You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by an...@apache.org on 2008/04/24 13:35:15 UTC
svn commit: r651221 - in /jackrabbit/trunk:
jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/
jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/
jackrabbit-core/src/main/java/org/apache/jackrabbit/core...
Author: angela
Date: Thu Apr 24 04:35:05 2008
New Revision: 651221
URL: http://svn.apache.org/viewvc?rev=651221&view=rev
Log:
JCR-1104 : JSR 283 support (security work in progress)
- add Authorizable.getPropertyNames()
- User.getCredentials returns Credentials
-> adjust implementation and tests
Modified:
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java
jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/SimpleCredentialsAuthentication.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AuthorizableTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java
jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java
Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java?rev=651221&r1=651220&r2=651221&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/Authorizable.java Thu Apr 24 04:35:05 2008
@@ -65,6 +65,7 @@
* principal name.
*
* @return Name of this <code>Authorizable</code>.
+ * @throws RepositoryException if an error occurs.
*/
String getID() throws RepositoryException;
@@ -126,6 +127,16 @@
* <code>Authorizable</code> could not be removed.
*/
void remove() throws RepositoryException;
+
+ /**
+ * Returns the names of properties present with <code>this</code> Authorizable.
+ *
+ * @return names of properties.
+ * @throws RepositoryException If an error occurs.
+ * @see #getProperty(String)
+ * @see #hasProperty(String)
+ */
+ Iterator getPropertyNames() throws RepositoryException;
/**
* Tests if a the property with specified name exists.
Modified: jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java?rev=651221&r1=651220&r2=651221&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java (original)
+++ jackrabbit/trunk/jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/user/User.java Thu Apr 24 04:35:05 2008
@@ -16,7 +16,7 @@
package org.apache.jackrabbit.api.security.user;
import javax.jcr.RepositoryException;
-import java.util.Iterator;
+import javax.jcr.Credentials;
/**
* User is a special {@link Authorizable} that can be authenticated and
@@ -33,13 +33,11 @@
boolean isAdmin();
/**
- * Returns an iterator of <code>Credentials</code> object that belong
- * to this user. The iterator's size must be greater than zero.
+ * Returns <code>Credentials</code> for this user.
*
- * @return an iterator over <code>Credentials</code> that contains
- * at least a single <code>Credentials</code> object.
+ * @return <code>Credentials</code> for this user.
*/
- Iterator getCredentials() throws RepositoryException;
+ Credentials getCredentials() throws RepositoryException;
/**
* @return <code>Impersonation</code> for this <code>User</code>.
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/SimpleCredentialsAuthentication.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/SimpleCredentialsAuthentication.java?rev=651221&r1=651220&r2=651221&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/SimpleCredentialsAuthentication.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/authentication/SimpleCredentialsAuthentication.java Thu Apr 24 04:35:05 2008
@@ -25,9 +25,6 @@
import javax.jcr.SimpleCredentials;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Iterator;
/**
* This {@link Authentication} implementation handles all
@@ -45,7 +42,7 @@
private static final Logger log = LoggerFactory.getLogger(SimpleCredentialsAuthentication.class);
- private final Collection credentialSet = new HashSet();
+ private final CryptedSimpleCredentials creds;
/**
* Create an Authentication for this User
@@ -54,19 +51,20 @@
* @throws javax.jcr.RepositoryException
*/
SimpleCredentialsAuthentication(User user) throws RepositoryException {
- for(Iterator it = user.getCredentials(); it.hasNext();) {
- Credentials creds = (Credentials) it.next();
- if (creds instanceof CryptedSimpleCredentials) {
- credentialSet.add(creds);
- } else if (creds instanceof SimpleCredentials) {
- try {
- credentialSet.add(new CryptedSimpleCredentials((SimpleCredentials) creds));
- } catch (NoSuchAlgorithmException e) {
- throw new RepositoryException(e);
- } catch (UnsupportedEncodingException e) {
- throw new RepositoryException(e);
- }
+ Credentials creds = user.getCredentials();
+ if (creds instanceof CryptedSimpleCredentials) {
