You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/03/19 17:48:04 UTC
svn commit: r1458400 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/
oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/
oak-core/src/main/java/org/apache/jackrabbit/oak/spi/...
Author: angela
Date: Tue Mar 19 16:48:03 2013
New Revision: 1458400
URL: http://svn.apache.org/r1458400
Log:
OAK-527: permissions (wip)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java
jackrabbit/oak/trunk/oak-jcr/pom.xml
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionContext.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java Tue Mar 19 16:48:03 2013
@@ -90,8 +90,8 @@ public class AccessControlConfigurationI
//-----------------------------------------< AccessControlConfiguration >---
@Override
- public AccessControlManager getAccessControlManager(Root root, NamePathMapper namePathMapper) {
- return new AccessControlManagerImpl(root, namePathMapper, securityProvider);
+ public AccessControlManager getAccessControlManager(Root root, NamePathMapper namePathMapper, PermissionProvider permissionProvider) {
+ return new AccessControlManagerImpl(root, namePathMapper, securityProvider, permissionProvider);
}
@Nonnull
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java Tue Mar 19 16:48:03 2013
@@ -91,7 +91,7 @@ class AccessControlImporter implements P
this.namePathMapper = namePathMapper;
AccessControlConfiguration config = securityProvider.getAccessControlConfiguration();
if (isWorkspaceImport) {
- acMgr = config.getAccessControlManager(root, namePathMapper);
+ acMgr = config.getAccessControlManager(root, namePathMapper, null);
} else {
acMgr = session.getAccessControlManager();
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java Tue Mar 19 16:48:03 2013
@@ -16,7 +16,6 @@
*/
package org.apache.jackrabbit.oak.security.authorization;
-import java.security.AccessController;
import java.security.Principal;
import java.text.ParseException;
import java.util.ArrayList;
@@ -30,13 +29,13 @@ import javax.annotation.Nullable;
import javax.jcr.AccessDeniedException;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
+import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.query.Query;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
-import javax.security.auth.Subject;
import com.google.common.base.Objects;
import org.apache.jackrabbit.JcrConstants;
@@ -68,6 +67,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.ImmutableACL;
import org.apache.jackrabbit.oak.spi.security.authorization.PermissionProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.Permissions;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.state.PropertyBuilder;
@@ -100,9 +100,11 @@ public class AccessControlManagerImpl im
private PermissionProvider permissionProvider;
public AccessControlManagerImpl(@Nonnull Root root, @Nonnull NamePathMapper namePathMapper,
- @Nonnull SecurityProvider securityProvider) {
+ @Nonnull SecurityProvider securityProvider,
+ @Nullable PermissionProvider permissionProvider) {
this.root = root;
this.namePathMapper = namePathMapper;
+ this.permissionProvider = permissionProvider;
privilegeManager = securityProvider.getPrivilegeConfiguration().getPrivilegeManager(root, namePathMapper);
principalManager = securityProvider.getPrincipalConfiguration().getPrincipalManager(root, namePathMapper);
@@ -110,8 +112,6 @@ public class AccessControlManagerImpl im
acConfig = securityProvider.getAccessControlConfiguration();
restrictionProvider = acConfig.getRestrictionProvider(namePathMapper);
ntMgr = ReadOnlyNodeTypeManager.getInstance(root, namePathMapper);
-
- permissionProvider = getPermissionProvider();
}
//-----------------------------------------------< AccessControlManager >---
@@ -143,7 +143,7 @@ public class AccessControlManagerImpl im
@Override
public AccessControlPolicy[] getPolicies(@Nullable String absPath) throws RepositoryException {
String oakPath = getOakPath(absPath);
