You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2019/06/24 09:12:01 UTC
svn commit: r1861983 - in
/jackrabbit/oak/trunk/oak-authorization-principalbased/src:
main/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/
test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/
Author: angela
Date: Mon Jun 24 09:12:01 2019
New Revision: 1861983
URL: http://svn.apache.org/viewvc?rev=1861983&view=rev
Log:
OAK-8435 : FilterProviderImpl must have ConfigurationPolicy set
Modified:
jackrabbit/oak/trunk/oak-authorization-principalbased/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImpl.java
jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImplTest.java
Modified: jackrabbit/oak/trunk/oak-authorization-principalbased/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-principalbased/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImpl.java?rev=1861983&r1=1861982&r2=1861983&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-principalbased/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-principalbased/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImpl.java Mon Jun 24 09:12:01 2019
@@ -16,9 +16,11 @@
*/
package org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;
+import com.google.common.base.Strings;
import com.google.common.collect.Maps;
import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.principalbased.Filter;
@@ -31,6 +33,7 @@ import org.jetbrains.annotations.NotNull
import org.jetbrains.annotations.Nullable;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Modified;
import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.Designate;
@@ -43,6 +46,8 @@ import java.security.Principal;
import java.util.Map;
import java.util.Set;
+import static com.google.common.base.Preconditions.checkState;
+
/**
* Implementation of the {@link org.apache.jackrabbit.oak.spi.security.authorization.principalbased.Filter} interface that
* consists of the following two filtering conditions:
@@ -52,7 +57,7 @@ import java.util.Set;
* <li>All principals in the set must be located in the repository below the configured path.</li>
* </ol>
*/
-@Component(service = {FilterProvider.class})
+@Component(service = {FilterProvider.class}, configurationPolicy = ConfigurationPolicy.REQUIRE)
@Designate(ocd = FilterProviderImpl.Configuration.class)
public class FilterProviderImpl implements FilterProvider {
@@ -60,7 +65,7 @@ public class FilterProviderImpl implemen
@interface Configuration {
@AttributeDefinition(
name = "Path",
- description = "Required path underneath which all filtered principals must be located in the repository.")
+ description = "Required path underneath which all filtered system-user-principals must be located in the repository.")
String path();
}
@@ -103,9 +108,13 @@ public class FilterProviderImpl implemen
}
private void setPath(@NotNull Configuration configuration) {
- this.oakPath = configuration.path();
+ checkState(isValidPath(configuration.path()), "Configured path must be a valid absolute path.");
+ oakPath = configuration.path();
}
+ private static boolean isValidPath(@Nullable String path) {
+ return !Strings.isNullOrEmpty(path) && PathUtils.isAbsolute(path);
+ }
//-------------------------------------------------------------< Filter >---
private final class FilterImpl implements Filter {
Modified: jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImplTest.java?rev=1861983&r1=1861982&r2=1861983&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImplTest.java Mon Jun 24 09:12:01 2019
@@ -23,6 +23,8 @@ import org.apache.jackrabbit.oak.securit
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.principalbased.Filter;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
+import org.apache.sling.testing.mock.osgi.junit.OsgiContext;
+import org.junit.Rule;
import org.junit.Test;
import org.mockito.Mockito;
@@ -40,6 +42,9 @@ public class FilterProviderImplTest {
private static final String PATH = "/supported/path";
+ @Rule
+ public final OsgiContext context = new OsgiContext();
+
private FilterProviderImpl provider = AbstractPrincipalBasedTest.createFilterProviderImpl(PATH);
@Test
@@ -75,10 +80,33 @@ public class FilterProviderImplTest {
assertEquals(PATH, fp.getFilterRoot());
}
+ @Test(expected = IllegalStateException.class)
+ public void testActivateEmptyPath() {
+ FilterProviderImpl fp = new FilterProviderImpl();
+ fp.activate(when(mock(FilterProviderImpl.Configuration.class).path()).thenReturn("").getMock(), Collections.emptyMap());
+ }
+
+ @Test(expected = IllegalStateException.class)
+ public void testActivateNullPath() {
+ FilterProviderImpl fp = new FilterProviderImpl();
+ fp.activate(when(mock(FilterProviderImpl.Configuration.class).path()).thenReturn(null).getMock(), Collections.emptyMap());
+ }
+
+ @Test(expected = IllegalStateException.class)
+ public void testActivateRelativePath() {
+ FilterProviderImpl fp = new FilterProviderImpl();
+ fp.activate(when(mock(FilterProviderImpl.Configuration.class).path()).thenReturn("rel/path").getMock(), Collections.emptyMap());
+ }
+
@Test
public void testModified() {
String modifiedPath = "/modified/path";
provider.modified(when(mock(FilterProviderImpl.Configuration.class).path()).thenReturn(modifiedPath).getMock(), Collections.emptyMap());
assertEquals(modifiedPath, provider.getFilterRoot());
}
+
+ @Test(expected = RuntimeException.class)
+ public void testActivateServiceMissingConfiguration() {
+ context.registerInjectActivateService(new FilterProviderImpl());
+ }
}
\ No newline at end of file