You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/11/14 16:37:09 UTC
svn commit: r1541935 - in /jackrabbit/oak/trunk:
oak-core/src/main/java/org/apache/jackrabbit/oak/core/
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/
oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/per...
Author: angela
Date: Thu Nov 14 15:37:09 2013
New Revision: 1541935
URL: http://svn.apache.org/r1541935
Log:
OAK-710 : PermissionValidator: Proper permission evaluation for moving/renaming nodes (WIP)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/MoveInfo.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/BackgroundObserver.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/CommitInfo.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/MoveTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java?rev=1541935&r1=1541934&r2=1541935&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java Thu Nov 14 15:37:09 2013
@@ -18,22 +18,17 @@
*/
package org.apache.jackrabbit.oak.core;
-import static com.google.common.base.Preconditions.checkNotNull;
-import static com.google.common.collect.Lists.newArrayList;
-import static org.apache.jackrabbit.oak.commons.PathUtils.getName;
-import static org.apache.jackrabbit.oak.commons.PathUtils.getParentPath;
-import static org.apache.jackrabbit.oak.commons.PathUtils.isAncestor;
-
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
-
+import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.security.auth.Subject;
+import com.google.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.api.Blob;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.ContentSession;
@@ -49,6 +44,7 @@ import org.apache.jackrabbit.oak.spi.com
import org.apache.jackrabbit.oak.spi.commit.CompositeHook;
import org.apache.jackrabbit.oak.spi.commit.EditorHook;
import org.apache.jackrabbit.oak.spi.commit.EmptyHook;
+import org.apache.jackrabbit.oak.spi.commit.MoveInfo;
import org.apache.jackrabbit.oak.spi.commit.PostValidationHook;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
@@ -62,6 +58,12 @@ import org.apache.jackrabbit.oak.spi.sta
import org.apache.jackrabbit.oak.spi.state.NodeStore;
import org.apache.jackrabbit.oak.util.LazyValue;
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.collect.Lists.newArrayList;
+import static org.apache.jackrabbit.oak.commons.PathUtils.getName;
+import static org.apache.jackrabbit.oak.commons.PathUtils.getParentPath;
+import static org.apache.jackrabbit.oak.commons.PathUtils.isAncestor;
+
public abstract class AbstractRoot implements Root {
/**
@@ -105,6 +107,17 @@ public abstract class AbstractRoot imple
private Move lastMove = new Move();
/**
+ * Simple info object used to collect all move operations (source + dest)
+ * for further processing in those commit hooks that wish to distinguish
+ * between simple add/remove and move operations.
+ * Please note that this information will only allow to perform best-effort
+ * matching as depending on the sequence of modifications some operations
+ * may no longer be detected as changes in the commit hook due to way the
+ * diff is compiled.
+ */
+ private MoveInfo moveInfo = new MoveInfo();
+
+ /**
* Number of {@link #updated} occurred.
*/
private long modCount;
@@ -155,10 +168,6 @@ public abstract class AbstractRoot imple
protected void checkLive() {
}
- protected String getUserData() {
- return null;
- }
-
//---------------------------------------------------------------< Root >---
@Override
@@ -188,6 +197,10 @@ public abstract class AbstractRoot imple
lastMove = lastMove.setMove(sourcePath, newParent, newName);
updated();
}
+
+ // remember all move operations for further processing in the commit hooks.
+ moveInfo.addMove(sourcePath, destPath);
+
return success;
}
@@ -254,14 +267,15 @@ public abstract class AbstractRoot imple
ContentSession session = getContentSession();
CommitInfo info = new CommitInfo(
session.toString(),
- session.getAuthInfo().getUserID(),
- message);
- base = store.merge(builder, getCommitHook(hook), info);
+ getCommitSubject(session),
+ moveInfo, message);
+ base = store.merge(builder, getCommitHook(hook, info), info);
secureBuilder.baseChanged();
modCount = 0;
if (permissionProvider.hasValue()) {
permissionProvider.get().refresh();
}
+ moveInfo.clear();
}
/**
@@ -269,11 +283,11 @@ public abstract class AbstractRoot imple
* and the hooks and validators defined by the various security related
* configurations.
