You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by ju...@apache.org on 2009/09/08 18:09:45 UTC
svn commit: r812570 [13/24] - in /jackrabbit/sandbox/JCR-1456: ./
jackrabbit-api/ jackrabbit-api/src/main/appended-resources/
jackrabbit-api/src/main/appended-resources/META-INF/
jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/ jackrabb...
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java Tue Sep 8 16:09:28 2009
@@ -16,9 +16,26 @@
*/
package org.apache.jackrabbit.core.security.user;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.PathNotFoundException;
+import javax.jcr.Property;
+import javax.jcr.PropertyIterator;
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.jcr.PropertyType;
+import javax.jcr.nodetype.ConstraintViolationException;
+import javax.jcr.nodetype.PropertyDefinition;
+
+import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
-import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
import org.apache.jackrabbit.api.security.user.Group;
@@ -27,28 +44,12 @@
import org.apache.jackrabbit.core.PropertyImpl;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.nodetype.NodeTypeImpl;
-import org.apache.jackrabbit.core.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.core.security.principal.PrincipalIteratorAdapter;
import org.apache.jackrabbit.spi.Name;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.jcr.PathNotFoundException;
-import javax.jcr.Property;
-import javax.jcr.PropertyIterator;
-import javax.jcr.RepositoryException;
-import javax.jcr.Value;
-import javax.jcr.ItemNotFoundException;
-import javax.jcr.nodetype.ConstraintViolationException;
-import javax.jcr.nodetype.PropertyDefinition;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.List;
-
/**
* AuthorizableImpl
*/
@@ -80,23 +81,16 @@
* @see Authorizable#getPrincipals()
*/
public PrincipalIterator getPrincipals() throws RepositoryException {
- Collection coll = new ArrayList();
+ Collection<Principal> coll = new ArrayList<Principal>();
// the first element is the main principal of this user.
coll.add(getPrincipal());
// in addition add all referees.
PrincipalManager prMgr = getSession().getPrincipalManager();
- for (Iterator it = getRefereeValues().iterator(); it.hasNext();) {
- String refName = ((Value) it.next()).getString();
- Principal princ = null;
- if (prMgr.hasPrincipal(refName)) {
- try {
- princ = prMgr.getPrincipal(refName);
- } catch (NoSuchPrincipalException e) {
- // should not get here
- }
- }
+ for (Object o : getRefereeValues()) {
+ String refName = ((Value) o).getString();
+ Principal princ = prMgr.getPrincipal(refName);
if (princ == null) {
- log.warn("Principal "+ refName +" unknown to PrincipalManager.");
+ log.warn("Principal " + refName + " unknown to PrincipalManager.");
princ = new PrincipalImpl(refName);
}
coll.add(princ);
@@ -111,7 +105,7 @@
String principalName = principal.getName();
Value princValue = getSession().getValueFactory().createValue(principalName);
- List refereeValues = getRefereeValues();
+ List<Value> refereeValues = getRefereeValues();
if (refereeValues.contains(princValue) || getPrincipal().getName().equals(principalName)) {
return false;
}
@@ -120,7 +114,7 @@
}
refereeValues.add(princValue);
- userManager.setProtectedProperty(node, P_REFEREES, (Value[]) refereeValues.toArray(new Value[refereeValues.size()]));
+ userManager.setProtectedProperty(node, P_REFEREES, refereeValues.toArray(new Value[refereeValues.size()]));
return true;
}
@@ -129,14 +123,14 @@
*/
public synchronized boolean removeReferee(Principal principal) throws RepositoryException {
Value princValue = getSession().getValueFactory().createValue(principal.getName());
- List existingValues = getRefereeValues();
+ List<Value> existingValues = getRefereeValues();
if (existingValues.remove(princValue)) {
PropertyImpl prop = node.getProperty(P_REFEREES);
if (existingValues.isEmpty()) {
userManager.removeProtectedItem(prop, node);
} else {
- userManager.setProtectedProperty(node, P_REFEREES, (Value[]) existingValues.toArray(new Value[existingValues.size()]));
+ userManager.setProtectedProperty(node, P_REFEREES, existingValues.toArray(new Value[existingValues.size()]));
}
return true;
}
@@ -148,8 +142,8 @@
/**
* @see Authorizable#declaredMemberOf()
*/
- public Iterator declaredMemberOf() throws RepositoryException {
- List memberShip = new ArrayList();
+ public Iterator<Group> declaredMemberOf() throws RepositoryException {
