You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by tr...@apache.org on 2009/09/02 23:25:46 UTC
svn commit: r810701 - in /jackrabbit/trunk:
jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/
jackrabbit-core/src/main/java/org/apache/jackrabbit/core/
jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authoriza...
Author: tripod
Date: Wed Sep 2 21:25:45 2009
New Revision: 810701
URL: http://svn.apache.org/viewvc?rev=810701&view=rev
Log:
JCR-2289 Allow importing of ACL with unknown principals
Added:
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/FallbackPrincipalProvider.java (with props)
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/UnknownPrincipal.java (with props)
Removed:
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/NoSuchPrincipalException.java
Modified:
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ProviderRegistryImpl.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/xml/AccessControlImporter.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/xml/AccessControlImporterTest.java
Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/PrincipalManager.java Wed Sep 2 21:25:45 2009
@@ -80,10 +80,9 @@
* <code>PrincipalManager</code> has been built for.
*
* @param principalName the name of the principal to retrieve
- * @return return the requested principal.
- * @throws NoSuchPrincipalException If no principal with the given name exists.
+ * @return return the requested principal or <code>null</code> if not exists
*/
- Principal getPrincipal(String principalName) throws NoSuchPrincipalException;
+ Principal getPrincipal(String principalName);
/**
* Gets the principals matching a simple filter expression applied against
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/DefaultSecurityManager.java Wed Sep 2 21:25:45 2009
@@ -62,6 +62,7 @@
import org.apache.jackrabbit.core.security.principal.PrincipalProvider;
import org.apache.jackrabbit.core.security.principal.PrincipalProviderRegistry;
import org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl;
+import org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider;
import org.apache.jackrabbit.core.security.user.UserManagerImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -233,6 +234,15 @@
principalProviderRegistry.registerProvider(props);
}
+ // add fallback PP if needed. currently disabled.
+ /*
+ if (principalProviderRegistry.getProvider(FallbackPrincipalProvider.class.getName()) == null) {
+ Properties props = new Properties();
+ props.setProperty(LoginModuleConfig.PARAM_PRINCIPAL_PROVIDER_CLASS, FallbackPrincipalProvider.class.getName());
+ principalProviderRegistry.registerProvider(props);
+ }
+ */
+
// create the principal manager for the security workspace
systemPrincipalManager = new PrincipalManagerImpl(securitySession, principalProviderRegistry.getProviders());
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java Wed Sep 2 21:25:45 2009
@@ -34,7 +34,6 @@
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
-import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.SessionImpl;
@@ -44,6 +43,7 @@
import org.apache.jackrabbit.core.security.authorization.Permission;
import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
+import org.apache.jackrabbit.core.security.principal.UnknownPrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -115,14 +115,7 @@
NodeImpl aceNode = (NodeImpl) itr.nextNode();
try {
String principalName = aceNode.getProperty(AccessControlConstants.P_PRINCIPAL_NAME).getString();
- Principal princ = null;
- if (principalMgr.hasPrincipal(principalName)) {
- try {
- princ = principalMgr.getPrincipal(principalName);
- } catch (NoSuchPrincipalException e) {
- // should not get here.
- }
- }
+ Principal princ = principalMgr.getPrincipal(principalName);
if (princ == null) {
log.debug("Principal with name " + principalName + " unknown to PrincipalManager.");
princ = new PrincipalImpl(principalName);
@@ -169,14 +162,7 @@
String principalName = aceNode.getProperty(AccessControlConstants.P_PRINCIPAL_NAME).getString();
// only process aceNode if 'principalName' is contained in the given set
if (princToEntries.containsKey(principalName)) {
- Principal princ = null;
- if (principalMgr.hasPrincipal(principalName)) {
- try {
- princ = principalMgr.getPrincipal(principalName);
- } catch (NoSuchPrincipalException e) {
- // should not get here
- }
- }
+ Principal princ = principalMgr.getPrincipal(principalName);
if (princ == null) {
log.warn("Principal with name " + principalName + " unknown to PrincipalManager.");
princ = new PrincipalImpl(principalName);
@@ -287,9 +273,10 @@
if (restrictions != null && !restrictions.isEmpty()) {
throw new AccessControlException("This AccessControlList does not allow for additional restrictions.");
}
-
// validate principal
- if (!principalMgr.hasPrincipal(principal.getName())) {
+ if (principal instanceof UnknownPrincipal) {
+ log.debug("Consider fallback principal as valid: {}", principal.getName());
+ } else if (!principalMgr.hasPrincipal(principal.getName())) {
throw new AccessControlException("Principal " + principal.getName() + " does not exist.");
}
}
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java Wed Sep 2 21:25:45 2009
@@ -380,11 +380,7 @@
private Principal getPrincipal(String pathToACNode) throws RepositoryException {
String name = getPrincipalName(pathToACNode);
PrincipalManager pMgr = session.getPrincipalManager();
- if (pMgr.hasPrincipal(name)) {
- return pMgr.getPrincipal(name);
- } else {
- return null;
- }
+ return pMgr.getPrincipal(name);
}
private static String getPrincipalName(String pathToACNode) {
Added: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/FallbackPrincipalProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/FallbackPrincipalProvider.java?rev=810701&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/FallbackPrincipalProvider.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/FallbackPrincipalProvider.java Wed Sep 2 21:25:45 2009
@@ -0,0 +1,109 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.principal;
+
+import java.security.Principal;
+import java.util.Properties;
+
+import javax.jcr.Session;
+
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+
+/**
+ * The <code>FallbackPrincipalProvider</code> is used to provide any desired
+ * principal. It is used to defined ACE for principals that are not known to
+ * the repository yet or that were deleted.
