You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/04/23 17:09:19 UTC
svn commit: r1329274 - in
/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user:
UserManagerConfig.java UserManagerImpl.java action/
action/AuthorizableAction.java diff.txt
Author: angela
Date: Mon Apr 23 15:09:19 2012
New Revision: 1329274
URL: http://svn.apache.org/viewvc?rev=1329274&view=rev
Log:
OAK-50 - Implement User Management (WIP)
Added:
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/action/
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/action/AuthorizableAction.java
Modified:
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerConfig.java
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/diff.txt
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerConfig.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerConfig.java?rev=1329274&r1=1329273&r2=1329274&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerConfig.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerConfig.java Mon Apr 23 15:09:19 2012
@@ -16,13 +16,11 @@
*/
package org.apache.jackrabbit.oak.jcr.security.user;
+import org.apache.jackrabbit.oak.jcr.security.user.action.AuthorizableAction;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import javax.jcr.Node;
-import javax.jcr.Property;
-import javax.jcr.RepositoryException;
-import javax.jcr.Value;
+import java.util.Map;
/**
* UserManagerConfig...
@@ -49,50 +47,38 @@ public class UserManagerConfig {
*/
public static final String PARAM_PASSWORD_SALT_SIZE = "passwordSaltSize";
- // TODO: check if that can really be node, who would retrieve it and what kind of access rights needed to be enforced on it
- private final Node configNode;
+ private final Map<String, Object> config;
private final String adminId;
- //private final AuthorizableAction[] actions;
+ private final AuthorizableAction[] actions;
- UserManagerConfig(Node configNode, String adminId) {
- this.configNode = configNode;
+ UserManagerConfig(Map<String, Object> config, String adminId, AuthorizableAction[] actions) {
+ this.config = config;
this.adminId = adminId;
- // this.actions = (actions == null) ? new AuthorizableAction[0] : actions;
+ this.actions = (actions == null) ? new AuthorizableAction[0] : actions;
}
public <T> T getConfigValue(String key, T defaultValue) {
- try {
- if (configNode.hasProperty(key)) {
- return convert(configNode.getProperty(key), defaultValue);
- }
- } catch (RepositoryException e) {
- // unexpected error -> return default value
- log.debug(e.getMessage());
+ if (config != null && config.containsKey(key)) {
+ return convert(config.get(key), defaultValue);
+ } else {
+ return defaultValue;
}
- return defaultValue;
}
public String getAdminId() {
return adminId;
}
-// public AuthorizableAction[] getAuthorizableActions() {
-// return actions;
-// }
+ public AuthorizableAction[] getAuthorizableActions() {
+ return actions;
+ }
//--------------------------------------------------------< private >---
@SuppressWarnings("unchecked")
- private static <T> T convert(Property configProperty, T defaultValue) throws RepositoryException {
+ private static <T> T convert(Object configProperty, T defaultValue) {
T value;
- String str;
- // TODO properly deal with multi-value properties and array-default-values.
- if (configProperty.isMultiple()) {
- Value[] vls = configProperty.getValues();
- str = (vls.length == 0) ? "" : vls[0].getString();
- } else {
- str = configProperty.getString();
- }
- Class<?> targetClass = (defaultValue == null) ? String.class : defaultValue.getClass();
+ String str = configProperty.toString();
+ Class targetClass = (defaultValue == null) ? String.class : defaultValue.getClass();
try {
if (targetClass == String.class) {
value = (T) str;
@@ -106,13 +92,13 @@ public class UserManagerConfig {
value = (T) Boolean.valueOf(str);
} else {
// unsupported target type
- log.warn("Unsupported target type {} for config entry {}", targetClass.getName(), configProperty.getName());
- throw new IllegalArgumentException("Cannot convert config entry " + configProperty.getName() + " to " + targetClass.getName());
+ log.warn("Unsupported target type {} for value {}", targetClass.getName(), str);
+ throw new IllegalArgumentException("Cannot convert config entry " + str + " to " + targetClass.getName());
}
} catch (NumberFormatException e) {
- log.warn("Invalid value of config entry {}; cannot be parsed into {}", configProperty.getName(), targetClass.getName());
+ log.warn("Invalid value {}; cannot be parsed into {}", str, targetClass.getName());
value = defaultValue;
}
return value;
}
-}
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java?rev=1329274&r1=1329273&r2=1329274&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/UserManagerImpl.java Mon Apr 23 15:09:19 2012
@@ -26,6 +26,7 @@ import org.apache.jackrabbit.oak.api.Sca
import org.apache.jackrabbit.oak.jcr.NodeImpl;
import org.apache.jackrabbit.oak.jcr.SessionContext;
import org.apache.jackrabbit.oak.jcr.SessionImpl;
+import org.apache.jackrabbit.oak.jcr.security.user.action.AuthorizableAction;
import org.apache.jackrabbit.oak.jcr.util.ValueConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -176,8 +177,7 @@ public class UserManagerImpl implements
@Override
public Group createGroup(Principal principal, String intermediatePath) throws RepositoryException {
- String groupID = buildGroupID(principal.getName());
- return createGroup(groupID, principal, intermediatePath);
+ return createGroup(principal.getName(), principal, intermediatePath);
}
@Override
@@ -225,11 +225,13 @@ public class UserManagerImpl implements
* corresponding new node is persisted.
*
* @param user The new user.
- * @param pw The password.
+ * @param password The password.
* @throws RepositoryException If an exception occurs.
