You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by ju...@apache.org on 2013/09/19 22:38:54 UTC
svn commit: r1524828 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak:
core/ security/authorization/ security/authorization/permission/
security/privilege/ security/user/ spi/security/
Author: jukka
Date: Thu Sep 19 20:38:54 2013
New Revision: 1524828
URL: http://svn.apache.org/r1524828
Log:
OAK-1028: Pass Subject directly to the permission validator
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java?rev=1524828&r1=1524827&r2=1524828&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java Thu Sep 19 20:38:54 2013
@@ -239,21 +239,7 @@ public abstract class AbstractRoot imple
public void commit(final CommitHook... hooks) throws CommitFailedException {
checkLive();
purgePendingChanges();
- CommitFailedException exception = Subject.doAs(
- getCommitSubject(), new PrivilegedAction<CommitFailedException>() {
- @Override
- public CommitFailedException run() {
- try {
- branch.merge(getCommitHook(hooks), postHook);
- return null;
- } catch (CommitFailedException e) {
- return e;
- }
- }
- });
- if (exception != null) {
- throw exception;
- }
+ branch.merge(getCommitHook(hooks), postHook);
refresh();
}
@@ -277,7 +263,8 @@ public abstract class AbstractRoot imple
commitHooks.add(ch);
}
}
- List<? extends ValidatorProvider> validators = sc.getValidators(workspaceName);
+ List<? extends ValidatorProvider> validators =
+ sc.getValidators(workspaceName, getCommitSubject());
if (!validators.isEmpty()) {
commitHooks.add(new EditorHook(CompositeEditorProvider.compose(validators)));
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java?rev=1524828&r1=1524827&r2=1524828&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java Thu Sep 19 20:38:54 2013
@@ -20,10 +20,13 @@ import java.security.Principal;
import java.util.Collections;
import java.util.List;
import java.util.Set;
+
import javax.annotation.Nonnull;
import javax.jcr.security.AccessControlManager;
+import javax.security.auth.Subject;
import com.google.common.collect.ImmutableList;
+
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.oak.api.Root;
@@ -92,10 +95,11 @@ public class AuthorizationConfigurationI
}
@Override
- public List<ValidatorProvider> getValidators(String workspaceName) {
+ public List<ValidatorProvider> getValidators(
+ String workspaceName, Subject subject) {
return ImmutableList.of(
new PermissionStoreValidatorProvider(),
- new PermissionValidatorProvider(getSecurityProvider()),
+ new PermissionValidatorProvider(getSecurityProvider(), subject),
new AccessControlValidatorProvider(getSecurityProvider()));
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java?rev=1524828&r1=1524827&r2=1524828&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java Thu Sep 19 20:38:54 2013
@@ -16,7 +16,6 @@
*/
package org.apache.jackrabbit.oak.security.authorization.permission;
-import java.security.AccessController;
import javax.annotation.Nonnull;
import javax.security.auth.Subject;
@@ -45,17 +44,22 @@ public class PermissionValidatorProvider
private final AuthorizationConfiguration acConfig;
private final long jr2Permissions;
+ private final Subject subject;
+
private ReadOnlyNodeTypeManager ntMgr;
private Context acCtx;
private Context userCtx;
- public PermissionValidatorProvider(SecurityProvider securityProvider) {
+ public PermissionValidatorProvider(
+ SecurityProvider securityProvider, Subject subject) {
this.securityProvider = securityProvider;
this.acConfig = securityProvider.getConfiguration(AuthorizationConfiguration.class);
ConfigurationParameters params = acConfig.getParameters();
String compatValue = params.getConfigValue(PermissionConstants.PARAM_PERMISSIONS_JR2, null, String.class);
jr2Permissions = Permissions.getPermissions(compatValue);
+
+ this.subject = subject;
}
//--------------------------------------------------< ValidatorProvider >---
@@ -97,7 +101,6 @@ public class PermissionValidatorProvider
}
private PermissionProvider getPermissionProvider() {
- Subject subject = Subject.getSubject(AccessController.getContext());
if (subject == null || subject.getPublicCredentials(PermissionProvider.class).isEmpty()) {
throw new IllegalStateException("Unable to validate permissions; no permission provider associated with the commit call.");
} else {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java?rev=1524828&r1=1524827&r2=1524828&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java Thu Sep 19 20:38:54 2013
@@ -18,7 +18,9 @@ package org.apache.jackrabbit.oak.securi
import java.util.Collections;
import java.util.List;
+
import javax.annotation.Nonnull;
+import javax.security.auth.Subject;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Service;
@@ -68,7 +70,8 @@ public class PrivilegeConfigurationImpl
@Nonnull
@Override
- public List<? extends ValidatorProvider> getValidators(String workspaceName) {
+ public List<? extends ValidatorProvider> getValidators(
+ String workspaceName, Subject subject) {
return Collections.singletonList(new PrivilegeValidatorProvider());
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java?rev=1524828&r1=1524827&r2=1524828&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java Thu Sep 19 20:38:54 2013
@@ -18,7 +18,9 @@ package org.apache.jackrabbit.oak.securi
import java.util.Collections;
import java.util.List;
+
import javax.annotation.Nonnull;
+import javax.security.auth.Subject;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Service;
@@ -64,7 +66,8 @@ public class UserConfigurationImpl exten
@Nonnull
@Override
- public List<? extends ValidatorProvider> getValidators(String workspaceName) {
+ public List<? extends ValidatorProvider> getValidators(
+ String workspaceName, Subject subject) {
return Collections.singletonList(new UserValidatorProvider(getParameters()));
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java?rev=1524828&r1=1524827&r2=1524828&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java Thu Sep 19 20:38:54 2013
@@ -18,7 +18,9 @@ package org.apache.jackrabbit.oak.spi.se
import java.util.Collections;
import java.util.List;
+
import javax.annotation.Nonnull;
+import javax.security.auth.Subject;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
@@ -73,7 +75,8 @@ public interface SecurityConfiguration {
List<? extends CommitHook> getCommitHooks(String workspaceName);
@Nonnull
- List<? extends ValidatorProvider> getValidators(String workspaceName);
+ List<? extends ValidatorProvider> getValidators(
+ String workspaceName, Subject subject);
@Nonnull
List<ProtectedItemImporter> getProtectedItemImporters();
@@ -119,7 +122,8 @@ public interface SecurityConfiguration {
@Nonnull
@Override
- public List<? extends ValidatorProvider> getValidators(String workspaceName) {
+ public List<? extends ValidatorProvider> getValidators(
+ String workspaceName, Subject subject) {
return Collections.emptyList();
}