You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/02/27 10:32:45 UTC
svn commit: r1450688 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java
Author: angela
Date: Wed Feb 27 09:32:45 2013
New Revision: 1450688
URL: http://svn.apache.org/r1450688
Log:
OAK-51 : Access Control Management (WIP)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1450688&r1=1450687&r2=1450688&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java Wed Feb 27 09:32:45 2013
@@ -109,35 +109,40 @@ public class AccessControlManagerImpl im
Subject subject = Subject.getSubject(AccessController.getContext());
Set<Principal> principals = (subject != null) ? subject.getPrincipals() : Collections.<Principal>emptySet();
+ // FIXME: keep permission provider up to date.
permissionProvider = acConfig.getPermissionProvider(root, principals);
restrictionProvider = acConfig.getRestrictionProvider(namePathMapper);
ntMgr = ReadOnlyNodeTypeManager.getInstance(root, namePathMapper);
}
//-----------------------------------------------< AccessControlManager >---
+ @Nonnull
@Override
- public Privilege[] getSupportedPrivileges(String absPath) throws RepositoryException {
+ public Privilege[] getSupportedPrivileges(@Nullable String absPath) throws RepositoryException {
checkValidPath(absPath);
return privilegeManager.getRegisteredPrivileges();
}
+ @Nonnull
@Override
- public Privilege privilegeFromName(String privilegeName) throws RepositoryException {
+ public Privilege privilegeFromName(@Nonnull String privilegeName) throws RepositoryException {
return privilegeManager.getPrivilege(privilegeName);
}
@Override
- public boolean hasPrivileges(String absPath, Privilege[] privileges) throws RepositoryException {
+ public boolean hasPrivileges(@Nullable String absPath, @Nonnull Privilege[] privileges) throws RepositoryException {
return hasPrivileges(absPath, privileges, permissionProvider);
}
+ @Nonnull
@Override
- public Privilege[] getPrivileges(String absPath) throws RepositoryException {
+ public Privilege[] getPrivileges(@Nullable String absPath) throws RepositoryException {
return getPrivileges(absPath, permissionProvider);
}
+ @Nonnull
@Override
- public AccessControlPolicy[] getPolicies(String absPath) throws RepositoryException {
+ public AccessControlPolicy[] getPolicies(@Nullable String absPath) throws RepositoryException {
String oakPath = getOakPath(absPath);
Tree tree = getTree(oakPath);
AccessControlPolicy policy = createACL(oakPath, tree, false);
@@ -148,8 +153,9 @@ public class AccessControlManagerImpl im
}
}
+ @Nonnull
@Override
- public AccessControlPolicy[] getEffectivePolicies(String absPath) throws RepositoryException {
+ public AccessControlPolicy[] getEffectivePolicies(@Nullable String absPath) throws RepositoryException {
String oakPath = getOakPath(absPath);
Tree tree = getTree(oakPath);
List<AccessControlPolicy> effective = new ArrayList<AccessControlPolicy>();
@@ -171,8 +177,9 @@ public class AccessControlManagerImpl im
return effective.toArray(new AccessControlPolicy[effective.size()]);
}
+ @Nonnull
@Override
- public AccessControlPolicyIterator getApplicablePolicies(String absPath) throws RepositoryException {
+ public AccessControlPolicyIterator getApplicablePolicies(@Nullable String absPath) throws RepositoryException {
String oakPath = getOakPath(absPath);
Tree tree = getTree(oakPath);
@@ -202,7 +209,7 @@ public class AccessControlManagerImpl im
}
@Override
- public void setPolicy(String absPath, AccessControlPolicy policy) throws RepositoryException {
+ public void setPolicy(@Nullable String absPath, @Nonnull AccessControlPolicy policy) throws RepositoryException {
String oakPath = getOakPath(absPath);
checkValidPolicy(oakPath, policy);
@@ -247,7 +254,7 @@ public class AccessControlManagerImpl im
}
@Override
- public void removePolicy(String absPath, AccessControlPolicy policy) throws RepositoryException {
