You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2015/10/29 18:59:54 UTC
svn commit: r1711313 [2/2] - in /jackrabbit/oak/trunk:
oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/
oak-core/src/main/java/org/apache/jackrabbit/oak/security/
oak-core/src/main/java/org/apache/jackr...
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderScopeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderScopeTest.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderScopeTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderScopeTest.java Thu Oct 29 17:59:53 2015
@@ -19,7 +19,6 @@ package org.apache.jackrabbit.oak.securi
import java.util.List;
import java.util.Map;
import java.util.Set;
-
import javax.jcr.Session;
import com.google.common.collect.ImmutableList;
@@ -54,10 +53,6 @@ import static org.junit.Assert.assertTru
* The tests are executed both for the set of principals associated with the test
* user and with the admin session.
*
- * The expected outcome is that the custom provider only takes effect at the repo
- * level. The effective permissions are the as defined for the default provider
- * outside of the scope of the custom provider.
- *
* At the repository level, the effective result is as follows:
* - admin has full access at repo-level without namespace management (which is denied)
* - test user has only nodetype-definition-mgt left as namespace management is
@@ -95,24 +90,24 @@ public class CompositeProviderScopeTest
cppTestUser = createPermissionProvider(getTestUser().getPrincipal(), EveryonePrincipal.getInstance());
cppAdminUser = createPermissionProvider(root.getContentSession().getAuthInfo().getPrincipals());
- pbp = new PrivilegeBitsProvider(root);
+ pbp = new PrivilegeBitsProvider(readOnlyRoot);
denied = pbp.getBits(JCR_ADD_CHILD_NODES, REP_ADD_PROPERTIES);
}
@Override
protected AggregatedPermissionProvider getTestPermissionProvider() {
if (testProvider == null) {
- testProvider = new LimitedScopeProvider(root);
+ testProvider = new LimitedScopeProvider(readOnlyRoot);
}
return testProvider;
}
@Test
public void testGetPrivileges() throws Exception {
- PrivilegeBitsProvider pbp = new PrivilegeBitsProvider(root);
+ PrivilegeBitsProvider pbp = new PrivilegeBitsProvider(readOnlyRoot);
for (String path : defPrivileges.keySet()) {
- Tree tree = root.getTree(path);
+ Tree tree = readOnlyRoot.getTree(path);
Set<String> defaultPrivs = defPrivileges.get(path);
Set<String> privNames = cppTestUser.getPrivileges(tree);
@@ -129,7 +124,7 @@ public class CompositeProviderScopeTest
@Test
public void testGetPrivilegesAdmin() throws Exception {
for (String path : NODE_PATHS) {
- Tree tree = root.getTree(path);
+ Tree tree = readOnlyRoot.getTree(path);
Set<String> privNames = cppAdminUser.getPrivileges(tree);
if (testProvider.isSupported(path)) {
@@ -158,8 +153,7 @@ public class CompositeProviderScopeTest
public void testHasPrivileges() throws Exception {
for (String path : defPrivileges.keySet()) {
Set<String> defaultPrivs = defPrivileges.get(path);
- PrivilegeBits defaultBits = pbp.getBits(defaultPrivs);
- Tree tree = root.getTree(path);
+ Tree tree = readOnlyRoot.getTree(path);
if (testProvider.isSupported(path)) {
Set<String> expected = pbp.getPrivilegeNames(pbp.getBits(defaultPrivs).modifiable().diff(denied));
@@ -178,7 +172,7 @@ public class CompositeProviderScopeTest
public void testHasPrivilegesAdmin() throws Exception {
Set<String> expectedAllowed = pbp.getPrivilegeNames(pbp.getBits(JCR_ALL).modifiable().diff(pbp.getBits(JCR_ADD_CHILD_NODES, REP_ADD_PROPERTIES)));
for (String path : NODE_PATHS) {
- Tree tree = root.getTree(path);
+ Tree tree = readOnlyRoot.getTree(path);
if (testProvider.isSupported(path)) {
assertTrue(cppAdminUser.hasPrivileges(tree, expectedAllowed.toArray(new String[expectedAllowed.size()])));