+ List<Group> memberShip = new ArrayList<Group>();
collectMembership(memberShip, false);
return memberShip.iterator();
}
@@ -157,8 +151,8 @@
/**
* @see Authorizable#memberOf()
*/
- public Iterator memberOf() throws RepositoryException {
- List memberShip = new ArrayList();
+ public Iterator<Group> memberOf() throws RepositoryException {
+ List<Group> memberShip = new ArrayList<Group>();
collectMembership(memberShip, true);
return memberShip.iterator();
}
@@ -166,8 +160,8 @@
/**
* @see Authorizable#getPropertyNames()
*/
- public Iterator getPropertyNames() throws RepositoryException {
- List l = new ArrayList();
+ public Iterator<String> getPropertyNames() throws RepositoryException {
+ List<String> l = new ArrayList<String>();
for (PropertyIterator it = node.getProperties(); it.hasNext();) {
Property prop = it.nextProperty();
if (isAuthorizableProperty(prop)) {
@@ -192,7 +186,7 @@
if (hasProperty(name)) {
Property prop = node.getProperty(name);
if (isAuthorizableProperty(prop)) {
- if (prop.getDefinition().isMultiple()) {
+ if (prop.isMultiple()) {
return prop.getValues();
} else {
return new Value[] {prop.getValue()};
@@ -256,7 +250,7 @@
if (node.hasProperty(name)) {
// 'node' is protected -> use setValue instead of Property.remove()
Property p = node.getProperty(name);
- if (p.getDefinition().isMultiple()) {
+ if (p.isMultiple()) {
p.setValue((Value[]) null);
} else {
p.setValue((Value) null);
@@ -315,11 +309,10 @@
values = new Value[1];
}
values[values.length - 1] = added;
- userManager.setProtectedProperty(node, P_GROUPS, values);
+ userManager.setProtectedProperty(node, P_GROUPS, values, PropertyType.WEAKREFERENCE);
return true;
} catch (RepositoryException e) {
// revert all pending changes and rethrow.
- log.warn("Error while editing group membership:", e.getMessage());
getSession().refresh(false);
throw e;
}
@@ -335,14 +328,14 @@
Value toRemove = getSession().getValueFactory().createValue(group.getNode(), true);
PropertyImpl property = node.getProperty(P_GROUPS);
- List valList = new ArrayList(Arrays.asList(property.getValues()));
+ List<Value> valList = new ArrayList<Value>(Arrays.asList(property.getValues()));
if (valList.remove(toRemove)) {
try {
if (valList.isEmpty()) {
userManager.removeProtectedItem(property, node);
} else {
- Value[] values = (Value[]) valList.toArray(new Value[valList.size()]);
- userManager.setProtectedProperty(node, P_GROUPS, values);
+ Value[] values = valList.toArray(new Value[valList.size()]);
+ userManager.setProtectedProperty(node, P_GROUPS, values, PropertyType.WEAKREFERENCE);
}
return true;
} catch (RepositoryException e) {
@@ -357,23 +350,23 @@
}
}
- private void collectMembership(List groups, boolean includedIndirect) throws RepositoryException {
+ private void collectMembership(List<Group> groups, boolean includedIndirect) throws RepositoryException {
NodeImpl node = getNode();
if (!node.hasProperty(P_GROUPS)) {
return;
}
Value[] refs = node.getProperty(P_GROUPS).getValues();
- for (int i = 0; i < refs.length; i++) {
+ for (Value ref : refs) {
try {
- NodeImpl groupNode = (NodeImpl) getSession().getNodeByUUID(refs[i].getString());
+ NodeImpl groupNode = (NodeImpl) getSession().getNodeByUUID(ref.getString());
Group group = GroupImpl.create(groupNode, userManager);
if (groups.add(group) && includedIndirect) {
((AuthorizableImpl) group).collectMembership(groups, true);
}
} catch (ItemNotFoundException e) {
// groupNode doesn't exist any more
- log.warn("Group node referenced by " + getID() + " doesn't exist -> Ignored from membership list.");
- // TODO: ev. clean up list of group memberships
+ log.warn("Group node referenced by " + getID() + " doesn't exist anymore -> Ignored from membership list.");
+ // TODO: possibly clean up list of group memberships
}
}
}
@@ -442,14 +435,12 @@
}
}
- private List getRefereeValues() throws RepositoryException {
- List principalNames = new ArrayList();
+ private List<Value> getRefereeValues() throws RepositoryException {
+ List<Value> principalNames = new ArrayList<Value>();
if (node.hasProperty(P_REFEREES)) {
try {
- Value[] refProp = node.getProperty(P_REFEREES).getValues();
- for (int i = 0; i < refProp.length; i++) {
- principalNames.add(refProp[i]);
- }
+ principalNames.addAll(Arrays.asList(
+ node.getProperty(P_REFEREES).getValues()));
} catch (PathNotFoundException e) {
// ignore. should never occur.