+ this.creds = (CryptedSimpleCredentials) creds;
+ } else if (creds instanceof SimpleCredentials) {
+ try {
+ this.creds = new CryptedSimpleCredentials((SimpleCredentials) creds);
+ } catch (NoSuchAlgorithmException e) {
+ throw new RepositoryException(e);
+ } catch (UnsupportedEncodingException e) {
+ throw new RepositoryException(e);
}
+ } else {
+ log.warn("No Credentials found with user " + user.getID());
+ this.creds = null;
}
}
@@ -82,7 +80,7 @@
* @see Authentication#canHandle(Credentials)
*/
public boolean canHandle(Credentials credentials) {
- return !credentialSet.isEmpty() && credentials instanceof SimpleCredentials;
+ return creds != null && credentials instanceof SimpleCredentials;
}
/**
@@ -101,18 +99,14 @@
if (!(credentials instanceof SimpleCredentials)) {
throw new RepositoryException("SimpleCredentials expected. Cannot handle " + credentials.getClass().getName());
}
-
- for (Iterator it = credentialSet.iterator(); it.hasNext();) {
- try {
- CryptedSimpleCredentials creds = (CryptedSimpleCredentials) it.next();
- if (creds.matches((SimpleCredentials) credentials)) {
- return true;
- }
- } catch (NoSuchAlgorithmException e) {
- log.debug("Failed to verify Credentials with {}: {} -> test next", credentials.toString(), e);
- } catch (UnsupportedEncodingException e) {
- log.debug("Failed to verify Credentials with {}: {} -> test next", credentials.toString(), e);
+ try {
+ if (creds != null && creds.matches((SimpleCredentials) credentials)) {
+ return true;
}
+ } catch (NoSuchAlgorithmException e) {
+ log.debug("Failed to verify Credentials with {}: {} -> test next", credentials.toString(), e);
+ } catch (UnsupportedEncodingException e) {
+ log.debug("Failed to verify Credentials with {}: {} -> test next", credentials.toString(), e);
}
return false;
}
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java?rev=651221&r1=651220&r2=651221&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/AuthorizableImpl.java Thu Apr 24 04:35:05 2008
@@ -149,11 +149,18 @@
}
/**
- * Tests if a Value exists for a property at the given name.
- *
- * @param name
- * @return
- * @throws javax.jcr.RepositoryException
+ * @see Authorizable#getPropertyNames()
+ */
+ public Iterator getPropertyNames() throws RepositoryException {
+ List l = new ArrayList();
+ for (PropertyIterator it = node.getProperties(); it.hasNext();) {
+ String propName = it.nextProperty().getName();
+ l.add(propName);
+ }
+ return l.iterator();
+ }
+
+ /**
* @see #getProperty(String)
*/
public boolean hasProperty(String name) throws RepositoryException {
@@ -161,9 +168,6 @@
}
/**
- * @param name
- * @return the value or <code>null</code> if no value exists for the given name
- * @throws javax.jcr.RepositoryException
* @see #hasProperty(String)
* @see Authorizable#getProperty(String)
*/
@@ -188,7 +192,7 @@
* @see Authorizable#setProperty(String, Value)
*/
public synchronized void setProperty(String name, Value value) throws RepositoryException {
- checkProtectedProperty(getSession().getQName(name));
+ checkProtectedProperty(name);
try {
node.setProperty(name, value);
node.save();
@@ -208,7 +212,7 @@
* @see Authorizable#setProperty(String, Value[])
*/
public synchronized void setProperty(String name, Value[] values) throws RepositoryException {
- checkProtectedProperty(getSession().getQName(name));
+ checkProtectedProperty(name);
try {
node.setProperty(name, values);
node.save();
@@ -222,7 +226,7 @@
* @see Authorizable#removeProperty(String)
*/
public synchronized boolean removeProperty(String name) throws RepositoryException {
- checkProtectedProperty(getSession().getQName(name));
+ checkProtectedProperty(name);
try {
if (node.hasProperty(name)) {
// 'node' is protected -> use setValue instead of Property.remove()
@@ -270,8 +274,10 @@
}
/**
- * Check if the property to be modified/removed is one of the following that
- * has a special meaning and must be altered using this user API:
+ * Test if the JCR property to be modified/removed is one of the
+ * following that has a special meaning and must be altered using this
+ * user API:
+ * <ul>
* <ul>
* <li>rep:principalName</li>
* <li>rep:userId</li>
@@ -279,20 +285,36 @@
* <li>rep:members</li>
* <li>rep:impersonators</li>
* </ul>
- * Basically these properties are marked 'protected' in their property
- * definition. This method is a simple utility in order to save the
- * extra effort to modify the props just to find out later that they
- * are in fact protected.
