You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/10/04 09:57:46 UTC
svn commit: r1393946 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak:
plugins/type/ security/authorization/ spi/security/
spi/security/authorization/
Author: angela
Date: Thu Oct 4 07:57:46 2012
New Revision: 1393946
URL: http://svn.apache.org/viewvc?rev=1393946&view=rev
Log:
OAK-51 : Access Control (WIP)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AllPermissions.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java?rev=1393946&r1=1393945&r2=1393946&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/type/InitialContent.java Thu Oct 4 07:57:46 2012
@@ -16,30 +16,14 @@
*/
package org.apache.jackrabbit.oak.plugins.type;
-import java.util.Collections;
-import java.util.List;
-import javax.annotation.Nonnull;
-import javax.jcr.Session;
-
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Service;
-import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.mk.api.MicroKernel;
import org.apache.jackrabbit.oak.Oak;
-import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.lifecycle.DefaultMicroKernelTracker;
import org.apache.jackrabbit.oak.spi.lifecycle.MicroKernelTracker;
-import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
-import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
-import org.apache.jackrabbit.oak.spi.security.authentication.OpenLoginContextProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlProvider;
-import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
-import org.apache.jackrabbit.oak.spi.security.user.UserContext;
-import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
+import org.apache.jackrabbit.oak.spi.security.OpenSecurityProvider;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.spi.state.NodeStore;
@@ -79,42 +63,8 @@ public class InitialContent extends Defa
}
private Root createRoot(MicroKernel mk) {
- SecurityProvider securityProvider = new SecurityProvider() {
- @Override
- public LoginContextProvider getLoginContextProvider() {
- return new OpenLoginContextProvider();
- }
- @Override
- public AccessControlProvider getAccessControlProvider() {
- return new OpenAccessControlProvider();
- }
- @Override
- public UserContext getUserContext() {
- return new UserContext() {
- @Override
- public UserProvider getUserProvider(ContentSession contentSession, Root root) {
- throw new UnsupportedOperationException();
- }
- @Override
- public MembershipProvider getMembershipProvider(ContentSession contentSession, Root root) {
- throw new UnsupportedOperationException();
- }
- @Override
- public List<ValidatorProvider> getValidatorProviders() {
- return Collections.emptyList();
- }
-
- @Nonnull
- @Override
- public UserManager getUserManager(Session session, ContentSession contentSession, Root root, NamePathMapper namePathMapper) {
- throw new UnsupportedOperationException();
- }
- };
- }
- };
-
Oak oak = new Oak(mk);
- oak.with(securityProvider); // TODO: this shouldn't be needed
+ oak.with(new OpenSecurityProvider()); // TODO: this shouldn't be needed
try {
return oak.createContentRepository().login(null, null).getLatestRoot();
} catch (Exception e) {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java?rev=1393946&r1=1393945&r2=1393946&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java Thu Oct 4 07:57:46 2012
@@ -18,13 +18,11 @@ package org.apache.jackrabbit.oak.securi
import java.security.Principal;
import java.util.Set;
-
import javax.security.auth.Subject;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
-import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AllPermissions;
import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
-import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlProvider;
import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
/**
@@ -32,15 +30,6 @@ import org.apache.jackrabbit.oak.spi.sec
*/
class AccessControlContextImpl implements AccessControlContext {
- private static final CompiledPermissions ADMIN_PERMISSIONS;
-
- static {
- AccessControlProvider accProvider = new OpenAccessControlProvider();
- Subject subject = new Subject();
- subject.getPrincipals().add(AdminPrincipal.INSTANCE);
- ADMIN_PERMISSIONS = accProvider.createAccessControlContext(subject).getPermissions();
- }
-
private final Subject subject;
AccessControlContextImpl(Subject subject) {
@@ -53,7 +42,7 @@ class AccessControlContextImpl implement
public CompiledPermissions getPermissions() {
Set<Principal> principals = subject.getPrincipals();
if (principals.contains(AdminPrincipal.INSTANCE)) {
- return ADMIN_PERMISSIONS;