}
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/GroupImpl.java Tue Sep 8 16:09:28 2009
@@ -65,13 +65,15 @@
//-------------------------------------------------------< Authorizable >---
/**
* Returns the name of the node that defines this <code>Group</code>, that
- * has been used taking the principal name as hint.
+ * has been used taking the principal name as hint, unescaping any chars
+ * that have been escaped to circumvent incompatitibilities with JCR name
+ * limitations.
*
* @return name of the node that defines this <code>Group</code>.
* @see Authorizable#getID()
*/
public String getID() throws RepositoryException {
- return getNode().getName();
+ return Text.unescapeIllegalJcrChars(getNode().getName());
}
/**
@@ -95,14 +97,14 @@
/**
* @see Group#getDeclaredMembers()
*/
- public Iterator getDeclaredMembers() throws RepositoryException {
+ public Iterator<Authorizable> getDeclaredMembers() throws RepositoryException {
return getMembers(false).iterator();
}
/**
* @see Group#getMembers()
*/
- public Iterator getMembers() throws RepositoryException {
+ public Iterator<Authorizable> getMembers() throws RepositoryException {
return getMembers(true).iterator();
}
@@ -167,9 +169,9 @@
* @return A collection of members of this group.
* @throws RepositoryException If an error occurs while collecting the members.
*/
- private Collection getMembers(boolean includeIndirect) throws RepositoryException {
+ private Collection<Authorizable> getMembers(boolean includeIndirect) throws RepositoryException {
PropertyIterator itr = getNode().getWeakReferences(getSession().getJCRName(P_GROUPS));
- Collection members = new HashSet((int) itr.getSize());
+ Collection<Authorizable> members = new HashSet<Authorizable>((int) itr.getSize());
while (itr.hasNext()) {
NodeImpl n = (NodeImpl) itr.nextProperty().getParent();
if (n.isNodeType(NT_REP_GROUP)) {
@@ -264,7 +266,7 @@
*/
private class NodeBasedGroup extends NodeBasedPrincipal implements java.security.acl.Group {
- private Set members;
+ private Set<Principal> members;
private NodeBasedGroup(String name) {
super(name);
@@ -287,15 +289,14 @@
* @see java.security.acl.Group#isMember(Principal)
*/
public boolean isMember(Principal member) {
- Collection members = getMembers();
+ Collection<Principal> members = getMembers();
if (members.contains(member)) {
// shortcut.
return true;
}
// test if member of a member-group
- for (Iterator it = members.iterator(); it.hasNext();) {
- Principal p = (Principal) it.next();
+ for (Principal p : members) {
if (p instanceof java.security.acl.Group &&
((java.security.acl.Group) p).isMember(member)) {
return true;
@@ -320,7 +321,7 @@
*
* @see java.security.acl.Group#members()
*/
- public Enumeration members() {
+ public Enumeration<? extends Principal> members() {
return Collections.enumeration(getMembers());
}
@@ -338,9 +339,9 @@
}
//----------------------------------------------------------------------
- private Collection getMembers() {
+ private Collection<Principal> getMembers() {
if (members == null) {
- members = new HashSet();
+ members = new HashSet<Principal>();
try {
for (Iterator it = GroupImpl.this.getMembers(); it.hasNext();) {
Authorizable authrz = (Authorizable) it.next();
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java Tue Sep 8 16:09:28 2009
@@ -16,7 +16,14 @@
*/
package org.apache.jackrabbit.core.security.user;
-import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.security.auth.Subject;
+
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
@@ -31,14 +38,6 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.jcr.RepositoryException;
-import javax.jcr.Value;
-import javax.security.auth.Subject;
-import java.security.Principal;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-
/**
* ImpersonationImpl
*/
@@ -59,23 +58,15 @@
* @see Impersonation#getImpersonators()
*/
public PrincipalIterator getImpersonators() throws RepositoryException {
- Set impersonators = getImpersonatorNames();
+ Set<String> impersonators = getImpersonatorNames();
if (impersonators.isEmpty()) {
return PrincipalIteratorAdapter.EMPTY;
} else {
final PrincipalManager pMgr = user.getSession().getPrincipalManager();
- Set s = new HashSet();
- for (Iterator it = impersonators.iterator(); it.hasNext();) {
- String pName = it.next().toString();
- Principal p = null;
- if (pMgr.hasPrincipal(pName)) {
- try {
- p = pMgr.getPrincipal(pName);
- } catch (NoSuchPrincipalException e) {
- // should never get here.
