You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2019/02/28 14:26:48 UTC
svn commit: r1854530 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/
oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/
oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/ o...
Author: angela
Date: Thu Feb 28 14:26:48 2019
New Revision: 1854530
URL: http://svn.apache.org/viewvc?rev=1854530&view=rev
Log:
OAK-8062 : PrincipalProvider: optional lookup of ItemBasedPrincipal by path
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/AbstractPrincipalProviderTest.java
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java
jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProviderTest.java
jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/TestPrincipalProvider.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java?rev=1854530&r1=1854529&r2=1854530&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java Thu Feb 28 14:26:48 2019
@@ -16,17 +16,11 @@
*/
package org.apache.jackrabbit.oak.security.principal;
-import java.security.Principal;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-import javax.jcr.RepositoryException;
-
import com.google.common.base.Function;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.collect.Iterators;
+import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Query;
@@ -46,6 +40,13 @@ import org.jetbrains.annotations.Nullabl
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import javax.jcr.RepositoryException;
+import java.security.Principal;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
/**
* The {@code PrincipalProviderImpl} is a principal provider implementation
* that operates on principal information read from user information exposed by
@@ -56,14 +57,17 @@ class PrincipalProviderImpl implements P
private static final Logger log = LoggerFactory.getLogger(PrincipalProviderImpl.class);
private final UserManager userManager;
+ private final NamePathMapper namePathMapper;
PrincipalProviderImpl(@NotNull Root root,
@NotNull UserConfiguration userConfiguration,
@NotNull NamePathMapper namePathMapper) {
this.userManager = userConfiguration.getUserManager(root, namePathMapper);
+ this.namePathMapper = namePathMapper;
}
//--------------------------------------------------< PrincipalProvider >---
+ @Nullable
@Override
public Principal getPrincipal(@NotNull String principalName) {
Authorizable authorizable = getAuthorizable(new PrincipalImpl(principalName));
@@ -79,6 +83,23 @@ class PrincipalProviderImpl implements P
return (EveryonePrincipal.NAME.equals(principalName)) ? EveryonePrincipal.getInstance() : null;
}
+ @Nullable
+ @Override
+ public ItemBasedPrincipal getItemBasedPrincipal(@NotNull String principalOakPath) {
+ try {
+ Authorizable authorizable = userManager.getAuthorizableByPath(namePathMapper.getJcrPath(principalOakPath));
+ if (authorizable != null) {
+ Principal principal = authorizable.getPrincipal();
+ if (principal instanceof ItemBasedPrincipal) {
+ return (ItemBasedPrincipal) principal;
+ }
+ }
+ } catch (RepositoryException e) {
+ log.debug(e.getMessage());
+ }
+ return null;
+ }
+
@NotNull
@Override
public Set<Principal> getMembershipPrincipals(@NotNull Principal principal) {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java?rev=1854530&r1=1854529&r2=1854530&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java Thu Feb 28 14:26:48 2019
@@ -16,22 +16,13 @@
*/
package org.apache.jackrabbit.oak.security.user;
-import java.security.Principal;
-import java.text.ParseException;
-import java.util.Collections;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Set;
-import javax.jcr.AccessDeniedException;
-import javax.jcr.RepositoryException;
-
import com.google.common.base.Function;
import com.google.common.base.Joiner;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import com.google.common.collect.Iterables;
import com.google.common.collect.Iterators;
+import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.UserManager;
@@ -43,6 +34,7 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.LongUtils;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.security.user.query.QueryUtil;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
@@ -52,13 +44,22 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.spi.security.user.util.UserUtil;
-import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.util.Text;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import javax.jcr.AccessDeniedException;
+import javax.jcr.RepositoryException;
+import java.security.Principal;
+import java.text.ParseException;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+
import static org.apache.jackrabbit.oak.api.QueryEngine.NO_BINDINGS;
import static org.apache.jackrabbit.oak.api.Type.STRING;
