svn commit: r1861983 - in /jackrabbit/oak/trunk/oak-authorization-principalbased/src: main/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/

[an...@apache.org]

Author: angela
Date: Mon Jun 24 09:12:01 2019
New Revision: 1861983

URL: http://svn.apache.org/viewvc?rev=1861983&view=rev
Log:
OAK-8435 : FilterProviderImpl must have ConfigurationPolicy set

Modified:
    jackrabbit/oak/trunk/oak-authorization-principalbased/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImpl.java
    jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImplTest.java

Modified: jackrabbit/oak/trunk/oak-authorization-principalbased/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-principalbased/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImpl.java?rev=1861983&r1=1861982&r2=1861983&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-principalbased/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-principalbased/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImpl.java Mon Jun 24 09:12:01 2019
@@ -16,9 +16,11 @@
  */
 package org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;
 
+import com.google.common.base.Strings;
 import com.google.common.collect.Maps;
 import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
 import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.commons.PathUtils;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.principalbased.Filter;
@@ -31,6 +33,7 @@ import org.jetbrains.annotations.NotNull
 import org.jetbrains.annotations.Nullable;
 import org.osgi.service.component.annotations.Activate;
 import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.ConfigurationPolicy;
 import org.osgi.service.component.annotations.Modified;
 import org.osgi.service.metatype.annotations.AttributeDefinition;
 import org.osgi.service.metatype.annotations.Designate;
@@ -43,6 +46,8 @@ import java.security.Principal;
 import java.util.Map;
 import java.util.Set;
 
+import static com.google.common.base.Preconditions.checkState;
+
 /**
  * Implementation of the {@link org.apache.jackrabbit.oak.spi.security.authorization.principalbased.Filter} interface that
  * consists of the following two filtering conditions:
@@ -52,7 +57,7 @@ import java.util.Set;
  *     <li>All principals in the set must be located in the repository below the configured path.</li>
  * </ol>
  */
-@Component(service = {FilterProvider.class})
+@Component(service = {FilterProvider.class}, configurationPolicy = ConfigurationPolicy.REQUIRE)
 @Designate(ocd = FilterProviderImpl.Configuration.class)
 public class FilterProviderImpl implements FilterProvider {
 
@@ -60,7 +65,7 @@ public class FilterProviderImpl implemen
     @interface Configuration {
         @AttributeDefinition(
                 name = "Path",
-                description = "Required path underneath which all filtered principals must be located in the repository.")
+                description = "Required path underneath which all filtered system-user-principals must be located in the repository.")
         String path();
     }
 
@@ -103,9 +108,13 @@ public class FilterProviderImpl implemen
     }
 
     private void setPath(@NotNull Configuration configuration) {
-        this.oakPath = configuration.path();
+        checkState(isValidPath(configuration.path()), "Configured path must be a valid absolute path.");
+        oakPath = configuration.path();
     }
 
+    private static boolean isValidPath(@Nullable String path) {
+        return !Strings.isNullOrEmpty(path) && PathUtils.isAbsolute(path);
+    }
     //-------------------------------------------------------------< Filter >---
 
     private final class FilterImpl implements Filter {

Modified: jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImplTest.java?rev=1861983&r1=1861982&r2=1861983&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterProviderImplTest.java Mon Jun 24 09:12:01 2019
@@ -23,6 +23,8 @@ import org.apache.jackrabbit.oak.securit
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.authorization.principalbased.Filter;
 import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
+import org.apache.sling.testing.mock.osgi.junit.OsgiContext;
+import org.junit.Rule;
 import org.junit.Test;
 import org.mockito.Mockito;
 
@@ -40,6 +42,9 @@ public class FilterProviderImplTest {
 
     private static final String PATH = "/supported/path";
 
+    @Rule
+    public final OsgiContext context = new OsgiContext();
+
     private FilterProviderImpl provider = AbstractPrincipalBasedTest.createFilterProviderImpl(PATH);
 
     @Test
@@ -75,10 +80,33 @@ public class FilterProviderImplTest {
         assertEquals(PATH, fp.getFilterRoot());
     }
 
+    @Test(expected = IllegalStateException.class)
+    public void testActivateEmptyPath() {
+        FilterProviderImpl fp = new FilterProviderImpl();
+        fp.activate(when(mock(FilterProviderImpl.Configuration.class).path()).thenReturn("").getMock(), Collections.emptyMap());
+    }
+
+    @Test(expected = IllegalStateException.class)
+    public void testActivateNullPath() {
+        FilterProviderImpl fp = new FilterProviderImpl();
+        fp.activate(when(mock(FilterProviderImpl.Configuration.class).path()).thenReturn(null).getMock(), Collections.emptyMap());
+    }
+
+    @Test(expected = IllegalStateException.class)
+    public void testActivateRelativePath() {
+        FilterProviderImpl fp = new FilterProviderImpl();
+        fp.activate(when(mock(FilterProviderImpl.Configuration.class).path()).thenReturn("rel/path").getMock(), Collections.emptyMap());
+    }
+
     @Test
     public void testModified() {
         String modifiedPath = "/modified/path";
         provider.modified(when(mock(FilterProviderImpl.Configuration.class).path()).thenReturn(modifiedPath).getMock(), Collections.emptyMap());
         assertEquals(modifiedPath, provider.getFilterRoot());
     }
+
+    @Test(expected = RuntimeException.class)
+    public void testActivateServiceMissingConfiguration() {
+        context.registerInjectActivateService(new FilterProviderImpl());
+    }
 }
\ No newline at end of file