- }
- }
+ Set<Principal> s = new HashSet<Principal>();
+ for (String pName: impersonators) {
+ Principal p = pMgr.getPrincipal(pName);
if (p == null) {
log.debug("Impersonator " + pName + " does not correspond to a known Principal.");
p = new PrincipalImpl(pName);
@@ -115,7 +106,7 @@
}
boolean granted = false;
- Set impersonators = getImpersonatorNames();
+ Set<String> impersonators = getImpersonatorNames();
if (impersonators.add(pName)) {
updateImpersonatorNames(impersonators);
granted = true;
@@ -135,7 +126,7 @@
boolean revoked = false;
String pName = principal.getName();
- Set impersonators = getImpersonatorNames();
+ Set<String> impersonators = getImpersonatorNames();
if (impersonators.remove(pName)) {
updateImpersonatorNames(impersonators);
revoked = true;
@@ -156,9 +147,9 @@
return true;
}
- Set principalNames = new HashSet();
- for (Iterator it = subject.getPrincipals().iterator(); it.hasNext();) {
- principalNames.add(((Principal) it.next()).getName());
+ Set<String> principalNames = new HashSet<String>();
+ for (Principal p: subject.getPrincipals()) {
+ principalNames.add(p.getName());
}
boolean allows = false;
@@ -174,21 +165,21 @@
//------------------------------------------------------------< private >---
- private Set getImpersonatorNames() throws RepositoryException {
- Set princNames = new HashSet();
+ private Set<String> getImpersonatorNames() throws RepositoryException {
+ Set<String> princNames = new HashSet<String>();
if (user.getNode().hasProperty(P_IMPERSONATORS)) {
Value[] vs = user.getNode().getProperty(P_IMPERSONATORS).getValues();
- for (int i = 0; i < vs.length; i++) {
- princNames.add(vs[i].getString());
+ for (Value v : vs) {
+ princNames.add(v.getString());
}
}
return princNames;
}
- private void updateImpersonatorNames(Set principalNames) throws RepositoryException {
+ private void updateImpersonatorNames(Set<String> principalNames) throws RepositoryException {
NodeImpl userNode = user.getNode();
try {
- String[] pNames = (String[]) principalNames.toArray(new String[principalNames.size()]);
+ String[] pNames = principalNames.toArray(new String[principalNames.size()]);
if (pNames.length == 0) {
PropertyImpl prop = userNode.getProperty(P_IMPERSONATORS);
userManager.removeProtectedItem(prop, userNode);
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/IndexNodeResolver.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/IndexNodeResolver.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/IndexNodeResolver.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/IndexNodeResolver.java Tue Sep 8 16:09:28 2009
@@ -79,7 +79,7 @@
* @return
* @throws javax.jcr.RepositoryException
*/
- public NodeIterator findNodes(Set propertyNames, String value, Name ntName,
+ public NodeIterator findNodes(Set<Name> propertyNames, String value, Name ntName,
boolean exact, long maxSize) throws RepositoryException {
Query query = buildQuery(value, propertyNames, ntName, exact, maxSize);
return query.execute().getNodes();
@@ -115,7 +115,7 @@
* @return
* @throws RepositoryException
*/
- private Query buildQuery(String value, Set props, Name ntName,
+ private Query buildQuery(String value, Set<Name> props, Name ntName,
boolean exact, long maxSize)
throws RepositoryException {
StringBuilder stmt = new StringBuilder("/jcr:root");
@@ -128,10 +128,9 @@
} else {
stmt.append(")[");
int i = 0;
- Iterator itr = props.iterator();
- while (itr.hasNext()) {
+ for (Name prop : props) {
stmt.append((exact) ? "@" : "jcr:like(@");
- String pName = getNamePathResolver().getJCRName((Name) itr.next());
+ String pName = getNamePathResolver().getJCRName(prop);
stmt.append(ISO9075.encode(pName));
if (exact) {
stmt.append("='");
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/NodeResolver.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/NodeResolver.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/NodeResolver.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/NodeResolver.java Tue Sep 8 16:09:28 2009
@@ -16,17 +16,16 @@
*/
package org.apache.jackrabbit.core.security.user;
-import org.apache.jackrabbit.spi.Name;
-import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.util.Collections;
+import java.util.Set;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
-import java.util.Collections;
-import java.util.Set;
+
+import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
/**
* Resolver: searches for Principals stored in Nodes of a {@link javax.jcr.Workspace}
@@ -35,8 +34,6 @@
*/
abstract class NodeResolver {
- private static final Logger log = LoggerFactory.getLogger(NodeResolver.class);
-
private final Session session;
private final NamePathResolver resolver;
@@ -109,7 +106,7 @@
* @return matching nodes (or an empty iterator if no match was found).