- Tree tree = getTree(oakPath);
+ Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL);
AccessControlPolicy policy = createACL(oakPath, tree, false);
if (policy != null) {
return new AccessControlPolicy[]{policy};
@@ -156,7 +156,7 @@ public class AccessControlManagerImpl im
@Override
public AccessControlPolicy[] getEffectivePolicies(@Nullable String absPath) throws RepositoryException {
String oakPath = getOakPath(absPath);
- Tree tree = getTree(oakPath);
+ Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL);
List<AccessControlPolicy> effective = new ArrayList<AccessControlPolicy>();
AccessControlPolicy policy = createACL(oakPath, tree, true);
if (policy != null) {
@@ -180,7 +180,7 @@ public class AccessControlManagerImpl im
@Override
public AccessControlPolicyIterator getApplicablePolicies(@Nullable String absPath) throws RepositoryException {
String oakPath = getOakPath(absPath);
- Tree tree = getTree(oakPath);
+ Tree tree = getTree(oakPath, Permissions.READ_ACCESS_CONTROL);
AccessControlPolicy policy = null;
NodeUtil aclNode = getAclNode(oakPath, tree);
@@ -216,7 +216,7 @@ public class AccessControlManagerImpl im
// TODO
throw new RepositoryException("not yet implemented");
} else {
- Tree tree = getTree(oakPath);
+ Tree tree = getTree(oakPath, Permissions.MODIFY_ACCESS_CONTROL);
NodeUtil aclNode = getAclNode(oakPath, tree);
if (aclNode != null) {
// remove all existing aces
@@ -261,7 +261,7 @@ public class AccessControlManagerImpl im
// TODO
throw new RepositoryException("not yet implemented");
} else {
- Tree tree = getTree(oakPath);
+ Tree tree = getTree(oakPath, Permissions.MODIFY_ACCESS_CONTROL);
NodeUtil aclNode = getAclNode(oakPath, tree);
if (aclNode != null) {
aclNode.getTree().remove();
@@ -345,12 +345,14 @@ public class AccessControlManagerImpl im
}
@Nonnull
- private Tree getTree(@Nullable String oakPath) throws RepositoryException {
+ private Tree getTree(@Nullable String oakPath, long permissions) throws RepositoryException {
Tree tree = (oakPath == null) ? root.getTree("/") : root.getTree(oakPath);
if (tree == null) {
throw new PathNotFoundException("No tree at " + oakPath);
}
- checkPermission(tree);
+ if (permissions != Permissions.NO_PERMISSION) {
+ checkPermission(tree, permissions);
+ }
// check if the tree is access controlled
if (acConfig.getContext().definesTree(tree)) {
@@ -359,29 +361,14 @@ public class AccessControlManagerImpl im
return tree;
}
- @Nonnull
- private PermissionProvider getPermissionProvider() {
- // TODO
- if (permissionProvider == null) {
- Subject subject = Subject.getSubject(AccessController.getContext());
- if (subject != null && !subject.getPublicCredentials(PermissionProvider.class).isEmpty()) {
- permissionProvider = subject.getPublicCredentials(PermissionProvider.class).iterator().next();
- } else {
- Set<Principal> principals = (subject != null) ? subject.getPrincipals() : Collections.<Principal>emptySet();
- permissionProvider = acConfig.getPermissionProvider(root, principals);
- }
- } else {
- permissionProvider.refresh();
+ private void checkPermission(@Nonnull Tree tree, long permissions) throws AccessDeniedException {
+ if (permissionProvider != null && !permissionProvider.isGranted(tree, permissions)) {
+ throw new AccessDeniedException("Access denied at " + tree);
}
- return permissionProvider;
- }
-
- private void checkPermission(@Nonnull Tree tree) throws AccessDeniedException {
- // TODO
}
private void checkValidPath(@Nullable String jcrPath) throws RepositoryException {
- getTree(getOakPath(jcrPath));
+ getTree(getOakPath(jcrPath), Permissions.NO_PERMISSION);
}
private static void checkValidPolicy(@Nullable String oakPath, @Nonnull AccessControlPolicy policy) throws AccessControlException {
@@ -544,10 +531,13 @@ public class AccessControlManagerImpl im
}
@Nonnull
- private Privilege[] getPrivileges(@Nullable String absPath, @Nonnull PermissionProvider provider) throws RepositoryException {
