You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/11/05 12:14:36 UTC
svn commit: r1538944 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/
oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/
oak-jcr/src/test/java/org/apa...
Author: angela
Date: Tue Nov 5 11:14:35 2013
New Revision: 1538944
URL: http://svn.apache.org/r1538944
Log:
OAK-51 : Access Control Management (minor improvement)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlManagementTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java?rev=1538944&r1=1538943&r2=1538944&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java Tue Nov 5 11:14:35 2013
@@ -52,25 +52,25 @@ abstract class ACL extends AbstractAcces
private final List<ACE> entries = new ArrayList<ACE>();
- ACL(@Nullable String oakPath, @Nonnull NamePathMapper namePathMapper) {
- this(oakPath, null, namePathMapper);
- }
+ private final PrincipalManager principalManager;
+ private final PrivilegeManager privilegeManager;
+ private final PrivilegeBitsProvider privilegeBitsProvider;
ACL(@Nullable String oakPath, @Nullable List<ACE> entries,
- @Nonnull NamePathMapper namePathMapper) {
+ @Nonnull NamePathMapper namePathMapper,
+ @Nonnull PrincipalManager principalManager,
+ @Nonnull PrivilegeManager privilegeManager,
+ @Nonnull PrivilegeBitsProvider privilegeBitsProvider) {
super(oakPath, namePathMapper);
if (entries != null) {
this.entries.addAll(entries);
}
+ this.principalManager = principalManager;
+ this.privilegeManager = privilegeManager;
+ this.privilegeBitsProvider = privilegeBitsProvider;
}
- abstract PrincipalManager getPrincipalManager();
-
- abstract PrivilegeManager getPrivilegeManager();
-
- abstract PrivilegeBitsProvider getPrivilegeBitsProvider();
-
- abstract ACE createACE(Principal principal, PrivilegeBits privilegeBits, boolean isAllow, Set<Restriction> restrictions, NamePathMapper namePathMapper) throws RepositoryException;
+ abstract ACE createACE(Principal principal, PrivilegeBits privilegeBits, boolean isAllow, Set<Restriction> restrictions) throws RepositoryException;
//------------------------------------------< AbstractAccessControlList >---
@Nonnull
@@ -98,13 +98,13 @@ abstract class ACL extends AbstractAcces
throw new AccessControlException("Privileges may not be null nor an empty array");
}
for (Privilege p : privileges) {
- Privilege pv = getPrivilegeManager().getPrivilege(p.getName());
+ Privilege pv = privilegeManager.getPrivilege(p.getName());
if (pv.isAbstract()) {
throw new AccessControlException("Privilege " + p + " is abstract.");
}
}
- Util.checkValidPrincipal(principal, getPrincipalManager());
+ Util.checkValidPrincipal(principal, principalManager);
for (RestrictionDefinition def : getRestrictionProvider().getSupportedRestrictions(getOakPath())) {
String jcrName = getNamePathMapper().getJcrName(def.getName());
@@ -132,7 +132,7 @@ abstract class ACL extends AbstractAcces
}
}
- ACE entry = createACE(principal, getPrivilegeBits(privileges), isAllow, rs, getNamePathMapper());
+ ACE entry = createACE(principal, getPrivilegeBits(privileges), isAllow, rs);
if (entries.contains(entry)) {
log.debug("Entry is already contained in policy -> no modification.");
return false;
@@ -239,10 +239,10 @@ abstract class ACL extends AbstractAcces
}
private ACE createACE(@Nonnull ACE existing, @Nonnull PrivilegeBits newPrivilegeBits) throws RepositoryException {
- return createACE(existing.getPrincipal(), newPrivilegeBits, existing.isAllow(), existing.getRestrictions(), getNamePathMapper());
+ return createACE(existing.getPrincipal(), newPrivilegeBits, existing.isAllow(), existing.getRestrictions());
}
private PrivilegeBits getPrivilegeBits(Privilege[] privileges) {
- return getPrivilegeBitsProvider().getBits(privileges, getNamePathMapper());
+ return privilegeBitsProvider.getBits(privileges, getNamePathMapper());
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java?rev=1538944&r1=1538943&r2=1538944&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java Tue Nov 5 11:14:35 2013
@@ -696,11 +696,11 @@ public class AccessControlManagerImpl im
private class NodeACL extends ACL {
NodeACL(@Nullable String oakPath) {
- super(oakPath, namePathMapper);
+ this(oakPath, null);
}
NodeACL(@Nullable String oakPath, @Nullable List<ACE> entries) {
- super(oakPath, entries, namePathMapper);
+ super(oakPath, entries, namePathMapper, principalManager, privilegeManager, bitsProvider);
}
@Nonnull
@@ -710,23 +710,8 @@ public class AccessControlManagerImpl im
}
@Override
- PrincipalManager getPrincipalManager() {
- return principalManager;
- }
-
- @Override
- PrivilegeManager getPrivilegeManager() {
- return privilegeManager;
- }
-
- @Override
- PrivilegeBitsProvider getPrivilegeBitsProvider() {
- return bitsProvider;
- }
-
- @Override
- ACE createACE(Principal principal, PrivilegeBits privilegeBits, boolean isAllow, Set<Restriction> restrictions, NamePathMapper namePathMapper) throws RepositoryException {
- return new Entry(principal, privilegeBits, isAllow, restrictions, namePathMapper);