+ * Those properties are 'protected' in their property definition. This
+ * method is a simple utility in order to save the extra effort to modify
+ * the props just to find out later that they are in fact protected.
*
- * @param pName
+ * @param propertyName
+ * @return
* @throws RepositoryException
*/
- private void checkProtectedProperty(Name pName) throws RepositoryException {
- if (P_PRINCIPAL_NAME.equals(pName) || P_USERID.equals(pName)
- || P_REFEREES.equals(pName) || P_MEMBERS.equals(pName)
- || P_IMPERSONATORS.equals(pName)) {
- throw new ConstraintViolationException("Attempt to modify protected property " + getSession().getJCRName(pName) + " of an Authorizable.");
- }
+ private boolean isProtectedProperty(String propertyName) throws RepositoryException {
+ Name pName = getSession().getQName(propertyName);
+ if (P_PRINCIPAL_NAME.equals(pName) || P_USERID.equals(pName)
+ || P_REFEREES.equals(pName) || P_MEMBERS.equals(pName)
+ || P_IMPERSONATORS.equals(pName)) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ /**
+ * Throws ConstraintViolationException if {@link #isProtectedProperty(String)}
+ * returns <code>true</code>.
+ *
+ * @param propertyName
+ * @throws RepositoryException
+ */
+ private void checkProtectedProperty(String propertyName) throws RepositoryException {
+ if (isProtectedProperty(propertyName)) {
+ throw new ConstraintViolationException("Attempt to modify protected property " + propertyName + " of an Authorizable.");
+ }
}
private List getRefereeValues() throws RepositoryException {
Modified: jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java?rev=651221&r1=651220&r2=651221&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/security/user/UserImpl.java Thu Apr 24 04:35:05 2008
@@ -29,8 +29,6 @@
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
-import java.util.Collections;
-import java.util.Iterator;
/**
* UserImpl
@@ -64,7 +62,7 @@
}
return new UserImpl(node, userManager);
}
-
+
//-------------------------------------------------------< Authorizable >---
/**
* @see Authorizable#getID()
@@ -84,11 +82,11 @@
/**
* @see User#getCredentials()
*/
- public Iterator getCredentials() throws RepositoryException {
+ public Credentials getCredentials() throws RepositoryException {
try {
String password = getNode().getProperty(P_PASSWORD).getString();
Credentials creds = new CryptedSimpleCredentials(getID(), password);
- return Collections.singletonList(creds).iterator();
+ return creds;
} catch (NoSuchAlgorithmException e) {
throw new RepositoryException(e);
} catch (UnsupportedEncodingException e) {
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AuthorizableTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AuthorizableTest.java?rev=651221&r1=651220&r2=651221&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AuthorizableTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/AuthorizableTest.java Thu Apr 24 04:35:05 2008
@@ -93,6 +93,11 @@
}
try {
+ boolean found = false;
+ for (Iterator it = auth.getPropertyNames(); it.hasNext() && !found;) {
+ found = propName.equals(it.next().toString());
+ }
+ assertTrue(found);
assertTrue(auth.hasProperty(propName));
assertTrue(auth.getProperty(propName).length == 1);
assertEquals(v, auth.getProperty(propName)[0]);
@@ -116,6 +121,11 @@
}
try {
+ boolean found = false;
+ for (Iterator it = auth.getPropertyNames(); it.hasNext() && !found;) {
+ found = propName.equals(it.next().toString());
+ }
+ assertTrue(found);
assertTrue(auth.hasProperty(propName));
assertEquals(Arrays.asList(v), Arrays.asList(auth.getProperty(propName)));
assertTrue(auth.removeProperty(propName));
@@ -125,6 +135,30 @@
}
}
+ public void testGetPropertyNames() throws NotExecutableException, RepositoryException {
+ Authorizable auth = getTestUser(superuser);
+
+ // TODO: retrieve propname and value from config
+ String propName = "Fullname";
+ Value v = superuser.getValueFactory().createValue("Super User");
+ try {
+ auth.setProperty(propName, v);
+ } catch (RepositoryException e) {
+ throw new NotExecutableException("Cannot test 'Authorizable.setProperty'.");
+ }
+
+ try {
+ for (Iterator it = auth.getPropertyNames(); it.hasNext();) {
+ String name = it.next().toString();
+ assertTrue(auth.hasProperty(name));
+ assertNotNull(auth.getProperty(name));
+ }
+ } finally {
+ // try to remove the property again even if previous calls failed.