*
- * @param hook extra hook to be used for just this commit, or {@code null}
+ * @param extraHook extra hook to be used for just this commit, or {@code null}
* @return A commit hook combining repository global commit hook(s) with the pluggable hooks
* defined with the security modules and the padded {@code hooks}.
*/
- private CommitHook getCommitHook(@Nullable CommitHook extraHook) {
+ private CommitHook getCommitHook(@Nullable CommitHook extraHook, @Nonnull CommitInfo commitInfo) {
List<CommitHook> hooks = newArrayList();
if (extraHook != null) {
@@ -292,8 +306,7 @@ public abstract class AbstractRoot imple
}
}
- List<? extends ValidatorProvider> validators =
- sc.getValidators(workspaceName, getCommitSubject());
+ List<? extends ValidatorProvider> validators = sc.getValidators(workspaceName, commitInfo);
if (!validators.isEmpty()) {
hooks.add(new EditorHook(CompositeEditorProvider.compose(validators)));
}
@@ -304,15 +317,17 @@ public abstract class AbstractRoot imple
}
/**
- * TODO: review again once the permission validation is completed.
- * Build a read only subject for the {@link #commit(CommitHook...)} call that makes the
- * principals and the permission provider available to the commit hooks.
+ * Build a read only subject for the {@link #commit(String, CommitHook)} call that makes the
+ * principals, auth info and the permission provider available to the commit hooks.
*
* @return a new read only subject.
*/
- private Subject getCommitSubject() {
- return new Subject(true, subject.getPrincipals(),
- Collections.singleton(permissionProvider.get()), Collections.<Object>emptySet());
+ private Subject getCommitSubject(ContentSession session) {
+ Set<Object> publicCreds = ImmutableSet.of(
+ permissionProvider.get(),
+ session.getAuthInfo()
+ );
+ return new Subject(true, subject.getPrincipals(), publicCreds, Collections.<Object>emptySet());
}
@Override
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java?rev=1541935&r1=1541934&r2=1541935&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java Thu Nov 14 15:37:09 2013
@@ -23,7 +23,6 @@ import java.util.Set;
import javax.annotation.Nonnull;
import javax.jcr.security.AccessControlManager;
-import javax.security.auth.Subject;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Service;
@@ -40,6 +39,7 @@ import org.apache.jackrabbit.oak.securit
import org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidatorProvider;
import org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionProviderImpl;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
+import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
@@ -98,11 +98,10 @@ public class AuthorizationConfigurationI
}
@Override
- public List<ValidatorProvider> getValidators(
- String workspaceName, Subject subject) {
+ public List<ValidatorProvider> getValidators(String workspaceName, CommitInfo commitInfo) {
return ImmutableList.of(
new PermissionStoreValidatorProvider(),
- new PermissionValidatorProvider(getSecurityProvider(), subject),
+ new PermissionValidatorProvider(getSecurityProvider(), commitInfo),
new AccessControlValidatorProvider(getSecurityProvider()));
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java?rev=1541935&r1=1541934&r2=1541935&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java Thu Nov 14 15:37:09 2013
@@ -16,18 +16,21 @@
*/
package org.apache.jackrabbit.oak.security.authorization.permission;
+import java.util.Set;
import javax.annotation.Nonnull;
import javax.security.auth.Subject;
import org.apache.jackrabbit.oak.core.ImmutableTree;
import org.apache.jackrabbit.oak.core.TreeTypeProviderImpl;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
-import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
+import org.apache.jackrabbit.oak.spi.commit.MoveInfo;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
@@ -44,14 +47,13 @@ public class PermissionValidatorProvider
private final AuthorizationConfiguration acConfig;
private final long jr2Permissions;
- private final Subject subject;