+ */
+public class FallbackPrincipalProvider implements PrincipalProvider {
+
+ /**
+ * name of the "disabled" option.
+ */
+ public static final String OPTION_DISABLED = "disabled";
+
+ /**
+ * If <code>true</code> this principal provider is disabled.
+ */
+ private boolean disabled;
+
+ /**
+ * {@inheritDoc}
+ *
+ * @return a {@link UnknownPrincipal} with the given name.
+ */
+ public Principal getPrincipal(String principalName) {
+ return disabled ? null : new UnknownPrincipal(principalName);
+ }
+
+ /**
+ * {@inheritDoc}
+ *
+ * @return an empty principal iterator
+ */
+ public PrincipalIterator findPrincipals(String simpleFilter) {
+ return PrincipalIteratorAdapter.EMPTY;
+ }
+
+ /**
+ * {@inheritDoc}
+ *
+ * @return an empty principal iterator
+ */
+ public PrincipalIterator findPrincipals(String simpleFilter, int searchType) {
+ return PrincipalIteratorAdapter.EMPTY;
+ }
+
+ /**
+ * {@inheritDoc}
+ *
+ * @return an empty principal iterator
+ */
+ public PrincipalIterator getPrincipals(int searchType) {
+ return PrincipalIteratorAdapter.EMPTY;
+ }
+
+ /**
+ * {@inheritDoc}
+ *
+ * @return an empty principal iterator
+ */
+ public PrincipalIterator getGroupMembership(Principal principal) {
+ return PrincipalIteratorAdapter.EMPTY;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void init(Properties options) {
+ disabled = "true".equals(options.get(OPTION_DISABLED));
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public void close() {
+ }
+
+ /**
+ * {@inheritDoc}
+ *
+ * @return <code>true</code>
+ */
+ public boolean canReadPrincipal(Session session, Principal principalToRead) {
+ return true;
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/FallbackPrincipalProvider.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/FallbackPrincipalProvider.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision Rev Url
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/PrincipalManagerImpl.java Wed Sep 2 21:25:45 2009
@@ -16,13 +16,6 @@
*/
package org.apache.jackrabbit.core.security.principal;
-import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
-import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
-import org.apache.jackrabbit.api.security.principal.PrincipalManager;
-import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
-
-import javax.jcr.RepositoryException;
-import javax.jcr.Session;
import java.security.Principal;
import java.security.acl.Group;
import java.util.ArrayList;
@@ -31,6 +24,13 @@
import java.util.Iterator;
import java.util.List;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+
+import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
+import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+
/**
* This principal manager implementation uses the {@link DefaultPrincipalProvider}
* in order to dispatch the respective requests and assemble the required
@@ -69,14 +69,8 @@
/**
* {@inheritDoc}
*/
- public Principal getPrincipal(String principalName) throws NoSuchPrincipalException {
- Principal p = internalGetPrincipal(principalName);
- if (p == null) {
- // not found (or access denied)
- throw new NoSuchPrincipalException("Unknown principal " + principalName);
- } else {
- return p;
- }
+ public Principal getPrincipal(String principalName) {
+ return internalGetPrincipal(principalName);
}
/**
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ProviderRegistryImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ProviderRegistryImpl.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ProviderRegistryImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/ProviderRegistryImpl.java Wed Sep 2 21:25:45 2009
@@ -16,17 +16,18 @@
*/
package org.apache.jackrabbit.core.security.principal;
+import java.util.Collection;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.jcr.RepositoryException;
+
import org.apache.jackrabbit.core.config.BeanConfig;
import org.apache.jackrabbit.core.config.LoginModuleConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.jcr.RepositoryException;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Properties;
-
/**
* This is the default implementation of the {@link PrincipalProviderRegistry}
* interface.