*/
- void onCreate(User user, String pw) throws RepositoryException {
- // TODO
+ void onCreate(User user, String password) throws RepositoryException {
+ for (AuthorizableAction action : config.getAuthorizableActions()) {
+ action.onCreate(user, password, sessionContext.getSession());
+ }
}
/**
@@ -241,7 +243,9 @@ public class UserManagerImpl implements
* @throws RepositoryException If an exception occurs.
*/
void onCreate(Group group) throws RepositoryException {
- // TODO
+ for (AuthorizableAction action : config.getAuthorizableActions()) {
+ action.onCreate(group, sessionContext.getSession());
+ }
}
/**
@@ -253,7 +257,9 @@ public class UserManagerImpl implements
* @throws RepositoryException If an exception occurs.
*/
void onRemove(Authorizable authorizable) throws RepositoryException {
- // TODO
+ for (AuthorizableAction action : config.getAuthorizableActions()) {
+ action.onRemove(authorizable, sessionContext.getSession());
+ }
}
/**
@@ -266,7 +272,9 @@ public class UserManagerImpl implements
* @throws RepositoryException If an exception occurs.
*/
void onPasswordChange(User user, String password) throws RepositoryException {
- // TODO
+ for (AuthorizableAction action : config.getAuthorizableActions()) {
+ action.onPasswordChange(user, password, sessionContext.getSession());
+ }
}
//--------------------------------------------------------------------------
@@ -354,11 +362,6 @@ public class UserManagerImpl implements
return null;
}
- private String buildGroupID(String principalName) {
- // TODO
- return principalName;
- }
-
private void checkValidID(String authorizableID) {
// TODO
}
Added: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/action/AuthorizableAction.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/action/AuthorizableAction.java?rev=1329274&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/action/AuthorizableAction.java (added)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/action/AuthorizableAction.java Mon Apr 23 15:09:19 2012
@@ -0,0 +1,89 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.jcr.security.user.action;
+
+import org.apache.jackrabbit.api.security.user.Authorizable;
+import org.apache.jackrabbit.api.security.user.Group;
+import org.apache.jackrabbit.api.security.user.User;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Session;
+
+/**
+ * The {@code AuthorizableAction} interface provide an implementation
+ * specific way to execute additional validation or write tasks upon
+ *
+ * <ul>
+ * <li>{@link #onCreate(org.apache.jackrabbit.api.security.user.User, String, javax.jcr.Session) User creation},</li>
+ * <li>{@link #onCreate(org.apache.jackrabbit.api.security.user.Group, javax.jcr.Session) Group creation},</li>
+ * <li>{@link #onRemove(org.apache.jackrabbit.api.security.user.Authorizable, javax.jcr.Session) Authorizable removal} and</li>
+ * <li>{@link #onPasswordChange(org.apache.jackrabbit.api.security.user.User, String, javax.jcr.Session) User password modification}.</li>
+ * </ul>
+ *
+ * @see org.apache.jackrabbit.oak.jcr.security.user.UserManagerConfig
+ */
+public interface AuthorizableAction {
+
+ /**
+ * Allows to add application specific modifications or validation associated
+ * with the creation of a new group. Note, that this method is called
+ * <strong>before</strong> any {@code Session.save} call.
+ *
+ * @param group The new group that has not yet been persisted;
+ * e.g. the associated node is still 'NEW'.
+ * @param session The editing session associated with the user manager.
+ * @throws javax.jcr.RepositoryException If an error occurs.
+ */
+ void onCreate(Group group, Session session) throws RepositoryException;
+
+ /**
+ * Allows to add application specific modifications or validation associated
+ * with the creation of a new user. Note, that this method is called
+ * <strong>before</strong> any {@code Session.save} call.
+ *
+ * @param user The new user that has not yet been persisted;
+ * e.g. the associated node is still 'NEW'.
+ * @param password The password that was specified upon user creation.
+ * @param session The editing session associated with the user manager.
+ * @throws RepositoryException If an error occurs.
+ */
+ void onCreate(User user, String password, Session session) throws RepositoryException;
+
+ /**
+ * Allows to add application specific behavior associated with the removal
+ * of an authorizable. Note, that this method is called <strong>before</strong>
+ * {@link org.apache.jackrabbit.api.security.user.Authorizable#remove} is executed (and persisted); thus the
+ * target authorizable still exists.
+ *
+ * @param authorizable The authorizable to be removed.
+ * @param session The editing session associated with the user manager.
+ * @throws RepositoryException If an error occurs.
+ */
+ void onRemove(Authorizable authorizable, Session session) throws RepositoryException;
+
+ /**
+ * Allows to add application specific action or validation associated with
+ * changing a user password. Note, that this method is called <strong>before</strong>
+ * the password property is being modified in the content.
+ *
+ * @param user The user that whose password is going to change.
+ * @param newPassword The new password as specified in {@link User#changePassword}
+ * @param session The editing session associated with the user manager.
+ * @throws RepositoryException If an exception or error occurs.
+ */
+ void onPasswordChange(User user, String newPassword, Session session) throws RepositoryException;
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/diff.txt
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/diff.txt?rev=1329274&r1=1329273&r2=1329274&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/diff.txt (original)
+++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/diff.txt Mon Apr 23 15:09:19 2012
@@ -13,6 +13,7 @@ Unsupported Operations:
UserManager:
- UserManager#isAutoSave() always returns false
- password not mandatory upon creation (TODO: check again)
+- no groupID generation for UserManager#createGroup(Principal) as alternative createGroup methods with ID param exist
Authorizable:
- setProperty, removeProperty executes no extra shortcut check for protected properties