+ private final CommitInfo commitInfo;
private ReadOnlyNodeTypeManager ntMgr;
private Context acCtx;
private Context userCtx;
- public PermissionValidatorProvider(
- SecurityProvider securityProvider, Subject subject) {
+ public PermissionValidatorProvider(SecurityProvider securityProvider, CommitInfo commitInfo) {
this.securityProvider = securityProvider;
this.acConfig = securityProvider.getConfiguration(AuthorizationConfiguration.class);
@@ -59,7 +61,7 @@ public class PermissionValidatorProvider
String compatValue = params.getConfigValue(PermissionConstants.PARAM_PERMISSIONS_JR2, null, String.class);
jr2Permissions = Permissions.getPermissions(compatValue);
- this.subject = subject;
+ this.commitInfo = commitInfo;
}
//--------------------------------------------------< ValidatorProvider >---
@@ -67,7 +69,11 @@ public class PermissionValidatorProvider
@Override
public Validator getRootValidator(NodeState before, NodeState after) {
ntMgr = ReadOnlyNodeTypeManager.getInstance(after);
+
PermissionProvider pp = getPermissionProvider();
+ // TODO
+ MoveInfo moveInfo = commitInfo.getMoveInfo();
+
return new PermissionValidator(createTree(before), createTree(after), pp, this);
}
@@ -101,10 +107,12 @@ public class PermissionValidatorProvider
}
private PermissionProvider getPermissionProvider() {
- if (subject == null || subject.getPublicCredentials(PermissionProvider.class).isEmpty()) {
+ Subject subject = commitInfo.getSubject();
+ Set<PermissionProvider> pps = subject.getPublicCredentials(PermissionProvider.class);
+ if (pps.isEmpty()) {
throw new IllegalStateException("Unable to validate permissions; no permission provider associated with the commit call.");
} else {
- return subject.getPublicCredentials(PermissionProvider.class).iterator().next();
+ return pps.iterator().next();
}
}
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java?rev=1541935&r1=1541934&r2=1541935&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java Thu Nov 14 15:37:09 2013
@@ -20,7 +20,6 @@ import java.util.Collections;
import java.util.List;
import javax.annotation.Nonnull;
-import javax.security.auth.Subject;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Service;
@@ -28,6 +27,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
+import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
@@ -70,8 +70,7 @@ public class PrivilegeConfigurationImpl
@Nonnull
@Override
- public List<? extends ValidatorProvider> getValidators(
- String workspaceName, Subject subject) {
+ public List<? extends ValidatorProvider> getValidators(String workspaceName, CommitInfo commitInfo) {
return Collections.singletonList(new PrivilegeValidatorProvider());
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java?rev=1541935&r1=1541934&r2=1541935&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java Thu Nov 14 15:37:09 2013
@@ -20,7 +20,6 @@ import java.util.Collections;
import java.util.List;
import javax.annotation.Nonnull;
-import javax.security.auth.Subject;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Service;
@@ -28,6 +27,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.security.user.autosave.AutoSaveEnabledManager;
+import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
@@ -68,8 +68,7 @@ public class UserConfigurationImpl exten
@Nonnull
@Override
- public List<? extends ValidatorProvider> getValidators(
- String workspaceName, Subject subject) {
+ public List<? extends ValidatorProvider> getValidators(String workspaceName, CommitInfo commitInfo) {
return Collections.singletonList(new UserValidatorProvider(getParameters()));
}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/BackgroundObserver.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/BackgroundObserver.java?rev=1541935&r1=1541934&r2=1541935&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/BackgroundObserver.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/BackgroundObserver.java Thu Nov 14 15:37:09 2013
@@ -43,6 +43,7 @@ import org.slf4j.LoggerFactory;
* to just one change.