@@ -37,7 +38,7 @@
private static final Logger log = LoggerFactory.getLogger(ProviderRegistryImpl.class);
private final PrincipalProvider defaultPrincipalProvider;
- private final Map<String, PrincipalProvider> providers = new HashMap<String, PrincipalProvider>();
+ private final Map<String, PrincipalProvider> providers = new LinkedHashMap<String, PrincipalProvider>();
/**
* Create an instance of <code>ProviderRegistryImpl</code> with the given
Added: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/UnknownPrincipal.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/UnknownPrincipal.java?rev=810701&view=auto
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/UnknownPrincipal.java (added)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/UnknownPrincipal.java Wed Sep 2 21:25:45 2009
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.core.security.principal;
+
+/**
+ * Implements a principal that is used by the ACL importer for unknown
+ * principals.
+ */
+public class UnknownPrincipal extends PrincipalImpl {
+
+ public UnknownPrincipal(String name) {
+ super(name);
+ }
+}
\ No newline at end of file
Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/UnknownPrincipal.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/principal/UnknownPrincipal.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision Rev Url
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/simple/SimpleSecurityManager.java Wed Sep 2 21:25:45 2009
@@ -16,6 +16,25 @@
*/
package org.apache.jackrabbit.core.security.simple;
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Properties;
+import java.util.Set;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.Credentials;
+import javax.jcr.Repository;
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
+import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.security.auth.Subject;
+
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.UserManager;
@@ -27,14 +46,14 @@
import org.apache.jackrabbit.core.config.SecurityManagerConfig;
import org.apache.jackrabbit.core.security.AMContext;
import org.apache.jackrabbit.core.security.AccessManager;
-import org.apache.jackrabbit.core.security.JackrabbitSecurityManager;
-import org.apache.jackrabbit.core.security.UserPrincipal;
import org.apache.jackrabbit.core.security.AnonymousPrincipal;
+import org.apache.jackrabbit.core.security.JackrabbitSecurityManager;
import org.apache.jackrabbit.core.security.SecurityConstants;
-import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
-import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.core.security.UserPrincipal;
import org.apache.jackrabbit.core.security.authentication.AuthContext;
import org.apache.jackrabbit.core.security.authentication.AuthContextProvider;
+import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
+import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
import org.apache.jackrabbit.core.security.principal.AdminPrincipal;
import org.apache.jackrabbit.core.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.core.security.principal.PrincipalIteratorAdapter;
@@ -45,24 +64,6 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.jcr.AccessDeniedException;
-import javax.jcr.Credentials;
-import javax.jcr.Repository;
-import javax.jcr.RepositoryException;
-import javax.jcr.Session;
-import javax.jcr.UnsupportedRepositoryOperationException;
-import javax.jcr.SimpleCredentials;
-import javax.security.auth.Subject;
-import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-import java.util.Iterator;
-
/**
* <code>SimpleSecurityManager</code>: simple implementation ignoring both
* configuration entries for 'principalProvider' and for 'workspaceAccessManager'.
@@ -144,13 +145,13 @@
Properties[] moduleConfig = authCtxProvider.getModuleConfig();
- // retrieve default-ids (admin and anomymous) from login-module-configuration.
- for (int i = 0; i < moduleConfig.length; i++) {
- if (moduleConfig[i].containsKey(LoginModuleConfig.PARAM_ADMIN_ID)) {
- adminID = moduleConfig[i].getProperty(LoginModuleConfig.PARAM_ADMIN_ID);
+ // retrieve default-ids (admin and anonymous) from login-module-configuration.
+ for (Properties aModuleConfig1 : moduleConfig) {
+ if (aModuleConfig1.containsKey(LoginModuleConfig.PARAM_ADMIN_ID)) {
+ adminID = aModuleConfig1.getProperty(LoginModuleConfig.PARAM_ADMIN_ID);
}
- if (moduleConfig[i].containsKey(LoginModuleConfig.PARAM_ANONYMOUS_ID)) {
- anonymID = moduleConfig[i].getProperty(LoginModuleConfig.PARAM_ANONYMOUS_ID);
+ if (aModuleConfig1.containsKey(LoginModuleConfig.PARAM_ANONYMOUS_ID)) {
+ anonymID = aModuleConfig1.getProperty(LoginModuleConfig.PARAM_ANONYMOUS_ID);
}
}
// fallback:
@@ -169,8 +170,8 @@
// skip init of provider (nop)
principalProviderRegistry = new ProviderRegistryImpl(principalProvider);
// register all configured principal providers.