+ return AllPermissions.getInstance();
} else {
// TODO: replace with permissions based on ac evaluation
return new CompiledPermissionImpl(principals);
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java?rev=1393946&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java Thu Oct 4 07:57:46 2012
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security;
+
+import java.util.Collections;
+import java.util.List;
+import javax.annotation.Nonnull;
+import javax.jcr.Session;
+
+import org.apache.jackrabbit.api.security.user.UserManager;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authentication.OpenLoginContextProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.OpenAccessControlProvider;
+import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider;
+import org.apache.jackrabbit.oak.spi.security.user.UserContext;
+import org.apache.jackrabbit.oak.spi.security.user.UserProvider;
+
+/**
+ * OpenSecurityProvider... TODO: review if we really have the need for that once TODO in InitialContent is resolved
+ */
+public class OpenSecurityProvider implements SecurityProvider {
+
+ @Nonnull
+ @Override
+ public LoginContextProvider getLoginContextProvider() {
+ return new OpenLoginContextProvider();
+ }
+
+ @Nonnull
+ @Override
+ public AccessControlProvider getAccessControlProvider() {
+ return new OpenAccessControlProvider();
+ }
+
+ @Nonnull
+ @Override
+ public UserContext getUserContext() {
+ // TODO
+ return new UserContext() {
+ @Nonnull
+ @Override
+ public UserProvider getUserProvider(ContentSession contentSession, Root root) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Nonnull
+ @Override
+ public MembershipProvider getMembershipProvider(ContentSession contentSession, Root root) {
+ throw new UnsupportedOperationException();
+ }
+
+ @Nonnull
+ @Override
+ public List<ValidatorProvider> getValidatorProviders() {
+ return Collections.emptyList();
+ }
+
+ @Nonnull
+ @Override
+ public UserManager getUserManager(Session session, ContentSession contentSession, Root root, NamePathMapper namePathMapper) {
+ throw new UnsupportedOperationException();
+ }
+ };
+ }
+}
\ No newline at end of file
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AllPermissions.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AllPermissions.java?rev=1393946&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AllPermissions.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AllPermissions.java Thu Oct 4 07:57:46 2012
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization;
+
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
+
+/**
+ * AllPermissions... TODO
+ */
+public final class AllPermissions implements CompiledPermissions {
+
+ private static final CompiledPermissions INSTANCE = new AllPermissions();
+
+ private AllPermissions() {}
+
+ public static CompiledPermissions getInstance() {
+ return INSTANCE;
+ }
+
+ @Override
+ public boolean canRead(String path, boolean isProperty) {
+ return true;
+ }
+
+ @Override
+ public boolean isGranted(int permissions) {
+ return true;
+ }
+
+ @Override
+ public boolean isGranted(Tree tree, int permissions) {
+ return true;
+ }
+
+ @Override
+ public boolean isGranted(Tree parent, PropertyState property, int permissions) {
+ return true;
+ }
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java?rev=1393946&r1=1393945&r2=1393946&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlProvider.java Thu Oct 4 07:57:46 2012
@@ -20,8 +20,6 @@ import java.util.Collections;
import java.util.List;
import javax.security.auth.Subject;
-import org.apache.jackrabbit.oak.api.PropertyState;
-import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
/**
@@ -36,7 +34,7 @@ public class OpenAccessControlProvider
return new AccessControlContext() {
@Override
public CompiledPermissions getPermissions() {
- return AllPermissions.INSTANCE;
+ return AllPermissions.getInstance();
}
};
}
@@ -45,31 +43,4 @@ public class OpenAccessControlProvider
public List<ValidatorProvider> getValidatorProviders() {
return Collections.emptyList();
}
-
- private static final class AllPermissions implements CompiledPermissions {
-
- private static final CompiledPermissions INSTANCE = new AllPermissions();
-
- @Override
- public boolean canRead(String path, boolean isProperty) {
- return true;
- }
-
- @Override
- public boolean isGranted(int permissions) {
- return true;
- }
-
- @Override
- public boolean isGranted(Tree tree, int permissions) {
- return true;
- }
-
- @Override
- public boolean isGranted(Tree parent,
- PropertyState property,
- int permissions) {
- return true;
- }
- }
}