*/
public class BackgroundObserver implements Observer {
+ private static final Logger log = LoggerFactory.getLogger(BackgroundObserver.class);
private static class ContentChange {
private final NodeState root;
@@ -143,7 +144,14 @@ public class BackgroundObserver implemen
public synchronized void stop() {
queue.clear();
queue.add(STOP);
- // no need to join the thread; it will stop when encountering the STOP
+ try {
+ if (thread != Thread.currentThread()) {
+ thread.join();
+ }
+ } catch (InterruptedException e) {
+ Thread.currentThread().interrupt();
+ log.warn("Thread interrupted while joining observation thread.", e);
+ }
}
//----------------------------------------------------------< Observer >--
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/CommitInfo.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/CommitInfo.java?rev=1541935&r1=1541934&r2=1541935&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/CommitInfo.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/CommitInfo.java Thu Nov 14 15:37:09 2013
@@ -19,12 +19,15 @@
package org.apache.jackrabbit.oak.spi.commit;
-import static com.google.common.base.Objects.toStringHelper;
-import static com.google.common.base.Preconditions.checkNotNull;
-
+import java.util.Iterator;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
+import javax.security.auth.Subject;
+
+import org.apache.jackrabbit.oak.api.AuthInfo;
+
+import static com.google.common.base.Objects.toStringHelper;
/**
* Commit info instances associate some meta data with a commit.
@@ -35,29 +38,28 @@ public class CommitInfo {
private final String sessionId;
- private final String userId;
+ private final Subject subject;
private final String message;
private final long date = System.currentTimeMillis();
+ private final MoveInfo moveInfo;
+
/**
* Creates a commit info for the given session and user.
*
* @param sessionId session identifier
- * @param userId user identifier, or {@code null} for an unknown user
+ * @param subject Subject identifying the user
+ * @param moveInfo Information regarding move operations associated with this commit.
* @param message message attached to this commit, or {@code null}
*/
- public CommitInfo(
- @Nonnull String sessionId, @Nullable String userId,
- @Nullable String message) {
- this.sessionId = checkNotNull(sessionId);
- if (userId != null) {
- this.userId = userId;
- } else {
- this.userId = OAK_UNKNOWN;
- }
+ public CommitInfo(@Nonnull String sessionId, @Nonnull Subject subject,
+ @Nonnull MoveInfo moveInfo, @Nullable String message) {
+ this.sessionId = sessionId;
+ this.subject = subject;
this.message = message;
+ this.moveInfo = moveInfo;
}
/**
@@ -73,7 +75,22 @@ public class CommitInfo {
*/
@Nonnull
public String getUserId() {
- return userId;
+ Iterator<AuthInfo> it = subject.getPublicCredentials(AuthInfo.class).iterator();
+ String userId = null;
+ if (it.hasNext()) {
+ userId = it.next().getUserID();
+ }
+ return (userId == null) ? OAK_UNKNOWN : userId;
+ }
+
+ @Nonnull
+ public Subject getSubject() {
+ return subject;
+ }
+
+ @Nonnull
+ public MoveInfo getMoveInfo() {
+ return moveInfo;
}
/**
@@ -95,9 +112,10 @@ public class CommitInfo {
public String toString() {
return toStringHelper(this)
.add("sessionId", sessionId)
- .add("userId", userId)
+ .add("userId", getUserId())
.add("userData", message)
.add("date", date)
+ .add("moveInfo", moveInfo)
.toString();
}
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/MoveInfo.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/MoveInfo.java?rev=1541935&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/MoveInfo.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/MoveInfo.java Thu Nov 14 15:37:09 2013
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.commit;
+
+import javax.annotation.Nonnull;
+
+/**
+ * MoveInfo... TODO
+ */
+public class MoveInfo {
+
+ /**
+ * Create a new {@code MoveInfo}
+ */
+ public MoveInfo() {