* @throws RepositoryException If an error occurs.
*/
- public abstract NodeIterator findNodes(Set propertyNames, String value,
+ public abstract NodeIterator findNodes(Set<Name> propertyNames, String value,
Name ntName, boolean exact, long maxSize)
throws RepositoryException;
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/TraversingNodeResolver.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/TraversingNodeResolver.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/TraversingNodeResolver.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/TraversingNodeResolver.java Tue Sep 8 16:09:28 2009
@@ -100,7 +100,7 @@
/**
* @inheritDoc
*/
- public NodeIterator findNodes(Set propertyNames, String value, Name ntName,
+ public NodeIterator findNodes(Set<Name> propertyNames, String value, Name ntName,
boolean exact, long maxSize) throws RepositoryException {
String sr = getSearchRoot(ntName);
if (getSession().nodeExists(sr)) {
@@ -151,11 +151,12 @@
* @param exact if set to true the value has to match exactly else a
* substring is searched
* @param maxSize
+ * @return
*/
- private NodeIterator collectNodes(String value, Set props, Name ntName,
+ private NodeIterator collectNodes(String value, Set<Name> props, Name ntName,
NodeIterator nodes, boolean exact,
long maxSize) {
- Set matchSet = new HashSet();
+ Set<Node> matchSet = new HashSet<Node>();
collectNodes(value, props, ntName, nodes, matchSet, exact, maxSize);
return new NodeIteratorAdapter(matchSet);
}
@@ -172,9 +173,9 @@
* @param exact if set to true the value has to match exact
* @param maxSize
*/
- private void collectNodes(String value, Set propertyNames,
+ private void collectNodes(String value, Set<Name> propertyNames,
Name nodeTypeName, NodeIterator itr,
- Set matchSet, boolean exact, long maxSize) {
+ Set<Node> matchSet, boolean exact, long maxSize) {
while (itr.hasNext()) {
NodeImpl node = (NodeImpl) itr.nextNode();
try {
@@ -203,7 +204,7 @@
* @throws RepositoryException
*/
private static boolean matches(NodeImpl node, Name nodeTypeName,
- Collection propertyNames, String value,
+ Collection<Name> propertyNames, String value,
boolean exact) throws RepositoryException {
boolean match = false;
@@ -216,12 +217,12 @@
match = (exact) ? node.getName().equals(value) :
node.getName().matches(".*"+value+".*");
} else {
- Iterator pItr = propertyNames.iterator();
+ Iterator<Name> pItr = propertyNames.iterator();
while (!match && pItr.hasNext()) {
- Name propertyName = (Name) pItr.next();
+ Name propertyName = pItr.next();
if (node.hasProperty(propertyName)) {
Property prop = node.getProperty(propertyName);
- if (prop.getDefinition().isMultiple()) {
+ if (prop.isMultiple()) {
Value[] values = prop.getValues();
for (int i = 0; i < values.length && !match; i++) {
match = matches(value, values[i].getString(), exact);
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java Tue Sep 8 16:09:28 2009
@@ -20,6 +20,7 @@
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.core.ItemImpl;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.SessionImpl;
@@ -31,7 +32,6 @@
import org.apache.jackrabbit.core.security.authorization.NamedAccessControlPolicyImpl;
import org.apache.jackrabbit.core.security.authorization.Permission;
import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
-import org.apache.jackrabbit.core.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.spi.Path;
import org.apache.jackrabbit.util.Text;
@@ -72,16 +72,13 @@
* her/his group membership,</li>
*
* <li>members of the 'User administrator' group are allowed to create, modify
- * and remove those users whose node representation is within the subtree
- * defined by the node representation of the editing user,</li>
+ * and remove users,</li>
*
* <li>members of the 'Group administrator' group are allowed to create, modify
* and remove groups,</li>
*
* <li>group membership can only be edited by members of the 'Group administrator'
- * and the 'User administrator' group. The range of users that can be added