@@ -217,7 +211,7 @@ public class CompositeProviderScopeTest
public void testIsGranted() throws Exception {
for (String p : defPermissions.keySet()) {
long defaultPerms = defPermissions.get(p);
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
if (testProvider.isSupported(p)) {
long expected = Permissions.diff(defaultPerms, Permissions.ADD_NODE|Permissions.ADD_PROPERTY);
@@ -236,7 +230,7 @@ public class CompositeProviderScopeTest
@Test
public void testIsGrantedAdmin() throws Exception {
for (String path : NODE_PATHS) {
- Tree tree = root.getTree(path);
+ Tree tree = readOnlyRoot.getTree(path);
if (testProvider.isSupported(path)) {
assertTrue(cppAdminUser.isGranted(tree, null, Permissions.diff(Permissions.ALL, Permissions.ADD_NODE|Permissions.ADD_PROPERTY)));
@@ -254,7 +248,7 @@ public class CompositeProviderScopeTest
public void testIsGrantedProperty() throws Exception {
for (String p : defPermissions.keySet()) {
long defaultPerms = defPermissions.get(p);
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
if (testProvider.isSupported(p)) {
long expected = Permissions.diff(defaultPerms, Permissions.ADD_NODE|Permissions.ADD_PROPERTY);
@@ -272,7 +266,7 @@ public class CompositeProviderScopeTest
@Test
public void testIsGrantedPropertyAdmin() throws Exception {
for (String p : NODE_PATHS) {
- Tree tree = root.getTree(p);
+ Tree tree = readOnlyRoot.getTree(p);
if (testProvider.isSupported(p)) {
assertTrue(cppAdminUser.isGranted(tree, PROPERTY_STATE, Permissions.diff(Permissions.ALL, Permissions.ADD_NODE|Permissions.ADD_PROPERTY)));
@@ -297,7 +291,7 @@ public class CompositeProviderScopeTest
Set<String> expected = Sets.newHashSet(actions);
expected.removeAll(denied);
- boolean canSetProperty = TreeLocation.create(root, p).getProperty() != null;
+ boolean canSetProperty = TreeLocation.create(readOnlyRoot, p).getProperty() != null;
if (!canSetProperty) {
expected.remove(Session.ACTION_SET_PROPERTY);
}
@@ -380,7 +374,7 @@ public class CompositeProviderScopeTest
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
- TreePermission tp = cppTestUser.getTreePermission(root.getTree(path), parentPermission);
+ TreePermission tp = cppTestUser.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
Long toTest = (defPermissions.containsKey(path)) ? defPermissions.get(path) : defPermissions.get(PathUtils.getAncestorPath(path, 1));
if (toTest != null) {
@@ -400,7 +394,7 @@ public class CompositeProviderScopeTest
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
- TreePermission tp = cppAdminUser.getTreePermission(root.getTree(path), parentPermission);
+ TreePermission tp = cppAdminUser.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
if (testProvider.isSupported(path)) {
assertTrue(path, tp.isGranted(Permissions.diff(Permissions.ALL, Permissions.ADD_NODE|Permissions.ADD_PROPERTY)));
@@ -414,7 +408,7 @@ public class CompositeProviderScopeTest
parentPermission = TreePermission.EMPTY;
for (String nodePath : PATH_OUTSIDE_SCOPE) {
- Tree tree = root.getTree(nodePath);
+ Tree tree = readOnlyRoot.getTree(nodePath);
TreePermission tp = cppAdminUser.getTreePermission(tree, parentPermission);
assertTrue(nodePath, tp.isGranted(Permissions.ALL));
@@ -428,7 +422,7 @@ public class CompositeProviderScopeTest
TreePermission parentPermission = TreePermission.EMPTY;
for (String path : TP_PATHS) {
- TreePermission tp = cppTestUser.getTreePermission(root.getTree(path), parentPermission);
+ TreePermission tp = cppTestUser.getTreePermission(readOnlyRoot.getTree(path), parentPermission);
Long toTest = (defPermissions.containsKey(path)) ? defPermissions.get(path) : defPermissions.get(PathUtils.getAncestorPath(path, 1));
if (toTest != null) {
if (testProvider.isSupported(path)) {
@@ -455,7 +449,7 @@ public class CompositeProviderScopeTest
TreePermission parentPermission = TreePermission.EMPTY;
for (String nodePath : readMap.keySet()) {