+ public void removePolicy(@Nullable String absPath, @Nonnull AccessControlPolicy policy) throws RepositoryException {
String oakPath = getOakPath(absPath);
checkValidPolicy(oakPath, policy);
@@ -266,8 +273,9 @@ public class AccessControlManagerImpl im
}
//-------------------------------------< JackrabbitAccessControlManager >---
+ @Nonnull
@Override
- public JackrabbitAccessControlPolicy[] getApplicablePolicies(Principal principal) throws RepositoryException {
+ public JackrabbitAccessControlPolicy[] getApplicablePolicies(@Nonnull Principal principal) throws RepositoryException {
Result aceResult = searchAces(Collections.<Principal>singleton(principal));
if (aceResult.getSize() > 0) {
return new JackrabbitAccessControlPolicy[0];
@@ -276,8 +284,9 @@ public class AccessControlManagerImpl im
}
}
+ @Nonnull
@Override
- public JackrabbitAccessControlPolicy[] getPolicies(Principal principal) throws RepositoryException {
+ public JackrabbitAccessControlPolicy[] getPolicies(@Nonnull Principal principal) throws RepositoryException {
Result aceResult = searchAces(Collections.<Principal>singleton(principal));
if (aceResult.getSize() > 0) {
return new JackrabbitAccessControlPolicy[]{createPrincipalACL(principal, aceResult)};
@@ -286,8 +295,9 @@ public class AccessControlManagerImpl im
}
}
+ @Nonnull
@Override
- public AccessControlPolicy[] getEffectivePolicies(Set<Principal> principals) throws RepositoryException {
+ public AccessControlPolicy[] getEffectivePolicies(@Nonnull Set<Principal> principals) throws RepositoryException {
Result aceResult = searchAces(principals);
List<AccessControlPolicy> effective = new ArrayList<AccessControlPolicy>();
for (ResultRow row : aceResult.getRows()) {
@@ -310,20 +320,20 @@ public class AccessControlManagerImpl im
}
@Override
- public boolean hasPrivileges(String absPath, Set<Principal> principals, Privilege[] privileges) throws RepositoryException {
+ public boolean hasPrivileges(@Nullable String absPath, @Nonnull Set<Principal> principals, @Nonnull Privilege[] privileges) throws RepositoryException {
PermissionProvider provider = acConfig.getPermissionProvider(root, principals);
return hasPrivileges(absPath, privileges, provider);
}
@Override
- public Privilege[] getPrivileges(String absPath, Set<Principal> principals) throws RepositoryException {
+ public Privilege[] getPrivileges(@Nullable String absPath, @Nonnull Set<Principal> principals) throws RepositoryException {
PermissionProvider provider = acConfig.getPermissionProvider(root, principals);
return getPrivileges(absPath, provider);
}
//------------------------------------------------------------< private >---
@CheckForNull
- private String getOakPath(String jcrPath) throws RepositoryException {
+ private String getOakPath(@Nullable String jcrPath) throws RepositoryException {
if (jcrPath == null) {
return null;
} else {
@@ -359,7 +369,7 @@ public class AccessControlManagerImpl im
getTree(getOakPath(jcrPath));
}
- private static void checkValidPolicy(@Nullable String oakPath, @Nullable AccessControlPolicy policy) throws AccessControlException {
+ private static void checkValidPolicy(@Nullable String oakPath, @Nonnull AccessControlPolicy policy) throws AccessControlException {
if (policy instanceof ACL) {
String path = ((ACL) policy).getOakPath();
if ((path == null && oakPath != null) || (path != null && !path.equals(oakPath))) {
@@ -370,11 +380,11 @@ public class AccessControlManagerImpl im
}
}
- private boolean isAccessControlled(@Nonnull Tree tree, @Nonnull String nodeTypeName) throws RepositoryException {
+ private boolean isAccessControlled(@Nonnull Tree tree, @Nonnull String nodeTypeName) {
return ntMgr.isNodeType(tree, nodeTypeName);
}
- private boolean isACE(@Nonnull Tree tree) throws RepositoryException {
+ private boolean isACE(@Nonnull Tree tree) {
return ntMgr.isNodeType(tree, NT_REP_ACE);
}
@@ -382,10 +392,9 @@ public class AccessControlManagerImpl im
* @param oakPath the Oak path as specified with the ac mgr call.
