You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2010/10/12 17:37:08 UTC
svn commit: r1021801 - in /jackrabbit/trunk/jackrabbit-core/src:
main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
Author: angela
Date: Tue Oct 12 15:37:08 2010
New Revision: 1021801
URL: http://svn.apache.org/viewvc?rev=1021801&view=rev
Log:
JCR-2748 - commit patch provided by Justin Edelson with minor modifications.
Modified:
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java?rev=1021801&r1=1021800&r2=1021801&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserAccessControlProvider.java Tue Oct 12 15:37:08 2010
@@ -25,6 +25,7 @@ import org.apache.jackrabbit.core.Sessio
import org.apache.jackrabbit.core.id.ItemId;
import org.apache.jackrabbit.core.nodetype.NodeTypeImpl;
import org.apache.jackrabbit.core.observation.SynchronousEventListener;
+import org.apache.jackrabbit.core.security.AnonymousPrincipal;
import org.apache.jackrabbit.core.security.SecurityConstants;
import org.apache.jackrabbit.core.security.authorization.AbstractAccessControlProvider;
import org.apache.jackrabbit.core.security.authorization.AbstractCompiledPermissions;
@@ -88,6 +89,17 @@ public class UserAccessControlProvider e
implements UserConstants {
private static Logger log = LoggerFactory.getLogger(UserAccessControlProvider.class);
+
+ /**
+ * Constant for the name of the configuration option "anonymousId".
+ * The option is a flag indicating the name of the anonymous user id.
+ */
+ public static final String PARAM_ANONYMOUS_ID = "anonymousId";
+
+ /**
+ * Constant for the name of the configuration option "anonymousAccess".
+ */
+ public static final String PARAM_ANONYMOUS_ACCESS = "anonymousAccess";
private final AccessControlPolicy policy;
@@ -101,6 +113,9 @@ public class UserAccessControlProvider e
private String groupAdminGroupPath;
private String administratorsGroupPath;
private boolean membersInProperty;
+
+ private String anonymousId;
+ private boolean anonymousAccess;
/**
*
@@ -164,6 +179,18 @@ public class UserAccessControlProvider e
membersInProperty = (!(uMgr instanceof UserManagerImpl)) || ((UserManagerImpl) uMgr).getGroupMembershipSplitSize() <= 0;
+ if (configuration.containsKey(PARAM_ANONYMOUS_ID)) {
+ anonymousId = (String) configuration.get(PARAM_ANONYMOUS_ID);
+ } else {
+ anonymousId = SecurityConstants.ANONYMOUS_ID;
+ }
+
+ if (configuration.containsKey(PARAM_ANONYMOUS_ACCESS)) {
+ anonymousAccess = Boolean.parseBoolean((String) configuration.get(PARAM_ANONYMOUS_ACCESS));
+ } else {
+ anonymousAccess = true;
+ }
+
} else {
throw new RepositoryException("SessionImpl (system session) expected.");
}
@@ -205,6 +232,10 @@ public class UserAccessControlProvider e
if (isAdminOrSystem(principals)) {
return getAdminPermissions();
} else {
+ if (!anonymousAccess && isAnonymous(principals)) {
+ return CompiledPermissions.NO_PERMISSION;
+ }
+
// determined the 'user' present in the given set of principals.
