You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/12/10 18:29:43 UTC
svn commit: r1549905 - in
/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak:
osgi/Activator.java osgi/OsgiSecurityProvider.java
spi/security/CompositeConfiguration.java spi/security/ConfigurationBase.java
Author: angela
Date: Tue Dec 10 17:29:43 2013
New Revision: 1549905
URL: http://svn.apache.org/r1549905
Log:
OAK-754 : Pluggable Security Setup
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/Activator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/OsgiSecurityProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationBase.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/Activator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/Activator.java?rev=1549905&r1=1549904&r2=1549905&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/Activator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/Activator.java Tue Dec 10 17:29:43 2013
@@ -22,7 +22,6 @@ import java.util.List;
import java.util.Map;
import java.util.Properties;
-import com.google.common.collect.ImmutableMap;
import org.apache.jackrabbit.mk.api.MicroKernel;
import org.apache.jackrabbit.oak.api.jmx.CacheStatsMBean;
import org.apache.jackrabbit.oak.core.ContentRepositoryImpl;
@@ -30,21 +29,12 @@ import org.apache.jackrabbit.oak.kernel.
import org.apache.jackrabbit.oak.osgi.OsgiRepositoryInitializer.RepositoryInitializerObserver;
import org.apache.jackrabbit.oak.spi.lifecycle.OakInitializer;
import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
-import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
-import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
-import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
-import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
-import org.apache.jackrabbit.oak.spi.security.user.AuthorizableNodeName;
-import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
-import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.spi.state.NodeStore;
import org.apache.jackrabbit.oak.spi.whiteboard.OsgiWhiteboard;
import org.apache.jackrabbit.oak.spi.whiteboard.Registration;
import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
-import org.osgi.framework.Bundle;
import org.osgi.framework.BundleActivator;
import org.osgi.framework.BundleContext;
-import org.osgi.framework.ServiceFactory;
import org.osgi.framework.ServiceReference;
import org.osgi.framework.ServiceRegistration;
import org.osgi.util.tracker.ServiceTracker;
@@ -68,18 +58,11 @@ public class Activator implements Bundle
private final OsgiRepositoryInitializer repositoryInitializerTracker = new OsgiRepositoryInitializer();
- private final OsgiAuthorizableActionProvider authorizableActionProvider = new OsgiAuthorizableActionProvider();
-
- private final OsgiRestrictionProvider restrictionProvider = new OsgiRestrictionProvider();
-
- private final OsgiSecurityProvider securityProvider;
-
private final Map<ServiceReference, ServiceRegistration> services = new HashMap<ServiceReference, ServiceRegistration>();
private final List<Registration> registrations = new ArrayList<Registration>();
public Activator() {
- securityProvider = new OsgiSecurityProvider(getSecurityConfig());
}
//----------------------------------------------------< BundleActivator >---
@@ -95,14 +78,8 @@ public class Activator implements Bundle
repositoryInitializerTracker.setObserver(this);
repositoryInitializerTracker.start(bundleContext);
- authorizableActionProvider.start(bundleContext);
- restrictionProvider.start(bundleContext);
- securityProvider.start(bundleContext);
-
microKernelTracker = new ServiceTracker(context, MicroKernel.class.getName(), this);
microKernelTracker.open();
-
- registerSecurityProvider();
}
@Override
@@ -112,9 +89,6 @@ public class Activator implements Bundle
indexEditorProvider.stop();
validatorProvider.stop();
repositoryInitializerTracker.stop();
- authorizableActionProvider.stop();
- restrictionProvider.stop();
- securityProvider.stop();
for(Registration r : registrations){
r.unregister();
@@ -164,43 +138,4 @@ public class Activator implements Bundle
}
}
}
-
- //------------------------------------------------------------< private >---
- private ConfigurationParameters getSecurityConfig() {
- Map<String, Object> userMap = ImmutableMap.of(
- UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER, authorizableActionProvider,
- UserConstants.PARAM_AUTHORIZABLE_NODE_NAME, AuthorizableNodeName.DEFAULT); // TODO
-
- Map<String, OsgiRestrictionProvider> authorizMap = ImmutableMap.of(
- AccessControlConstants.PARAM_RESTRICTION_PROVIDER, restrictionProvider
- );
-
- ConfigurationParameters securityConfig = ConfigurationParameters.of(ImmutableMap.of(