@@ -114,6 +115,20 @@ class UserPrincipalProvider implements P
}
}
+ @Nullable
+ @Override
+ public ItemBasedPrincipal getItemBasedPrincipal(@NotNull String principalOakPath) {
+ Tree authorizableTree = userProvider.getAuthorizableByPath(principalOakPath);
+ Principal principal = createPrincipal(authorizableTree);
+
+ if (principal instanceof ItemBasedPrincipal) {
+ return (ItemBasedPrincipal) principal;
+ } else {
+ return null;
+ }
+ }
+
+
@NotNull
@Override
public Set<Principal> getMembershipPrincipals(@NotNull Principal principal) {
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/AbstractPrincipalProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/AbstractPrincipalProviderTest.java?rev=1854530&r1=1854529&r2=1854530&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/AbstractPrincipalProviderTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/AbstractPrincipalProviderTest.java Thu Feb 28 14:26:48 2019
@@ -27,17 +27,20 @@ import java.util.Set;
import java.util.UUID;
import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
+import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.apache.jackrabbit.oak.spi.security.principal.SystemUserPrincipal;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
@@ -117,6 +120,39 @@ public abstract class AbstractPrincipalP
}
@Test
+ public void testGetItemBasedPrincipal() throws Exception {
+ assertTrue(userPrincipal instanceof ItemBasedPrincipal);
+ String jcrPath = ((ItemBasedPrincipal) userPrincipal).getPath();
+ assertEquals(userPrincipal, principalProvider.getItemBasedPrincipal(getNamePathMapper().getOakPath(jcrPath)));
+ }
+
+ @Test
+ public void testGetItemBasedGroupPrincipal() throws Exception {
+ String jcrPath = testGroup.getPath();
+ assertEquals(testGroup.getPrincipal(), principalProvider.getItemBasedPrincipal(getNamePathMapper().getOakPath(jcrPath)));
+ }
+
+ @Test
+ public void testGetItemBasedPrincipalRoundTrip() throws Exception {
+ Principal principal = principalProvider.getPrincipal(testGroup2.getPrincipal().getName());
+ assertTrue(principal instanceof ItemBasedPrincipal);
+
+ String jcrPath = ((ItemBasedPrincipal) principal).getPath();
+ assertEquals(principal, principalProvider.getItemBasedPrincipal(jcrPath));
+ }
+
+ @Test
+ public void testGetitemBasedPrincipalPropertyPath() throws Exception {
+ String propPath = PathUtils.concat(((ItemBasedPrincipal) userPrincipal).getPath(), UserConstants.REP_PRINCIPAL_NAME);
+ assertNull(principalProvider.getItemBasedPrincipal(getNamePathMapper().getOakPath(propPath)));
+ }
+
+ @Test
+ public void testGetItemBasedPrincipalNonExisting() throws Exception {
+ assertNull(principalProvider.getItemBasedPrincipal(UserConstants.DEFAULT_GROUP_PATH));
+ }
+
+ @Test
public void testUserPrincipal() throws Exception {
Principal principal = principalProvider.getPrincipal(userPrincipal.getName());
Modified: jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java?rev=1854530&r1=1854529&r2=1854530&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java (original)
+++ jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java Thu Feb 28 14:26:48 2019
@@ -27,6 +27,7 @@ import com.google.common.collect.Iterato
import static com.google.common.base.Preconditions.checkNotNull;
+import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
@@ -58,6 +59,7 @@ public class CompositePrincipalProvider
}
//--------------------------------------------------< PrincipalProvider >---
+ @Nullable
@Override
public Principal getPrincipal(@NotNull String principalName) {
Principal principal = null;
@@ -68,6 +70,18 @@ public class CompositePrincipalProvider
return principal;
}
+ @Nullable
+ @Override
+ public ItemBasedPrincipal getItemBasedPrincipal(@NotNull String principalOakPath) {
+ for (PrincipalProvider provider : providers) {
+ ItemBasedPrincipal principal = provider.getItemBasedPrincipal(principalOakPath);
+ if (principal != null) {
+ return principal;
+ }
+ }
+ return null;
+ }
+
@NotNull
@Override
public Set<Group> getGroupMembership(@NotNull Principal principal) {
Modified: jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java?rev=1854530&r1=1854529&r2=1854530&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java (original)
+++ jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java Thu Feb 28 14:26:48 2019
@@ -26,6 +26,7 @@ import java.util.Spliterators;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
+import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.osgi.annotation.versioning.ProviderType;
@@ -57,6 +58,18 @@ public interface PrincipalProvider {
Principal getPrincipal(@NotNull String principalName);
/**
+ * Returns the {@code ItemBasedPrincipal} with the specified {@code principalOakPath}
+ * or {@code null} if no principal with that path exists.