- Tree tree = root.getTree(nodePath);
+ Tree tree = readOnlyRoot.getTree(nodePath);
TreePermission tp = cppTestUser.getTreePermission(tree, parentPermission);
boolean expectedResult = readMap.get(nodePath);
@@ -478,7 +472,7 @@ public class CompositeProviderScopeTest
TreePermission parentPermission = TreePermission.EMPTY;
for (String nodePath : readMap.keySet()) {
- Tree tree = root.getTree(nodePath);
+ Tree tree = readOnlyRoot.getTree(nodePath);
TreePermission tp = cppTestUser.getTreePermission(tree, parentPermission);
assertEquals(nodePath, readMap.get(nodePath), tp.canRead(PROPERTY_STATE));
@@ -492,7 +486,7 @@ public class CompositeProviderScopeTest
TreePermission parentPermission = TreePermission.EMPTY;
for (String nodePath : TP_PATHS) {
- Tree tree = root.getTree(nodePath);
+ Tree tree = readOnlyRoot.getTree(nodePath);
TreePermission tp = cppAdminUser.getTreePermission(tree, parentPermission);
@@ -508,23 +502,23 @@ public class CompositeProviderScopeTest
TreePermission parentPermission = TreePermission.EMPTY;
for (String nodePath : TP_PATHS) {
- Tree tree = root.getTree(nodePath);
+ Tree tree = readOnlyRoot.getTree(nodePath);
TreePermission tp = cppAdminUser.getTreePermission(tree, parentPermission);
assertFalse(nodePath, tp.canReadAll());
- assertFalse(nodePath, tp.canReadProperties());
+ assertTrue(nodePath, tp.canReadProperties());
parentPermission = tp;
}
parentPermission = TreePermission.EMPTY;
for (String nodePath : PATH_OUTSIDE_SCOPE) {
- Tree tree = root.getTree(nodePath);
+ Tree tree = readOnlyRoot.getTree(nodePath);
TreePermission tp = cppAdminUser.getTreePermission(tree, parentPermission);
assertFalse(nodePath, tp.canReadAll());
- assertFalse(nodePath, tp.canReadProperties());
+ assertTrue(nodePath, tp.canReadProperties());
parentPermission = tp;
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermissionTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermissionTest.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermissionTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermissionTest.java Thu Oct 29 17:59:53 2015
@@ -17,11 +17,9 @@
package org.apache.jackrabbit.oak.security.authorization.composite;
import java.lang.reflect.Field;
-import java.util.List;
-import java.util.Map;
-import com.google.common.collect.ImmutableList;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
import org.apache.jackrabbit.oak.plugins.tree.RootFactory;
import org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree;
@@ -35,21 +33,28 @@ import static org.junit.Assert.assertEqu
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
public class CompositeTreePermissionTest extends AbstractSecurityTest {
+ private Root readOnlyRoot;
private ImmutableTree rootTree;
+ private AggregatedPermissionProvider fullScopeProvider;
+
@Override
public void before() throws Exception {
super.before();
NodeUtil rootNode = new NodeUtil(root.getTree("/"));
- NodeUtil test = rootNode.addChild("test", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
+ rootNode.addChild("test", NodeTypeConstants.NT_OAK_UNSTRUCTURED);
root.commit();
- rootTree = (ImmutableTree) RootFactory.createReadOnlyRoot(root).getTree("/");
+ readOnlyRoot = RootFactory.createReadOnlyRoot(root);
+ rootTree = (ImmutableTree) readOnlyRoot.getTree("/");
+
+ fullScopeProvider = new FullScopeProvider(readOnlyRoot);
}
@Override
@@ -63,40 +68,60 @@ public class CompositeTreePermissionTest
}
}
- private List<AggregatedPermissionProvider> getProviders() {
- return ImmutableList.<AggregatedPermissionProvider>of(new FullScopeProvider(root));
+ private AggregatedPermissionProvider[] getProviders(AggregatedPermissionProvider... providers) {
+ return providers;
}
@Test
- public void testEmptyProviderList() {
- CompositeTreePermission parent = new CompositeTreePermission(ImmutableList.<AggregatedPermissionProvider>of());