- UserConfiguration.NAME, ConfigurationParameters.of(userMap),
- AuthorizationConfiguration.NAME, ConfigurationParameters.of(authorizMap)
- ));
- return securityConfig;
- }
-
- private void registerSecurityProvider() {
- ServiceFactory sf = new ServiceFactory() {
- @Override
- public Object getService(Bundle bundle, ServiceRegistration serviceRegistration) {
- return securityProvider;
- }
-
- @Override
- public void ungetService(Bundle bundle, ServiceRegistration serviceRegistration, Object o) {
- // nothing to do
- }
- };
- final ServiceRegistration r = context.registerService(SecurityProvider.class.getName(), sf, null);
- registrations.add(new Registration() {
- @Override
- public void unregister() {
- r.unregister();
-
- }
- });
- }
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/OsgiSecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/OsgiSecurityProvider.java?rev=1549905&r1=1549904&r2=1549905&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/OsgiSecurityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/OsgiSecurityProvider.java Tue Dec 10 17:29:43 2013
@@ -17,11 +17,19 @@
package org.apache.jackrabbit.oak.osgi;
import java.util.HashSet;
+import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
+import com.google.common.collect.ImmutableMap;
+import org.apache.felix.scr.annotations.Activate;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Deactivate;
import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.ReferenceCardinality;
+import org.apache.felix.scr.annotations.ReferencePolicyOption;
+import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
@@ -30,37 +38,73 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authentication.token.CompositeTokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.principal.CompositePrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
+import org.apache.jackrabbit.oak.spi.security.user.AuthorizableNodeName;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
+import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceReference;
+import org.osgi.service.component.ComponentContext;
-/**
- * OsgiSecurityProvider... TODO
- */
-public class OsgiSecurityProvider extends AbstractServiceTracker<SecurityConfiguration> implements SecurityProvider {
-
- @Reference(bind = "bindAuthorizationConfiguration")
+@Component
+@Service
+public class OsgiSecurityProvider implements SecurityProvider {
+
+ @Reference(bind = "bindAuthorizationConfiguration",
+ cardinality = ReferenceCardinality.MANDATORY_UNARY, // FIXME OAK-1268
+ policyOption = ReferencePolicyOption.GREEDY)
private AuthorizationConfiguration authorizationConfiguration;
- @Reference(bind = "bindAuthenticationConfiguration")
+ @Reference(bind = "bindAuthenticationConfiguration",
+ cardinality = ReferenceCardinality.MANDATORY_UNARY,
+ policyOption = ReferencePolicyOption.GREEDY)
private AuthenticationConfiguration authenticationConfiguration;
- @Reference(bind = "bindPrivilegeConfiguration")
+ @Reference(bind = "bindPrivilegeConfiguration",
+ cardinality = ReferenceCardinality.MANDATORY_UNARY,
+ policyOption = ReferencePolicyOption.GREEDY)
private PrivilegeConfiguration privilegeConfiguration;
- @Reference(bind = "bindUserConfiguration")
+ @Reference(bind = "bindUserConfiguration",
+ cardinality = ReferenceCardinality.MANDATORY_UNARY,
+ policyOption = ReferencePolicyOption.GREEDY)
private UserConfiguration userConfiguration;
+ @Reference(referenceInterface = PrincipalConfiguration.class,
+ bind = "bindPrincipalConfiguration",
+ unbind = "unbindPrincipalConfiguration",
+ cardinality = ReferenceCardinality.MANDATORY_MULTIPLE,
+ policyOption = ReferencePolicyOption.GREEDY)
private CompositePrincipalConfiguration principalConfiguration = new CompositePrincipalConfiguration(this);
+
+ @Reference(referenceInterface = TokenConfiguration.class,
+ bind = "bindTokenConfiguration",
+ unbind = "unbindTokenConfiguration",
+ cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE,
+ policyOption = ReferencePolicyOption.GREEDY)
private CompositeTokenConfiguration tokenConfiguration = new CompositeTokenConfiguration(this);
- private ConfigurationParameters config;
+ private final OsgiAuthorizableActionProvider authorizableActionProvider = new OsgiAuthorizableActionProvider();
+ private final OsgiRestrictionProvider restrictionProvider = new OsgiRestrictionProvider();
+
+ private final ConfigurationParameters config;
- public OsgiSecurityProvider(@Nonnull ConfigurationParameters config) {
- super(SecurityConfiguration.class);
- this.config = config;
+ public OsgiSecurityProvider() {
+ Map<String, Object> userMap = ImmutableMap.of(
+ UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER, authorizableActionProvider,
