggerFactory.getLogger(UserPerWorkspaceSecurityManagerTest.class);
-
private JackrabbitSecurityManager secMgr;
@Override
@@ -147,6 +141,37 @@
}
}
+ public void testAccessibleWorkspaceNames() throws Exception {
+ String altWsp = getAlternativeWorkspaceName();
+ if (altWsp == null) {
+ throw new NotExecutableException();
+ }
+
+ Session s = getHelper().getSuperuserSession(altWsp);
+ User u = null;
+ Session us = null;
+ try {
+ // other users created in the default workspace...
+ u = ((JackrabbitSession) superuser).getUserManager().createUser("testUser", "testUser");
+ superuser.save();
+
+ us = getHelper().getRepository().login(new SimpleCredentials("testUser", "testUser".toCharArray()));
+ String[] wspNames = us.getWorkspace().getAccessibleWorkspaceNames();
+ assertFalse(Arrays.asList(wspNames).contains(altWsp));
+
+ } finally {
+ s.logout();
+ if (us != null) {
+ us.logout();
+ }
+ if (u != null) {
+ u.remove();
+ superuser.save();
+ }
+ }
+
+ }
+
public void testCloneUser() throws Exception {
String altWsp = getAlternativeWorkspaceName();
if (altWsp == null) {