You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2008/11/14 11:57:34 UTC
svn commit: r713975 - in /jackrabbit/trunk/jackrabbit-core/src:
main/java/org/apache/jackrabbit/core/security/authorization/acl/
main/java/org/apache/jackrabbit/core/security/authorization/principalbased/
main/java/org/apache/jackrabbit/core/security/u...
Author: angela
Date: Fri Nov 14 02:57:33 2008
New Revision: 713975
URL: http://svn.apache.org/viewvc?rev=713975&view=rev
Log:
JCR-1588: JSR 283 Access Control
Modified:
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java?rev=713975&r1=713974&r2=713975&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/acl/ACLTemplate.java Fri Nov 14 02:57:33 2008
@@ -22,6 +22,7 @@
import org.apache.jackrabbit.api.jsr283.security.Privilege;
import org.apache.jackrabbit.api.jsr283.security.AccessControlManager;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
@@ -29,6 +30,9 @@
import org.apache.jackrabbit.core.security.authorization.JackrabbitAccessControlList;
import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
import org.apache.jackrabbit.core.security.authorization.Permission;
+import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
@@ -50,6 +54,8 @@
*/
class ACLTemplate implements JackrabbitAccessControlList {
+ private static final Logger log = LoggerFactory.getLogger(ACLTemplate.class);
+
/**
* Path of the node this ACL template has been created for.
*/
@@ -103,22 +109,36 @@
NodeIterator itr = aclNode.getNodes();
while (itr.hasNext()) {
NodeImpl aceNode = (NodeImpl) itr.nextNode();
+ try {
+ String principalName = aceNode.getProperty(AccessControlConstants.P_PRINCIPAL_NAME).getString();
+ Principal princ = null;
+ if (principalMgr.hasPrincipal(principalName)) {
+ try {
+ princ = principalMgr.getPrincipal(principalName);
+ } catch (NoSuchPrincipalException e) {
+ // should not get here.
+ }
+ }
+ if (princ == null) {
+ log.debug("Principal with name " + principalName + " unknown to PrincipalManager.");
+ princ = new PrincipalImpl(principalName);
+ }
- String principalName = aceNode.getProperty(AccessControlConstants.P_PRINCIPAL_NAME).getString();
- Principal princ = principalMgr.getPrincipal(principalName);
-
- Value[] privValues = aceNode.getProperty(AccessControlConstants.P_PRIVILEGES).getValues();
- Privilege[] privs = new Privilege[privValues.length];
- for (int i = 0; i < privValues.length; i++) {
- privs[i] = acMgr.privilegeFromName(privValues[i].getString());
+ Value[] privValues = aceNode.getProperty(AccessControlConstants.P_PRIVILEGES).getValues();
+ Privilege[] privs = new Privilege[privValues.length];
+ for (int i = 0; i < privValues.length; i++) {
+ privs[i] = acMgr.privilegeFromName(privValues[i].getString());
+ }
+ // create a new ACEImpl (omitting validation check)
+ Entry ace = new Entry(
+ princ,
+ privs,
+ aceNode.isNodeType(AccessControlConstants.NT_REP_GRANT_ACE));
+ // add the entry
+ internalAdd(ace);
+ } catch (RepositoryException e) {
+ log.debug("Failed to build ACE from content.", e.getMessage());
}
- // create a new ACEImpl (omitting validation check)
- Entry ace = new Entry(
- princ,
- privs,
- aceNode.isNodeType(AccessControlConstants.NT_REP_GRANT_ACE));
- // add the entry
- internalAdd(ace);
}
}
@@ -144,7 +164,18 @@
String principalName = aceNode.getProperty(AccessControlConstants.P_PRINCIPAL_NAME).getString();
// only process aceNode if 'principalName' is contained in the given set
if (princToEntries.containsKey(principalName)) {
- Principal princ = principalMgr.getPrincipal(principalName);
+ Principal princ = null;
+ if (principalMgr.hasPrincipal(principalName)) {
+ try {
+ princ = principalMgr.getPrincipal(principalName);
+ } catch (NoSuchPrincipalException e) {
+ // should not get here
+ }
+ }
+ if (princ == null) {
+ log.warn("Principal with name " + principalName + " unknown to PrincipalManager.");