+ UserConstants.PARAM_AUTHORIZABLE_NODE_NAME, AuthorizableNodeName.DEFAULT); // TODO
+
+ Map<String, OsgiRestrictionProvider> authorizMap = ImmutableMap.of(
+ AccessControlConstants.PARAM_RESTRICTION_PROVIDER, restrictionProvider
+ );
+
+ config = ConfigurationParameters.of(ImmutableMap.of(
+ UserConfiguration.NAME, ConfigurationParameters.of(userMap),
+ AuthorizationConfiguration.NAME, ConfigurationParameters.of(authorizMap)
+ ));
}
//---------------------------------------------------< SecurityProvider >---
@@ -112,29 +156,21 @@ public class OsgiSecurityProvider extend
}
}
- //-------------------------------------------< ServiceTrackerCustomizer >---
- @Override
- public Object addingService(ServiceReference reference) {
- Object service = super.addingService(reference);
- if (service instanceof TokenConfiguration) {
- tokenConfiguration.addConfiguration((TokenConfiguration) service);
- } else if (service instanceof PrincipalConfiguration) {
- principalConfiguration.addConfiguration((PrincipalConfiguration) service);
- }
- return service;
+//----------------------------------------------------< SCR Integration >---
+ @Activate
+ protected void activate(ComponentContext context) throws Exception {
+ BundleContext bundleContext = context.getBundleContext();
+
+ authorizableActionProvider.start(bundleContext);
+ restrictionProvider.start(bundleContext);
}
- @Override
- public void removedService(ServiceReference reference, Object service) {
- super.removedService(reference, service);
- if (service instanceof TokenConfiguration) {
- tokenConfiguration.removeConfiguration((TokenConfiguration) service);
- } else if (service instanceof PrincipalConfiguration) {
- principalConfiguration.removeConfiguration((PrincipalConfiguration) service);
- }
+ @Deactivate
+ protected void deactivate() throws Exception {
+ authorizableActionProvider.stop();
+ restrictionProvider.stop();
}
- //--------------------------------------------------------------------------
protected void bindAuthorizationConfiguration(@Nonnull ServiceReference reference) {
authorizationConfiguration = (AuthorizationConfiguration) initConfiguration(reference);
}
@@ -151,6 +187,28 @@ public class OsgiSecurityProvider extend
privilegeConfiguration = (PrivilegeConfiguration) initConfiguration(reference);
}
+ protected void bindPrincipalConfiguration(@Nonnull ServiceReference reference) {
+ principalConfiguration.addConfiguration((PrincipalConfiguration) initConfiguration(reference));
+ }
+
+ protected void unbindPrincipalConfiguration(@Nonnull ServiceReference reference) {
+ Object pc = reference.getBundle().getBundleContext().getService(reference);
+ if (pc instanceof PrincipalConfiguration) {
+ principalConfiguration.removeConfiguration((PrincipalConfiguration) pc);
+ }
+ }
+
+ protected void bindTokenConfiguration(@Nonnull ServiceReference reference) {
+ tokenConfiguration.addConfiguration((TokenConfiguration) initConfiguration(reference));
+ }
+
+ protected void unbindTokenConfiguration(@Nonnull ServiceReference reference) {
+ Object tc = reference.getBundle().getBundleContext().getService(reference);
+ if (tc instanceof TokenConfiguration) {
+ tokenConfiguration.removeConfiguration((TokenConfiguration) tc);
+ }
+ }
+
private Object initConfiguration(@Nonnull ServiceReference reference) {
Object service = reference.getBundle().getBundleContext().getService(reference);
if (service instanceof ConfigurationBase) {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java?rev=1549905&r1=1549904&r2=1549905&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java Tue Dec 10 17:29:43 2013
@@ -56,9 +56,6 @@ public abstract class CompositeConfigura
public void addConfiguration(@Nonnull T configuration) {
configurations.add(configuration);
- if (configuration instanceof ConfigurationBase) {
- ((ConfigurationBase) configuration).setSecurityProvider(securityProvider);
- }
}
public void removeConfiguration(@Nonnull T configuration) {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationBase.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationBase.java?rev=1549905&r1=1549904&r2=1549905&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationBase.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/ConfigurationBase.java Tue Dec 10 17:29:43 2013
@@ -49,7 +49,7 @@ public abstract class ConfigurationBase
public void setSecurityProvider(@Nonnull SecurityProvider securityProvider) {
this.securityProvider = securityProvider;
- config = securityProvider.getParameters(getName());
+ config = ConfigurationParameters.of(securityProvider.getParameters(getName()), config);
}
//----------------------------------------------< SecurityConfiguration >---