- for (int i = 0; i < moduleConfig.length; i++) {
- principalProviderRegistry.registerProvider(moduleConfig[i]);
+ for (Properties aModuleConfig : moduleConfig) {
+ principalProviderRegistry.registerProvider(aModuleConfig);
}
SecurityManagerConfig smc = config.getSecurityManagerConfig();
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java Wed Sep 2 21:25:45 2009
@@ -16,8 +16,23 @@
*/
package org.apache.jackrabbit.core.security.user;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.jcr.ItemNotFoundException;
+import javax.jcr.PathNotFoundException;
+import javax.jcr.Property;
+import javax.jcr.PropertyIterator;
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import javax.jcr.nodetype.ConstraintViolationException;
+import javax.jcr.nodetype.PropertyDefinition;
+
import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
-import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
@@ -34,21 +49,6 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.jcr.ItemNotFoundException;
-import javax.jcr.PathNotFoundException;
-import javax.jcr.Property;
-import javax.jcr.PropertyIterator;
-import javax.jcr.RepositoryException;
-import javax.jcr.Value;
-import javax.jcr.nodetype.ConstraintViolationException;
-import javax.jcr.nodetype.PropertyDefinition;
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.List;
-
/**
* AuthorizableImpl
*/
@@ -87,14 +87,7 @@
PrincipalManager prMgr = getSession().getPrincipalManager();
for (Object o : getRefereeValues()) {
String refName = ((Value) o).getString();
- Principal princ = null;
- if (prMgr.hasPrincipal(refName)) {
- try {
- princ = prMgr.getPrincipal(refName);
- } catch (NoSuchPrincipalException e) {
- // should not get here
- }
- }
+ Principal princ = prMgr.getPrincipal(refName);
if (princ == null) {
log.warn("Principal " + refName + " unknown to PrincipalManager.");
princ = new PrincipalImpl(refName);
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/ImpersonationImpl.java Wed Sep 2 21:25:45 2009
@@ -24,7 +24,6 @@
import javax.jcr.Value;
import javax.security.auth.Subject;
-import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
@@ -67,14 +66,7 @@
Set<Principal> s = new HashSet<Principal>();
for (String pName: impersonators) {
- Principal p = null;
- if (pMgr.hasPrincipal(pName)) {
- try {
- p = pMgr.getPrincipal(pName);
- } catch (NoSuchPrincipalException e) {
- // should never get here.
- }
- }
+ Principal p = pMgr.getPrincipal(pName);
if (p == null) {
log.debug("Impersonator " + pName + " does not correspond to a known Principal.");
p = new PrincipalImpl(pName);
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/xml/AccessControlImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/xml/AccessControlImporter.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/xml/AccessControlImporter.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/xml/AccessControlImporter.java Wed Sep 2 21:25:45 2009
@@ -16,35 +16,37 @@
*/
package org.apache.jackrabbit.core.xml;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.apache.jackrabbit.core.NodeImpl;
-import org.apache.jackrabbit.core.id.NodeId;
-import org.apache.jackrabbit.core.state.NodeState;
-import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
-import org.apache.jackrabbit.spi.Name;
-import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
-import org.apache.jackrabbit.api.JackrabbitSession;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.Stack;
+import javax.jcr.PropertyType;
import javax.jcr.RepositoryException;
import javax.jcr.UnsupportedRepositoryOperationException;
-import javax.jcr.PropertyType;
import javax.jcr.Value;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.jcr.security.AccessControlManager;
-import javax.jcr.security.Privilege;
import javax.jcr.security.AccessControlPolicy;
-import java.util.List;
-import java.util.Map;
-import java.util.HashMap;
-import java.util.Stack;
-import java.util.Set;
-import java.util.HashSet;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.security.Principal;
+import javax.jcr.security.Privilege;
+
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
+import org.apache.jackrabbit.core.NodeImpl;
+import org.apache.jackrabbit.core.id.NodeId;
+import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.core.security.principal.UnknownPrincipal;
+import org.apache.jackrabbit.core.state.NodeState;
+import org.apache.jackrabbit.spi.Name;
+import org.apache.jackrabbit.spi.commons.conversion.NamePathResolver;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* <code>AccessControlImporter</code> implements a