+ private Privilege[] getPrivileges(@Nullable String absPath, @Nullable PermissionProvider provider) throws RepositoryException {
// TODO
+ if (provider == null) {
+ throw new UnsupportedRepositoryOperationException();
+ }
String oakPath = getOakPath(absPath);
- Tree tree = getTree(oakPath);
+ Tree tree = getTree(oakPath, Permissions.NO_PERMISSION);
Set<String> pNames = provider.getPrivileges(tree);
if (pNames.isEmpty()) {
return new Privilege[0];
@@ -561,10 +551,13 @@ public class AccessControlManagerImpl im
}
private boolean hasPrivileges(@Nullable String absPath, @Nonnull Privilege[] privileges,
- @Nonnull PermissionProvider provider) throws RepositoryException {
+ @Nullable PermissionProvider provider) throws RepositoryException {
// TODO
+ if (provider == null) {
+ throw new UnsupportedRepositoryOperationException();
+ }
String oakPath = getOakPath(absPath);
- Tree tree = getTree(oakPath);
+ Tree tree = getTree(oakPath, Permissions.NO_PERMISSION);
Set<String> privilegeNames = new HashSet<String>(privileges.length);
for (Privilege privilege : privileges) {
privilegeNames.add(namePathMapper.getOakName(privilege.getName()));
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConfiguration.java Tue Mar 19 16:48:03 2013
@@ -19,6 +19,7 @@ package org.apache.jackrabbit.oak.spi.se
import java.security.Principal;
import java.util.Set;
import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
import javax.jcr.security.AccessControlManager;
import org.apache.jackrabbit.oak.api.Root;
@@ -32,11 +33,14 @@ import org.apache.jackrabbit.oak.spi.sec
public interface AccessControlConfiguration extends SecurityConfiguration {
@Nonnull
- AccessControlManager getAccessControlManager(Root root, NamePathMapper namePathMapper);
+ AccessControlManager getAccessControlManager(@Nonnull Root root,
+ @Nonnull NamePathMapper namePathMapper,
+ @Nullable PermissionProvider permissionProvider);
@Nonnull
- RestrictionProvider getRestrictionProvider(NamePathMapper namePathMapper);
+ RestrictionProvider getRestrictionProvider(@Nonnull NamePathMapper namePathMapper);
@Nonnull
- PermissionProvider getPermissionProvider(Root root, Set<Principal> principals);
+ PermissionProvider getPermissionProvider(@Nonnull Root root,
+ @Nonnull Set<Principal> principals);
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/OpenAccessControlConfiguration.java Tue Mar 19 16:48:03 2013
@@ -34,7 +34,7 @@ public class OpenAccessControlConfigurat
implements AccessControlConfiguration {
@Override
- public AccessControlManager getAccessControlManager(Root root, NamePathMapper namePathMapper) {
+ public AccessControlManager getAccessControlManager(Root root, NamePathMapper namePathMapper, PermissionProvider permissionProvider) {
throw new UnsupportedOperationException();
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AccessControlAction.java Tue Mar 19 16:48:03 2013
@@ -163,7 +163,7 @@ public class AccessControlAction extends
return;
}
String path = authorizable.getPath();
- AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root, namePathMapper);
+ AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root, namePathMapper, null);
JackrabbitAccessControlList acl = null;
for (AccessControlPolicyIterator it = acMgr.getApplicablePolicies(path); it.hasNext();) {
AccessControlPolicy plc = it.nextAccessControlPolicy();
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java Tue Mar 19 16:48:03 2013
@@ -52,6 +52,7 @@ import org.apache.jackrabbit.oak.securit
import org.apache.jackrabbit.oak.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
+import org.apache.jackrabbit.oak.spi.security.authorization.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.util.NodeUtil;
@@ -119,7 +120,8 @@ public class AccessControlManagerImplTes
}
private AccessControlManagerImpl getAccessControlManager(NamePathMapper npMapper) {
- return new AccessControlManagerImpl(root, npMapper, getSecurityProvider());