+ *
+ * @param principalOakPath the Oak path of the {@code ItemBasedPrincipal} to retrieve
+ * @return return the requested principal or {@code null}
+ */
+ @Nullable
+ default ItemBasedPrincipal getItemBasedPrincipal(@NotNull String principalOakPath) {
+ return null;
+ }
+
+ /**
* Returns an iterator over all group principals for which the given
* principal is either direct or indirect member of. Thus for any principal
* returned in the iterator {@link java.security.acl.Group#isMember(Principal)}
Modified: jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProviderTest.java?rev=1854530&r1=1854529&r2=1854530&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProviderTest.java (original)
+++ jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProviderTest.java Thu Feb 28 14:26:48 2019
@@ -29,6 +29,7 @@ import com.google.common.collect.Immutab
import com.google.common.collect.Iterables;
import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
+import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
@@ -40,6 +41,9 @@ import static org.junit.Assert.assertNot
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
public class CompositePrincipalProviderTest {
@@ -86,6 +90,23 @@ public class CompositePrincipalProviderT
}
@Test
+ public void testGetItemBasedPrincipalDefault() throws Exception {
+ for (Principal p : testPrincipals()) {
+ if (p instanceof ItemBasedPrincipal) {
+ assertNull(cpp.getItemBasedPrincipal(((ItemBasedPrincipal) p).getPath()));
+ }
+ }
+ }
+
+ @Test
+ public void testGetItemBasedPrincipal() throws Exception {
+ ItemBasedPrincipal p = mock(ItemBasedPrincipal.class);
+ PrincipalProvider pp = when(mock(PrincipalProvider.class).getItemBasedPrincipal(anyString())).thenReturn(p).getMock();
+
+ assertEquals(p, CompositePrincipalProvider.of(ImmutableList.of(pp, pp2)).getItemBasedPrincipal("/any/path"));
+ }
+
+ @Test
public void getGroupMembership() {
for (Principal principal : testPrincipals()) {
boolean atleastEveryone = cpp.getMembershipPrincipals(principal).contains(EveryonePrincipal.getInstance());
@@ -125,12 +146,7 @@ public class CompositePrincipalProviderT
@Test
public void findPrincipalsByTypeNotGroup() {
- Iterable<? extends Principal> expected = Iterables.filter(testPrincipals(), new Predicate<Principal>() {
- @Override
- public boolean apply(Principal input) {
- return !(input instanceof GroupPrincipal);
- }
- });
+ Iterable<? extends Principal> expected = Iterables.filter(testPrincipals(), input -> !(input instanceof GroupPrincipal));
Iterator<? extends Principal> result = cpp.findPrincipals(PrincipalManager.SEARCH_TYPE_NOT_GROUP);
assertIterator(expected, result);
Modified: jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/TestPrincipalProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/TestPrincipalProvider.java?rev=1854530&r1=1854529&r2=1854530&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/TestPrincipalProvider.java (original)
+++ jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/TestPrincipalProvider.java Thu Feb 28 14:26:48 2019
@@ -31,10 +31,13 @@ import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
+import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
+import javax.jcr.RepositoryException;
+
public final class TestPrincipalProvider implements PrincipalProvider {
public static final Principal UNKNOWN = new PrincipalImpl("unknown");
@@ -53,10 +56,15 @@ public final class TestPrincipalProvider
public TestPrincipalProvider(String... principalNames) {
this.exposesEveryone = true;
- this.principals = Maps.toMap(ImmutableSet.copyOf(principalNames), new Function<String, Principal>() {
+ this.principals = Maps.toMap(ImmutableSet.copyOf(principalNames), input -> new ItemBasedPrincipal() {
+ @Override
+ public String getPath() {
+ return "/path/to/principal/" + input;
+ }
+
@Override
- public Principal apply(String input) {
- return new PrincipalImpl(input);
+ public String getName() {
+ return input;
}
});
}