+ }
+
+ public void addMove(@Nonnull String sourcePath, @Nonnull String destPath) {
+ // TODO
+ }
+
+ public boolean isEmpty() {
+ // TODO
+ return true;
+ }
+
+ public boolean isMoveDestination(String path) {
+ // TODO
+ return false;
+ }
+
+ public boolean isMoveSource(String path) {
+ // TODO
+ return false;
+ }
+
+ public void clear() {
+ // TODO
+ }
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java?rev=1541935&r1=1541934&r2=1541935&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java Thu Nov 14 15:37:09 2013
@@ -20,9 +20,9 @@ import java.util.Collections;
import java.util.List;
import javax.annotation.Nonnull;
-import javax.security.auth.Subject;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
+import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
@@ -75,8 +75,7 @@ public interface SecurityConfiguration {
List<? extends CommitHook> getCommitHooks(String workspaceName);
@Nonnull
- List<? extends ValidatorProvider> getValidators(
- String workspaceName, Subject subject);
+ List<? extends ValidatorProvider> getValidators(String workspaceName, CommitInfo commitInfo);
@Nonnull
List<ProtectedItemImporter> getProtectedItemImporters();
@@ -123,7 +122,7 @@ public interface SecurityConfiguration {
@Nonnull
@Override
public List<? extends ValidatorProvider> getValidators(
- String workspaceName, Subject subject) {
+ String workspaceName, CommitInfo commitInfo) {
return Collections.emptyList();
}
Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/MoveTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/MoveTest.java?rev=1541935&r1=1541934&r2=1541935&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/MoveTest.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/MoveTest.java Thu Nov 14 15:37:09 2013
@@ -53,7 +53,7 @@ public class MoveTest extends AbstractEv
try {
testSession.move(childNPath, destPath);
testSession.save();
- fail("Move requires add and remove permission.");
+ fail("Move requires addChildNodes and removeChildNodes privilege.");
} catch (AccessDeniedException e) {
// success.
}
@@ -65,7 +65,7 @@ public class MoveTest extends AbstractEv
try {
testSession.move(childNPath, destPath);
testSession.save();
- fail("Move requires add and remove permission.");
+ fail("Move requires addChildNodes and removeChildNodes privilege.");
} catch (AccessDeniedException e) {
// success.
}
@@ -82,7 +82,7 @@ public class MoveTest extends AbstractEv
try {
testSession.move(destPath, childNPath);
testSession.save();
- fail("Move requires add and remove permission.");
+ fail("Move requires addChildNodes and removeChildNodes privilege.");
} catch (AccessDeniedException e) {
// success.
}
@@ -98,7 +98,7 @@ public class MoveTest extends AbstractEv
Privilege.JCR_NODE_TYPE_MANAGEMENT}));
try {
testSession.getWorkspace().move(childNPath, destPath);
- fail("Move requires add and remove permission.");
+ fail("Move requires addChildNodes and removeChildNodes privilege.");
} catch (AccessDeniedException e) {
// success.
}
@@ -109,7 +109,7 @@ public class MoveTest extends AbstractEv
allow(path, privilegesFromName(Privilege.JCR_REMOVE_CHILD_NODES));
try {
testSession.getWorkspace().move(childNPath, destPath);
- fail("Move requires add and remove permission.");
+ fail("Move requires addChildNodes and removeChildNodes privilege.");
} catch (AccessDeniedException e) {
// success.
}
@@ -124,7 +124,7 @@ public class MoveTest extends AbstractEv
deny(path, privilegesFromName(Privilege.JCR_ADD_CHILD_NODES));
try {
testSession.getWorkspace().move(destPath, childNPath);
- fail("Move requires add and remove permission.");
+ fail("Move requires addChildNodes and removeChildNodes privilege.");
} catch (AccessDeniedException e) {
// success.
}
@@ -236,4 +236,4 @@ public class MoveTest extends AbstractEv
assertFalse(testSession.nodeExists(movedNode3Path));
assertHasPrivileges(movedNode3Path, readPrivileges, false);
}
-}
\ No newline at end of file
+}