@@ -282,7 +284,12 @@
if (values == null || values.length != 1) {
throw new ConstraintViolationException("");
}
- principal = session.getPrincipalManager().getPrincipal(values[0].getString());
+ String pName = values[0].getString();
+ principal = session.getPrincipalManager().getPrincipal(pName);
+ if (principal == null) {
+ // create "fake" principal
+ principal = new UnknownPrincipal(pName);
+ }
} else if (AccessControlConstants.P_PRIVILEGES.equals(name)) {
Value[] values = pInfo.getValues(PropertyType.NAME, resolver);
privileges = new Privilege[values.length];
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/xml/AccessControlImporterTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/xml/AccessControlImporterTest.java?rev=810701&r1=810700&r2=810701&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/xml/AccessControlImporterTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/xml/AccessControlImporterTest.java Wed Sep 2 21:25:45 2009
@@ -119,6 +119,36 @@
"</sv:node>" +
"</sv:node>";
+ private static final String XML_POLICY_TREE_4 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<sv:node sv:name=\"rep:policy\" " +
+ "xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\">" +
+ "<sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
+ "<sv:value>rep:ACL</sv:value>" +
+ "</sv:property>" +
+ "<sv:node sv:name=\"allow\">" +
+ "<sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
+ "<sv:value>rep:GrantACE</sv:value>" +
+ "</sv:property>" +
+ "<sv:property sv:name=\"rep:principalName\" sv:type=\"String\">" +
+ "<sv:value>unknownprincipal</sv:value>" +
+ "</sv:property>" +
+ "<sv:property sv:name=\"rep:privileges\" sv:type=\"Name\">" +
+ "<sv:value>jcr:write</sv:value>" +
+ "</sv:property>" +
+ "</sv:node>" +
+ "<sv:node sv:name=\"allow0\">" +
+ "<sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\">" +
+ "<sv:value>rep:GrantACE</sv:value>" +
+ "</sv:property>" +
+ "<sv:property sv:name=\"rep:principalName\" sv:type=\"String\">" +
+ "<sv:value>admin</sv:value>" +
+ "</sv:property>" +
+ "<sv:property sv:name=\"rep:privileges\" sv:type=\"Name\">" +
+ "<sv:value>jcr:write</sv:value>" +
+ "</sv:property>" +
+ "</sv:node>" +
+ "</sv:node>";
+
private static final String XML_POLICY_TREE_2 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:policy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:ACL</sv:value></sv:property><sv:node sv:name=\"allow\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:GrantACE</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>everyone</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\"><sv:value>jcr:write</sv:value></sv:property></sv:node></sv:node>";
@@ -269,7 +299,51 @@
if(entry instanceof JackrabbitAccessControlEntry) {
assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
}
+ } finally {
+ superuser.refresh(false);
+ }
+ }
+ /**
+ * Imports a resource-based ACL containing a single entry.
+ *
+ * @throws Exception
+ */
+ public void testImportACLUnknown() throws Exception {
+ try {
+ NodeImpl target = (NodeImpl) testRootNode.addNode(nodeName1);
+ target.addMixin("rep:AccessControllable");
+
+ InputStream in = new ByteArrayInputStream(XML_POLICY_TREE_4.getBytes("UTF-8"));
+ SessionImporter importer = new SessionImporter(target, sImpl,
+ ImportUUIDBehavior.IMPORT_UUID_COLLISION_THROW, piImporter, null);
+ ImportHandler ih = new ImportHandler(importer, sImpl);
+ new ParsingContentHandler(ih).parse(in);
+
+ String path = target.getPath();
+
+ AccessControlManager acMgr = sImpl.getAccessControlManager();
+ AccessControlPolicy[] policies = acMgr.getPolicies(path);
+
+ assertEquals(1, policies.length);
+ assertTrue(policies[0] instanceof JackrabbitAccessControlList);
+
+ AccessControlEntry[] entries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
+ assertEquals(2, entries.length);
+
+ AccessControlEntry entry = entries[0];
+ assertEquals("unknownprincipal", entry.getPrincipal().getName());
+ assertEquals(1, entry.getPrivileges().length);
+ assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
+
+ entry = entries[1];
+ assertEquals("admin", entry.getPrincipal().getName());
+ assertEquals(1, entry.getPrivileges().length);
+ assertEquals(acMgr.privilegeFromName(Privilege.JCR_WRITE), entry.getPrivileges()[0]);
+
+ if(entry instanceof JackrabbitAccessControlEntry) {
+ assertTrue(((JackrabbitAccessControlEntry) entry).isAllow());
+ }
} finally {
superuser.refresh(false);
}