- * as member to any Group is limited to those that are editable according to
- * the restrictions described above for the 'User administrator'.</li>
+ * and the 'User administrator' group.</li>
* </ul>
*/
public class UserAccessControlProvider extends AbstractAccessControlProvider
@@ -127,7 +124,7 @@
//----------------------------------------------< AccessControlProvider >---
/**
- * @see AccessControlProvider#init(Session, Map)
+ * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#init(Session, Map)
*/
public void init(Session systemSession, Map configuration) throws RepositoryException {
super.init(systemSession, configuration);
@@ -136,7 +133,7 @@
userAdminGroup = (configuration.containsKey(USER_ADMIN_GROUP_NAME)) ? configuration.get(USER_ADMIN_GROUP_NAME).toString() : USER_ADMIN_GROUP_NAME;
groupAdminGroup = (configuration.containsKey(GROUP_ADMIN_GROUP_NAME)) ? configuration.get(GROUP_ADMIN_GROUP_NAME).toString() : GROUP_ADMIN_GROUP_NAME;
- // make sure the groups exist (and ev. create them).
+ // make sure the groups exist (and possibly create them).
UserManager uMgr = sImpl.getUserManager();
if (!initGroup(uMgr, userAdminGroup)) {
log.warn("Unable to initialize User admininistrator group -> no user admins.");
@@ -155,7 +152,7 @@
}
/**
- * @see AccessControlProvider#getEffectivePolicies(Path)
+ * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#getEffectivePolicies(Path)
*/
public AccessControlPolicy[] getEffectivePolicies(Path absPath) throws ItemNotFoundException, RepositoryException {
checkInitialized();
@@ -165,7 +162,7 @@
/**
* Always returns <code>null</code>.
*
- * @see AccessControlProvider#getEditor(Session)
+ * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#getEditor(Session)
*/
public AccessControlEditor getEditor(Session session) {
checkInitialized();
@@ -175,9 +172,9 @@
}
/**
- * @see AccessControlProvider#compilePermissions(Set)
+ * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#compilePermissions(Set)
*/
- public CompiledPermissions compilePermissions(Set principals) throws RepositoryException {
+ public CompiledPermissions compilePermissions(Set<Principal> principals) throws RepositoryException {
checkInitialized();
if (isAdminOrSystem(principals)) {
return getAdminPermissions();
@@ -195,7 +192,7 @@
}
/**
- * @see AccessControlProvider#canAccessRoot(Set)
+ * @see org.apache.jackrabbit.core.security.authorization.AccessControlProvider#canAccessRoot(Set)
*/
public boolean canAccessRoot(Set principals) throws RepositoryException {
checkInitialized();
@@ -204,11 +201,10 @@
//------------------------------------------------------------< private >---
- private ItemBasedPrincipal getUserPrincipal(Set principals) {
+ private ItemBasedPrincipal getUserPrincipal(Set<Principal> principals) {
try {
UserManager uMgr = session.getUserManager();
- for (Iterator it = principals.iterator(); it.hasNext();) {
- Principal p = (Principal) it.next();
+ for (Principal p : principals) {
if (!(p instanceof Group) && p instanceof ItemBasedPrincipal
&& uMgr.getAuthorizable(p) != null) {
return (ItemBasedPrincipal) p;
@@ -256,7 +252,7 @@
return PrivilegeRegistry.getBits(privs);
}
- private static boolean containsGroup(Set principals, String groupName) {
+ private static boolean containsGroup(Set<Principal> principals, String groupName) {
for (Iterator it = principals.iterator(); it.hasNext() && groupName != null;) {
Principal p = (Principal) it.next();
if (p.getName().equals(groupName)) {
@@ -299,7 +295,7 @@
private boolean isUserAdmin;
private boolean isGroupAdmin;
- protected CompiledPermissionsImpl(Set principals, String userNodePath) throws RepositoryException {
+ protected CompiledPermissionsImpl(Set<Principal> principals, String userNodePath) throws RepositoryException {
this.userNodePath = userNodePath;
isUserAdmin = containsGroup(principals, userAdminGroup);
isGroupAdmin = containsGroup(principals, groupAdminGroup);
@@ -324,7 +320,7 @@
if (userNode == null) {
// no Node corresponding to user for which the permissions are
- // calculated -> no permissions/priviles.