- assertFalse(parent.canRead());
-
- CompositeTreePermission rootTp = new CompositeTreePermission(rootTree, parent);
+ public void testEmpty() {
+ TreePermission rootTp = CompositeTreePermission.create(rootTree, getProviders());
+ assertSame(TreePermission.EMPTY, rootTp);
assertFalse(rootTp.canRead());
-
- CompositeTreePermission testTp = new CompositeTreePermission(rootTree.getChild("test"), rootTp);
- assertFalse(testTp.canRead());
}
- @Test(expected = IllegalStateException.class)
- public void testGetChildOnParent() {
- NodeState childState = rootTree.getChild("test").getNodeState();
- CompositeTreePermission parent = new CompositeTreePermission(getProviders());
- parent.getChildPermission("illegal", childState);
+ @Test
+ public void testSingle() {
+ Class<? extends TreePermission> expected = fullScopeProvider.getTreePermission(rootTree, TreePermission.EMPTY).getClass();
+
+ TreePermission rootTp = CompositeTreePermission.create(rootTree, getProviders(fullScopeProvider));
+ assertFalse(rootTp instanceof CompositeTreePermission);
+ assertEquals(expected, rootTp.getClass());
+
+ TreePermission testTp = rootTp.getChildPermission("test", rootTree.getChild("test").getNodeState());
+ assertEquals(expected, testTp.getClass());
}
@Test
- public void testGetChildOnRoot() {
- CompositeTreePermission rootTp = new CompositeTreePermission(rootTree,
- new CompositeTreePermission(getProviders()));
+ public void testMultiple() {
+ TreePermission rootTp = CompositeTreePermission.create(rootTree, getProviders(fullScopeProvider, fullScopeProvider));
+ assertTrue(rootTp instanceof CompositeTreePermission);
+
TreePermission testTp = rootTp.getChildPermission("test", rootTree.getChild("test").getNodeState());
+ assertTrue(testTp instanceof CompositeTreePermission);
+ }
+
+ @Test
+ public void testMultipleNoRecurse() {
+ TreePermission rootTp = CompositeTreePermission.create(rootTree, getProviders(new NoScopeProvider(), new NoScopeProvider()));
+ assertTrue(rootTp instanceof CompositeTreePermission);
+
+ assertSame(TreePermission.EMPTY, rootTp.getChildPermission("test", rootTree.getChild("test").getNodeState()));
+ }
+
+ @Test
+ public void testMultipleToSingle() {
+ TreePermission rootTp = CompositeTreePermission.create(rootTree, getProviders(fullScopeProvider, new NoScopeProvider(), new NoScopeProvider()));
+ assertTrue(rootTp instanceof CompositeTreePermission);
+
+ NodeState childState = rootTree.getChild("test").getNodeState();
+ TreePermission testTp = rootTp.getChildPermission("test", childState);
+ TreePermission expected = fullScopeProvider.getTreePermission(rootTree, TreePermission.EMPTY).getChildPermission("test", childState);
+ assertEquals(expected.getClass(), testTp.getClass());
}
@Test
public void testCanRead() throws Exception {
- CompositeTreePermission rootTp = new CompositeTreePermission(rootTree,
- new CompositeTreePermission(getProviders()));
+ TreePermission rootTp = CompositeTreePermission.create(rootTree, getProviders(fullScopeProvider, fullScopeProvider));
Field f = CompositeTreePermission.class.getDeclaredField("canRead");
f.setAccessible(true);
@@ -112,17 +137,10 @@ public class CompositeTreePermissionTest
@Test
public void testParentNoRecourse() throws Exception {
- Field f = CompositeTreePermission.class.getDeclaredField("map");
+ Field f = CompositeTreePermission.class.getDeclaredField("providers");
f.setAccessible(true);
- CompositeTreePermission rootTp = new CompositeTreePermission(rootTree,
- new CompositeTreePermission(ImmutableList.<AggregatedPermissionProvider>of(new NoScopeProvider())));
- assertFalse(rootTp.canRead());
- assertEquals(1, ((Map) f.get(rootTp)).size());
-
-
- TreePermission testTp = rootTp.getChildPermission("test", rootTree.getChild("test").getNodeState());
- assertFalse(testTp.canRead());