+ PermissionProvider pp = getSecurityProvider().getAccessControlConfiguration().getPermissionProvider(root, adminSession.getAuthInfo().getPrincipals());
+ return new AccessControlManagerImpl(root, npMapper, getSecurityProvider(), pp);
}
private NamePathMapper getLocalNamePathMapper() {
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java Tue Mar 19 16:48:03 2013
@@ -66,7 +66,8 @@ public abstract class AbstractAccessCont
}
protected JackrabbitAccessControlManager getAccessControlManager(Root root) {
- AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root, NamePathMapper.DEFAULT);
+ PermissionProvider pp = null; // TODO
+ AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root, NamePathMapper.DEFAULT, pp);
if (acMgr instanceof JackrabbitAccessControlManager) {
return (JackrabbitAccessControlManager) acMgr;
} else {
Modified: jackrabbit/oak/trunk/oak-jcr/pom.xml
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/pom.xml?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-jcr/pom.xml Tue Mar 19 16:48:03 2013
@@ -245,7 +245,6 @@
org.apache.jackrabbit.test.api.observation.AddEventListenerTest#testUUID
org.apache.jackrabbit.test.api.observation.LockingTest#testAddLockToNode
org.apache.jackrabbit.test.api.observation.LockingTest#testRemoveLockFromNode
- org.apache.jackrabbit.test.api.security.RSessionAccessControlPolicyTest <!-- OAK-527 -->
org.apache.jackrabbit.oak.jcr.security.user.GroupTest#testCyclicGroups2 <!-- OAK-615 -->
org.apache.jackrabbit.oak.jcr.security.authorization.AccessControlImporterTest#testImportACLRemoveACE <!-- OAK-414 -->
org.apache.jackrabbit.oak.jcr.security.authorization.AccessControlImporterTest#testImportACLUnknown <!-- OAK-414 -->
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionContext.java?rev=1458400&r1=1458399&r2=1458400&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionContext.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/SessionContext.java Tue Mar 19 16:48:03 2013
@@ -16,9 +16,7 @@
*/
package org.apache.jackrabbit.oak.jcr;
-import java.security.PrivilegedAction;
import java.util.ArrayList;
-import java.util.Collections;
import java.util.List;
import java.util.Map;
import javax.annotation.CheckForNull;
@@ -34,7 +32,6 @@ import javax.jcr.nodetype.NodeTypeManage
import javax.jcr.observation.ObservationManager;
import javax.jcr.security.AccessControlManager;
import javax.jcr.version.VersionManager;
-import javax.security.auth.Subject;
import com.google.common.collect.Maps;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
@@ -154,15 +151,8 @@ public abstract class SessionContext imp
@Nonnull
public AccessControlManager getAccessControlManager() throws RepositoryException {
if (accessControlManager == null) {
- // TODO
- Subject subject = new Subject(true, delegate.getAuthInfo().getPrincipals(), Collections.singleton(getPermissionProvider()), Collections.<Object>emptySet());
- accessControlManager = Subject.doAs(subject, new PrivilegedAction<AccessControlManager>() {
- @Override
- public AccessControlManager run() {
- SecurityProvider securityProvider = repository.getSecurityProvider();
- return securityProvider.getAccessControlConfiguration().getAccessControlManager(delegate.getRoot(), namePathMapper);
- }
- });
+ SecurityProvider securityProvider = repository.getSecurityProvider();
+ accessControlManager = securityProvider.getAccessControlConfiguration().getAccessControlManager(delegate.getRoot(), namePathMapper, getPermissionProvider());
}
return accessControlManager;
}
@@ -172,8 +162,6 @@ public abstract class SessionContext imp
if (permissionProvider == null) {
SecurityProvider securityProvider = repository.getSecurityProvider();
permissionProvider = securityProvider.getAccessControlConfiguration().getPermissionProvider(delegate.getRoot(), delegate.getAuthInfo().getPrincipals());
- } else {
- permissionProvider.refresh();
}
return permissionProvider;
}