+ // calculated -> no permissions/privileges.
log.debug("No node at " + userNodePath);
return new Result(Permission.NONE, Permission.NONE, PrivilegeRegistry.NO_PRIVILEGE, PrivilegeRegistry.NO_PRIVILEGE);
}
@@ -347,100 +343,81 @@
if (usersPath.equals(abs2Path)) {
/*
below the user-tree
- - determine position of target relative to the node of the editing user
+ - determine position of target relative
+ - target may not be below an existing user but only below an
+ authorizable folder.
- determine if the editing user is user/group-admin
- special treatment for rep:groups property
*/
NodeImpl node = (NodeImpl) getExistingNode(path);
- NodeImpl authN = null;
- // seek next rep:authorizable parent
- if (node.isNodeType(NT_REP_AUTHORIZABLE)) {
- authN = node;
- } else if (node.isNodeType(NT_REP_AUTHORIZABLE_FOLDER)) {
- NodeImpl parent = node;
- while (authN == null && parent.getDepth() > 0) {
- parent = (NodeImpl) parent.getParent();
- if (parent.isNodeType(NT_REP_AUTHORIZABLE)) {
- authN = parent;
- } else if (!parent.isNodeType(NT_REP_AUTHORIZABLE_FOLDER)) {
- // outside of user/group-tree
- break;
- }
- }
- } // else: outside of user tree -> authN = null
- if (authN != null && authN.isNodeType(NT_REP_USER)) {
- int relDepth = session.getHierarchyManager().getRelativeDepth(userNode.getNodeId(), authN.getNodeId());
+ if (node.isNodeType(NT_REP_AUTHORIZABLE) || node.isNodeType(NT_REP_AUTHORIZABLE_FOLDER)) {
+ boolean editingHimSelf = node.isSame(userNode);
boolean isGroupProp = P_GROUPS.equals(path.getNameElement().getName());
// only user-admin is allowed to modify users.
// for group membership (rep:groups) group-admin is required
// in addition.
- boolean requiredGroups = isUserAdmin;
- if (requiredGroups && isGroupProp) {
- requiredGroups = isGroupAdmin;
+ boolean memberOfRequiredGroups = isUserAdmin;
+ if (memberOfRequiredGroups && isGroupProp) {
+ memberOfRequiredGroups = isGroupAdmin;
}
- switch (relDepth) {
- case -1:
- // authN is not below the userNode -> can't write anyway.
- break;
- case 0:
- /*
- authN is same node as userNode. 3 cases to distinguish
- 1) user is User-Admin -> R, W
- 2) user is NOT U-admin but nodeID is its own node.
- 3) special treatment for rep:group property which can
- only be modified by group-administrators
- */
- Path aPath = session.getQPath(authN.getPath());
- if (requiredGroups) {
- // principals contain 'user-admin'
- // -> user can modify items below the user-node except rep:group.
- // principals contains 'user-admin' + 'group-admin'
- // -> user can modify rep:group property as well.
- if (path.equals(aPath)) {
- allows |= (Permission.ADD_NODE | Permission.REMOVE_PROPERTY | Permission.SET_PROPERTY);
- } else {
- allows |= Permission.ALL;
- }
- if (calcPrivs) {
- // grant WRITE privilege
- // note: ac-read/modification is not included
- // remove_node is not included
- privs |= getPrivilegeBits(PrivilegeRegistry.REP_WRITE);
- if (!path.equals(aPath)) {
- privs |= getPrivilegeBits(Privilege.JCR_REMOVE_NODE);
- }
- }
- } else if (userNode.isSame(node) && (!isGroupProp || isGroupAdmin)) {
- // user can only read && write his own props
- // except for the rep:group property.
- allows |= (Permission.SET_PROPERTY | Permission.REMOVE_PROPERTY);
- if (calcPrivs) {
- privs |= getPrivilegeBits(Privilege.JCR_MODIFY_PROPERTIES);
- }
- } // else some other node below but not U-admin -> read-only.