* @param tree the access controlled node.
* @return the new acl tree.
- * @throws RepositoryException if an error occurs
*/
@Nonnull
- private NodeUtil createAclNode(@Nullable String oakPath, @Nonnull Tree tree) throws RepositoryException {
+ private NodeUtil createAclNode(@Nullable String oakPath, @Nonnull Tree tree) {
String mixinName = getMixinName(oakPath);
if (!isAccessControlled(tree, mixinName)) {
@@ -458,8 +467,9 @@ public class AccessControlManagerImpl im
}
@Nonnull
- private JackrabbitAccessControlEntry createACE(String oakPath, Tree aceTree,
- RestrictionProvider restrictionProvider) throws RepositoryException {
+ private JackrabbitAccessControlEntry createACE(@Nullable String oakPath,
+ @Nonnull Tree aceTree,
+ @Nonnull RestrictionProvider restrictionProvider) throws RepositoryException {
boolean isAllow = NT_REP_GRANT_ACE.equals(TreeUtil.getPrimaryTypeName(aceTree));
Set<Restriction> restrictions = restrictionProvider.readRestrictions(oakPath, aceTree);
return new ACE(getPrincipal(aceTree), getPrivileges(aceTree), isAllow, restrictions);
@@ -519,7 +529,7 @@ public class AccessControlManagerImpl im
}
@Nonnull
- private Privilege[] getPrivileges(String absPath, PermissionProvider provider) throws RepositoryException {
+ private Privilege[] getPrivileges(@Nullable String absPath, @Nonnull PermissionProvider provider) throws RepositoryException {
// TODO
String oakPath = getOakPath(absPath);
Tree tree = getTree(oakPath);
@@ -535,7 +545,8 @@ public class AccessControlManagerImpl im
}
}
- private boolean hasPrivileges(String absPath, Privilege[] privileges, PermissionProvider provider) throws RepositoryException {
+ private boolean hasPrivileges(@Nullable String absPath, @Nonnull Privilege[] privileges,
+ @Nonnull PermissionProvider provider) throws RepositoryException {
// TODO
String oakPath = getOakPath(absPath);
Tree tree = getTree(oakPath);
@@ -547,7 +558,7 @@ public class AccessControlManagerImpl im
}
@CheckForNull
- private NodeUtil getAclNode(@Nullable String oakPath, @Nonnull Tree accessControlledTree) throws RepositoryException {
+ private NodeUtil getAclNode(@Nullable String oakPath, @Nonnull Tree accessControlledTree) {
if (isAccessControlled(accessControlledTree, getMixinName(oakPath))) {
Tree policyTree = accessControlledTree.getChild(getAclName(oakPath));
if (policyTree != null) {
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java?rev=1450688&r1=1450687&r2=1450688&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/AbstractAccessControlTest.java Wed Feb 27 09:32:45 2013
@@ -17,6 +17,7 @@
package org.apache.jackrabbit.oak.spi.security.authorization;
import javax.jcr.NamespaceRegistry;
+import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
@@ -26,7 +27,6 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.name.ReadWriteNamespaceRegistry;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlManagerImpl;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
/**
@@ -65,9 +65,12 @@ public abstract class AbstractAccessCont
}
protected JackrabbitAccessControlManager getAccessControlManager(Root root) {
- // TODO
- //acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root, NamePathMapper.DEFAULT);
- return new AccessControlManagerImpl(root, getNamePathMapper(), getSecurityProvider());
+ AccessControlManager acMgr = securityProvider.getAccessControlConfiguration().getAccessControlManager(root, NamePathMapper.DEFAULT);
+ if (acMgr instanceof JackrabbitAccessControlManager) {
+ return (JackrabbitAccessControlManager) acMgr;
+ } else {
+ throw new UnsupportedOperationException("Expected JackrabbitAccessControlManager found " + acMgr.getClass());
+ }
}
protected RestrictionProvider getRestrictionProvider() {