ItemBasedPrincipal userPrincipal = getUserPrincipal(principals);
NodeImpl userNode = getUserNode(userPrincipal);
@@ -223,6 +254,9 @@ public class UserAccessControlProvider e
*/
public boolean canAccessRoot(Set<Principal> principals) throws RepositoryException {
checkInitialized();
+ if (!anonymousAccess && isAnonymous(principals)) {
+ return false;
+ }
return true;
}
@@ -314,6 +348,17 @@ public class UserAccessControlProvider e
return null;
}
+ private boolean isAnonymous(Set<Principal> principals) {
+ for (Principal p : principals) {
+ if (p instanceof AnonymousPrincipal) {
+ return true;
+ } else if (p.getName().equals(anonymousId)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
//--------------------------------------------------------< inner class >---
/**
*
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java?rev=1021801&r1=1021800&r2=1021801&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.java Tue Oct 12 15:37:08 2010
@@ -19,8 +19,10 @@ package org.apache.jackrabbit.core.secur
import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.api.security.user.AbstractUserTest;
import org.apache.jackrabbit.api.security.user.User;
+import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.RepositoryImpl;
import org.apache.jackrabbit.core.SessionImpl;
+import org.apache.jackrabbit.core.security.SecurityConstants;
import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.core.security.authorization.CompiledPermissions;
import org.apache.jackrabbit.core.security.authorization.Permission;
@@ -30,10 +32,14 @@ import org.apache.jackrabbit.test.NotExe
import javax.jcr.RepositoryException;
import javax.jcr.Session;
+import javax.jcr.SimpleCredentials;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
import java.util.List;
+import java.util.Map;
import java.util.Set;
/**
@@ -67,6 +73,15 @@ public class UserAccessControlProviderTe
super.cleanUp();
}
+ private Set<Principal> getAnonymousPrincipals() throws RepositoryException {
+ SessionImpl s = ((SessionImpl) getHelper().getRepository().login(new SimpleCredentials(SecurityConstants.ANONYMOUS_ID, "".toCharArray())));
+ try {
+ return new HashSet<Principal>(s.getSubject().getPrincipals());
+ } finally {
+ s.logout();
+ }
+ }
+
/**
* @see <a href="https://issues.apache.org/jira/browse/JCR-2630">JCR-2630</a>
*/
@@ -128,4 +143,70 @@ public class UserAccessControlProviderTe
}
}
}
+
+ public void testAnonymousDefaultAccess() throws Exception {
+ Set<Principal> anonymousPrincipals = getAnonymousPrincipals();
+
+ assertTrue(provider.canAccessRoot(anonymousPrincipals));
+
+ CompiledPermissions cp = provider.compilePermissions(anonymousPrincipals);
+ assertTrue(cp.canReadAll());
+ assertFalse(CompiledPermissions.NO_PERMISSION.equals(cp));
+ }
+
+ public void testAnonymousAccessDenied() throws Exception {
+ Map<String, String> config = new HashMap<String, String>();
+ config.put(UserAccessControlProvider.PARAM_ANONYMOUS_ACCESS, "false");
+
+ AccessControlProvider p2 = new UserAccessControlProvider();
+ try {
+ p2.init(s, config);
+
+ Set<Principal> anonymousPrincipals = getAnonymousPrincipals();
+
+ assertFalse(p2.canAccessRoot(anonymousPrincipals));
+
+ CompiledPermissions cp = p2.compilePermissions(anonymousPrincipals);
+ try {
+ assertEquals(CompiledPermissions.NO_PERMISSION, cp);
+ assertFalse(cp.canReadAll());
+ assertFalse(cp.grants(((NodeImpl) s.getRootNode()).getPrimaryPath(), Permission.READ));
+ } finally {
+ cp.close();
+ }
+ } finally {
+ p2.close();
+ }
+ }
+
+ public void testAnonymousAccessDenied2() throws Exception {
+ Map<String, String> config = new HashMap<String, String>();
+ config.put(UserAccessControlProvider.PARAM_ANONYMOUS_ACCESS, "false");
+ config.put(UserAccessControlProvider.PARAM_ANONYMOUS_ID, "abc");
+
+ AccessControlProvider p2 = new UserAccessControlProvider();
+ try {
+ p2.init(s, config);
+
+ Principal princ = new Principal() {
+ public String getName() {
+ return "abc";
+ }
+ };
+ Set<Principal> anonymousPrincipals = Collections.singleton(princ);
+
+ assertFalse(p2.canAccessRoot(anonymousPrincipals));
+
+ CompiledPermissions cp = p2.compilePermissions(anonymousPrincipals);
+ try {
+ assertEquals(CompiledPermissions.NO_PERMISSION, cp);
+ assertFalse(cp.canReadAll());
+ assertFalse(cp.grants(((NodeImpl) s.getRootNode()).getPrimaryPath(), Permission.READ));
+ } finally {
+ cp.close();
+ }
+ } finally {
+ p2.close();
+ }
+ }
}
\ No newline at end of file