+ princ = new PrincipalImpl(principalName);
+ }
Value[] privValues = aceNode.getProperty(AccessControlConstants.P_PRIVILEGES).getValues();
Privilege[] privs = new Privilege[privValues.length];
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java?rev=713975&r1=713974&r2=713975&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authorization/principalbased/ACLEditor.java Fri Nov 14 02:57:33 2008
@@ -18,6 +18,7 @@
import org.apache.jackrabbit.api.jsr283.security.Privilege;
import org.apache.jackrabbit.api.jsr283.security.AccessControlPolicy;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.SecurityItemModifier;
import org.apache.jackrabbit.core.SessionImpl;
@@ -326,14 +327,18 @@
throw new RepositoryException("Expected node of type rep:AccessControl.");
}
- Principal principal;
+ Principal principal = null;
String principalName = Text.unescapeIllegalJcrChars(acNode.getName());
PrincipalManager pMgr = ((SessionImpl) acNode.getSession()).getPrincipalManager();
if (pMgr.hasPrincipal(principalName)) {
- principal = pMgr.getPrincipal(principalName);
- } else {
+ try {
+ principal = pMgr.getPrincipal(principalName);
+ } catch (NoSuchPrincipalException e) {
+ // should not get here.
+ }
+ }
+ if (principal == null) {
log.warn("Principal with name " + principalName + " unknown to PrincipalManager.");
- // TODO: rather throw?
principal = new PrincipalImpl(principalName);
}
return new ACLTemplate(principal, acNode);
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java?rev=713975&r1=713974&r2=713975&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java Fri Nov 14 02:57:33 2008
@@ -18,6 +18,7 @@
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.api.security.principal.NoSuchPrincipalException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
import org.apache.jackrabbit.api.security.user.Group;
@@ -81,12 +82,19 @@
PrincipalManager prMgr = getSession().getPrincipalManager();
for (Iterator it = getRefereeValues().iterator(); it.hasNext();) {
String refName = ((Value) it.next()).getString();
+ Principal princ = null;
if (prMgr.hasPrincipal(refName)) {
- coll.add(prMgr.getPrincipal(refName));
- } else {
+ try {
+ princ = prMgr.getPrincipal(refName);
+ } catch (NoSuchPrincipalException e) {
+ // should not get here
+ }
+ }
+ if (princ == null) {
log.warn("Principal "+ refName +" unknown to PrincipalManager.");
- coll.add(new PrincipalImpl(refName));
+ princ = new PrincipalImpl(refName);
}
+ coll.add(princ);
}
return new PrincipalIteratorAdapter(coll);
}
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java?rev=713975&r1=713974&r2=713975&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/AbstractEvaluationTest.java Fri Nov 14 02:57:33 2008
@@ -108,7 +108,7 @@
}
// make sure all ac info is removed
clearACInfo();
- if (testGroup != null) {
+ if (testGroup != null && testUser != null) {
testGroup.removeMember(testUser);
testGroup.remove();
}
@@ -123,7 +123,6 @@
if (!(session instanceof JackrabbitSession)) {
throw new NotExecutableException();
}
-
try {
return ((JackrabbitSession) session).getUserManager();
} catch (RepositoryException e) {
@@ -899,6 +898,20 @@
assertTrue(testSession.hasPermission(childPath, org.apache.jackrabbit.api.jsr283.Session.ACTION_ADD_NODE));
}
+ public void testAclReferingToRemovedPrincipal() throws
+ NotExecutableException, RepositoryException {
+
+ JackrabbitAccessControlList acl = givePrivileges(path, privilegesFromName(Privilege.JCR_WRITE), getRestrictions(path));
+ String acPath = acl.getPath();
+
+ // remove the test user
+ testUser.remove();
+ testUser = null;
+
+ // try to retrieve the acl again
+ AccessControlManager acMgr = getAccessControlManager(helper.getSuperuserSession());
+ acMgr.getPolicies(acPath);
+ }
private static Node findPolicyNode(Node start) throws RepositoryException {
Node policyNode = null;