You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2020/09/25 13:28:44 UTC
svn commit: r1882017 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol:
AccessControlImporter.java AccessControlManagerImpl.java
Author: angela
Date: Fri Sep 25 13:28:44 2020
New Revision: 1882017
URL: http://svn.apache.org/viewvc?rev=1882017&view=rev
Log:
OAK-9236 : AccessControlManagerImpl, AccessControlImporter: fix sonar findings
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporter.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporter.java?rev=1882017&r1=1882016&r2=1882017&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporter.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporter.java Fri Sep 25 13:28:44 2020
@@ -262,10 +262,13 @@ public class AccessControlImporter imple
log.debug("Unknown principal {} -> Ignoring this ACE.", principalName);
ignore = true;
break;
- case ImportBehavior.ABORT:
- throw new AccessControlException("Unknown principal " + principalName);
case ImportBehavior.BESTEFFORT:
principal = new PrincipalImpl(principalName);
+ break;
+ case ImportBehavior.ABORT:
+ default:
+ throw new AccessControlException("Unknown principal " + principalName);
+
}
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java?rev=1882017&r1=1882016&r2=1882017&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java Fri Sep 25 13:28:44 2020
@@ -396,7 +396,7 @@ public class AccessControlManagerImpl ex
Result aceResult = searchAces(principals, r);
Set<JackrabbitAccessControlList> effective = Sets.newTreeSet(new PolicyComparator());
- Set<String> paths = Sets.newHashSet();
+ Set<String> processed = Sets.newHashSet();
Predicate<Tree> predicate = new PrincipalPredicate(principals);
for (ResultRow row : aceResult.getRows()) {
String acePath = row.getPath();
@@ -409,13 +409,12 @@ public class AccessControlManagerImpl ex
}
String path = (REP_REPO_POLICY.equals(aclName)) ? null : accessControlledTree.getPath();
- if (paths.contains(path)) {
- continue;
- }
- JackrabbitAccessControlList policy = createACL(path, accessControlledTree, true, predicate);
- if (policy != null) {
- effective.add(policy);
- paths.add(path);
+ if (!processed.contains(path)) {
+ JackrabbitAccessControlList policy = createACL(path, accessControlledTree, true, predicate);
+ if (policy != null) {
+ effective.add(policy);
+ processed.add(path);
+ }
}
}
return effective.toArray(new AccessControlPolicy[0]);
@@ -622,16 +621,16 @@ public class AccessControlManagerImpl ex
if (PermissionUtil.isAdminOrSystem(ImmutableSet.of(principal), configParams)) {
log.warn("Attempt to create an ACE for an administrative principal which always has full access: {}", getPath());
- switch (Util.getImportBehavior(getConfig())) {
- case ImportBehavior.ABORT:
- throw new AccessControlException("Attempt to create an ACE for an administrative principal which always has full access.");
+ switch (importBehavior) {
case ImportBehavior.IGNORE:
return false;
case ImportBehavior.BESTEFFORT:
// just log warning, no other action required.
break;
+ case ImportBehavior.ABORT:
default :
- throw new IllegalArgumentException("Invalid import behavior" + importBehavior);
+ throw new AccessControlException("Attempt to create an ACE for an administrative principal which always has full access.");
+
}
}
return true;