+ auth.removeProperty(propName);
+ }
+ }
+
public void testGetNotExistingProperty() throws RepositoryException, NotExecutableException {
Authorizable auth = getTestUser(superuser);
String hint = "Fullname";
@@ -135,6 +169,7 @@
i++;
}
assertNull(auth.getProperty(propName));
+ assertFalse(auth.hasProperty(propName));
}
public void testRemoveNotExistingProperty() throws RepositoryException, NotExecutableException {
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserTest.java?rev=651221&r1=651220&r2=651221&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/api/security/user/UserTest.java Thu Apr 24 04:35:05 2008
@@ -21,7 +21,7 @@
import org.slf4j.LoggerFactory;
import javax.jcr.RepositoryException;
-import java.util.Iterator;
+import javax.jcr.Credentials;
/**
* <code>UserTest</code>...
@@ -47,7 +47,7 @@
public void testUserHasCredentials() throws RepositoryException, NotExecutableException {
User user = getTestUser(superuser);
- Iterator it = user.getCredentials();
- assertTrue(it.hasNext());
+ Credentials creds = user.getCredentials();
+ assertTrue(creds != null);
}
-}
\ No newline at end of file
+}
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java?rev=651221&r1=651220&r2=651221&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/AuthorizableImplTest.java Thu Apr 24 04:35:05 2008
@@ -16,10 +16,10 @@
*/
package org.apache.jackrabbit.core.security.user;
+import org.apache.jackrabbit.api.security.user.AbstractUserTest;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.core.NodeImpl;
-import org.apache.jackrabbit.api.security.user.AbstractUserTest;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.value.StringValue;
import org.slf4j.Logger;
Modified: jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java?rev=651221&r1=651220&r2=651221&view=diff
==============================================================================
--- jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java (original)
+++ jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/user/UserImplTest.java Thu Apr 24 04:35:05 2008
@@ -30,7 +30,6 @@
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import java.security.Principal;
-import java.util.Iterator;
/**
* <code>UserImplTest</code>...
@@ -66,12 +65,11 @@
public void testUserImplHasCryptedSimplCredentials() throws RepositoryException, NotExecutableException {
User user = getTestUser(superuser);
- Iterator it = user.getCredentials();
- assertTrue(it.hasNext());
+ Credentials creds = user.getCredentials();
+ assertNotNull(creds);
- Credentials crds = (Credentials) it.next();
- assertTrue(crds instanceof CryptedSimpleCredentials);
- assertEquals(((CryptedSimpleCredentials) crds).getUserID(), user.getID());
+ assertTrue(creds instanceof CryptedSimpleCredentials);
+ assertEquals(((CryptedSimpleCredentials) creds).getUserID(), user.getID());
}
public void testIsUser() throws RepositoryException {
@@ -92,4 +90,4 @@
u.removeProperty("Email");
assertNull(u.getProperty("Email"));
}
-}
\ No newline at end of file
+}