- break;
- default:
- /*
- authN is somewhere below the userNode, i.e.
- 1) nodeId points to an authorizable below userNode
- 2) nodeId points to an auth-folder below some authorizable below userNode.
-
- In either case user-admin group-membership is
- required in order to get write permission.
- group-admin group-membership is required in addition
- if rep:groups is the target item.
- */
- if (requiredGroups) {
- allows = Permission.ALL;
- if (calcPrivs) {
- // grant WRITE privilege
- // note: ac-read/modification is not included
- privs |= getPrivilegeBits(PrivilegeRegistry.REP_WRITE);
+ if (editingHimSelf) {
+ /*
+ node to be modified is same node as userNode. 3 cases to distinguish
+ 1) user is User-Admin -> R, W
+ 2) user is NOT U-admin but nodeID is its own node.
+ 3) special treatment for rep:group property which can
+ only be modified by group-administrators
+ */
+ Path aPath = session.getQPath(node.getPath());
+ if (memberOfRequiredGroups) {
+ // principals contain 'user-admin'
+ // -> user can modify items below the user-node except rep:group.
+ // principals contains 'user-admin' + 'group-admin'
+ // -> user can modify rep:group property as well.
+ if (path.equals(aPath)) {
+ allows |= (Permission.ADD_NODE | Permission.REMOVE_PROPERTY | Permission.SET_PROPERTY);
+ } else {
+ allows |= Permission.ALL;
+ }
+ if (calcPrivs) {
+ // grant WRITE privilege
+ // note: ac-read/modification is not included
+ // remove_node is not included
+ privs |= getPrivilegeBits(PrivilegeRegistry.REP_WRITE);
+ if (!path.equals(aPath)) {
+ privs |= getPrivilegeBits(Privilege.JCR_REMOVE_NODE);
}
}
+ } else if (userNode.isSame(node) && (!isGroupProp || isGroupAdmin)) {
+ // user can only read && write his own props
+ // except for the rep:group property.
+ allows |= (Permission.SET_PROPERTY | Permission.REMOVE_PROPERTY);
+ if (calcPrivs) {
+ privs |= getPrivilegeBits(Privilege.JCR_MODIFY_PROPERTIES);
+ }
+ } // else some other node below but not U-admin -> read-only.
+ } else {
+ /*
+ authN points to some other user-node, i.e.
+ 1) nodeId points to an authorizable that isn't the editing user
+ 2) nodeId points to an auth-folder within the user-tree
+
+ In either case user-admin group-membership is
+ required in order to get write permission.
+ group-admin group-membership is required in addition
+ if rep:groups is the target item.
+ */
+ if (memberOfRequiredGroups) {
+ allows = Permission.ALL;
+ if (calcPrivs) {
+ // grant WRITE privilege
+ // note: ac-read/modification is not included
+ privs |= getPrivilegeBits(PrivilegeRegistry.REP_WRITE);
+ }
+ }
}
- } // no rep:User parent node found.
+ } // outside of the user tree
} else if (groupsPath.equals(abs2Path)) {
/*
below group-tree:
@@ -515,8 +492,8 @@
if (session.propertyExists(evPath)) {
Value[] vs = session.getProperty(evPath).getValues();
String princName = session.getJCRName(P_PRINCIPAL_NAME);
- for (int i = 0; i < vs.length; i++) {
- Node groupNode = session.getNodeByUUID(vs[i].getString());
+ for (Value v : vs) {
+ Node groupNode = session.getNodeByUUID(v.getString());
String pName = groupNode.getProperty(princName).getString();
if (userAdminGroup.equals(pName)) {
isUserAdmin = true;
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java?rev=812570&r1=812569&r2=812570&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java Tue Sep 8 16:09:28 2009
@@ -16,13 +16,12 @@
*/
package org.apache.jackrabbit.core.security.user;
+import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.api.security.user.Impersonation;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.security.authentication.CryptedSimpleCredentials;
import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
-import org.apache.jackrabbit.core.security.principal.ItemBasedPrincipal;
-import org.apache.jackrabbit.util.Text;
import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
@@ -68,7 +67,7 @@
//-------------------------------------------------------< Authorizable >---
/**
- * @see Authorizable#getID()
+ * @see org.apache.jackrabbit.api.security.user.Authorizable#getID()
*/
public String getID() throws RepositoryException {
return id;