+ ACE createACE(Principal principal, PrivilegeBits privilegeBits, boolean isAllow, Set<Restriction> restrictions) throws RepositoryException {
+ return new Entry(principal, privilegeBits, isAllow, restrictions, getNamePathMapper());
}
@Override
@@ -760,7 +745,7 @@ public class AccessControlManagerImpl im
private PrincipalACL(@Nullable String oakPath, @Nonnull Principal principal,
@Nullable List<ACE> entries,
@Nonnull RestrictionProvider restrictionProvider) {
- super(oakPath, entries, namePathMapper);
+ super(oakPath, entries, namePathMapper, principalManager, privilegeManager, bitsProvider);
this.principal = principal;
rProvider = restrictionProvider;
}
@@ -772,23 +757,8 @@ public class AccessControlManagerImpl im
}
@Override
- PrincipalManager getPrincipalManager() {
- return principalManager;
- }
-
- @Override
- PrivilegeManager getPrivilegeManager() {
- return privilegeManager;
- }
-
- @Override
- PrivilegeBitsProvider getPrivilegeBitsProvider() {
- return bitsProvider;
- }
-
- @Override
- ACE createACE(Principal principal, PrivilegeBits privilegeBits, boolean isAllow, Set<Restriction> restrictions, NamePathMapper namePathMapper) throws RepositoryException {
- return new Entry(principal, privilegeBits, isAllow, restrictions, namePathMapper);
+ ACE createACE(Principal principal, PrivilegeBits privilegeBits, boolean isAllow, Set<Restriction> restrictions) throws RepositoryException {
+ return new Entry(principal, privilegeBits, isAllow, restrictions, getNamePathMapper());
}
@Override
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java?rev=1538944&r1=1538943&r2=1538944&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java Tue Nov 5 11:14:35 2013
@@ -58,7 +58,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.junit.Before;
import org.junit.Test;
@@ -101,29 +100,14 @@ public class ACLTest extends AbstractAcc
@Nonnull NamePathMapper namePathMapper,
final @Nonnull RestrictionProvider restrictionProvider) {
String path = (jcrPath == null) ? null : namePathMapper.getOakPathKeepIndex(jcrPath);
- return new ACL(path, entries, namePathMapper) {
+ return new ACL(path, entries, namePathMapper, principalManager, privilegeManager, getBitsProvider()) {
@Override
public RestrictionProvider getRestrictionProvider() {
return restrictionProvider;
}
@Override
- PrincipalManager getPrincipalManager() {
- return principalManager;
- }
-
- @Override
- PrivilegeManager getPrivilegeManager() {
- return privilegeManager;
- }
-
- @Override
- PrivilegeBitsProvider getPrivilegeBitsProvider() {
- return getBitsProvider();
- }
-
- @Override
- ACE createACE(Principal principal, PrivilegeBits privilegeBits, boolean isAllow, Set<Restriction> restrictions, NamePathMapper namePathMapper) throws RepositoryException {
+ ACE createACE(Principal principal, PrivilegeBits privilegeBits, boolean isAllow, Set<Restriction> restrictions) throws RepositoryException {
return createEntry(principal, privilegeBits, isAllow, restrictions);
}
};
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java?rev=1538944&r1=1538943&r2=1538944&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java Tue Nov 5 11:14:35 2013
@@ -50,7 +50,6 @@ import org.apache.jackrabbit.JcrConstant
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
-import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.oak.TestNameMapper;
import org.apache.jackrabbit.oak.api.ContentSession;
@@ -71,7 +70,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.oak.util.TreeUtil;
@@ -178,24 +176,10 @@ public class AccessControlManagerImplTes
private ACL createPolicy(@Nullable String path) {
final PrincipalManager pm = getPrincipalManager(root);
final RestrictionProvider rp = getRestrictionProvider();
- return new ACL(path, getNamePathMapper()) {
- @Override
- PrincipalManager getPrincipalManager() {
- return pm;
- }
-
- @Override
- PrivilegeManager getPrivilegeManager() {
- return AccessControlManagerImplTest.this.getPrivilegeManager(root);
- }
-
- @Override
- PrivilegeBitsProvider getPrivilegeBitsProvider() {
- return new PrivilegeBitsProvider(root);
- }
+ return new ACL(path, null, getNamePathMapper(), pm, AccessControlManagerImplTest.this.getPrivilegeManager(root), getBitsProvider()) {
@Override
- ACE createACE(Principal principal, PrivilegeBits privilegeBits, boolean isAllow, Set<Restriction> restrictions, NamePathMapper namePathMapper) throws RepositoryException {
+ ACE createACE(Principal principal, PrivilegeBits privilegeBits, boolean isAllow, Set<Restriction> restrictions) {
throw new UnsupportedOperationException();
}
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlManagementTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlManagementTest.java?rev=1538944&r1=1538943&r2=1538944&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlManagementTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlManagementTest.java Tue Nov 5 11:14:35 2013
@@ -33,7 +33,6 @@ import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.util.Text;
-import org.junit.Ignore;
import org.junit.Test;
/**