- assertTrue(((Map) f.get(testTp)).isEmpty());
+ TreePermission rootTp = CompositeTreePermission.create(rootTree, getProviders(new NoScopeProvider()));
+ assertSame(TreePermission.NO_RECOURSE, rootTp);
}
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/LimitedScopeProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/LimitedScopeProvider.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/LimitedScopeProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/LimitedScopeProvider.java Thu Oct 29 17:59:53 2015
@@ -124,14 +124,7 @@ class LimitedScopeProvider implements Ag
@Nonnull
@Override
public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreePermission parentPermission) {
- String path = tree.getPath();
- if (isSupported(path)) {
- return new TestTreePermission(path);
- } else if (Text.isDescendant(path, AbstractCompositeProviderTest.TEST_A_PATH)) {
- return TreePermission.EMPTY;
- } else {
- return TreePermission.NO_RECOURSE;
- }
+ return createTreePermission(tree.getPath());
}
@Override
@@ -235,7 +228,62 @@ class LimitedScopeProvider implements Ag
return Text.isDescendantOrEqual(AbstractCompositeProviderTest.TEST_A_PATH, path);
}
- private final class TestTreePermission implements TreePermission {
+ private static TreePermission createTreePermission(@Nonnull String path) {
+ if (isSupported(path)) {
+ return new TestTreePermission(path);
+ } else if (Text.isDescendant(path, AbstractCompositeProviderTest.TEST_A_PATH)) {
+ return new EmptyTestPermission(path);
+ } else {
+ return TreePermission.NO_RECOURSE;
+ }
+ }
+
+ private static final class EmptyTestPermission implements TreePermission {
+
+ private final String path;
+
+ private EmptyTestPermission(@Nonnull String path) {
+ this.path = path;
+ }
+
+ @Nonnull
+ @Override
+ public TreePermission getChildPermission(@Nonnull String childName, @Nonnull NodeState childState) {
+ return createTreePermission(PathUtils.concat(path, childName));
+ }
+
+ @Override
+ public boolean canRead() {
+ return false;
+ }
+
+ @Override
+ public boolean canRead(@Nonnull PropertyState property) {
+ return false;
+ }
+
+ @Override
+ public boolean canReadAll() {
+ return false;
+ }
+
+ @Override
+ public boolean canReadProperties() {
+ return false;
+ }
+
+ @Override
+ public boolean isGranted(long permissions) {
+ return false;
+ }
+
+ @Override
+ public boolean isGranted(long permissions, @Nonnull PropertyState property) {
+ return false;
+ }
+ }
+
+ private static final class TestTreePermission implements TreePermission {
private final String path;
@@ -246,7 +294,7 @@ class LimitedScopeProvider implements Ag
@Nonnull
@Override
public TreePermission getChildPermission(@Nonnull String childName, @Nonnull NodeState childState) {
- return new TestTreePermission(PathUtils.concat(path, childName));
+ return createTreePermission(PathUtils.concat(path, childName));
}
@Override
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/CompositeConfigurationTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/CompositeConfigurationTest.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/CompositeConfigurationTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/CompositeConfigurationTest.java Thu Oct 29 17:59:53 2015
@@ -16,12 +16,16 @@
*/
package org.apache.jackrabbit.oak.spi.security;
+import java.lang.reflect.Field;
import java.util.List;
+import javax.annotation.Nonnull;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotSame;
+import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
@@ -93,4 +97,66 @@ public class CompositeConfigurationTest
assertEquals(1, configurations.size());
assertEquals(def, configurations.iterator().next());
}
+
+ @Test
+ public void testGetContext() throws Exception {
+ Class cls = Class.forName(CompositeConfiguration.class.getName() + "$CompositeContext");
+ Field def = cls.getDeclaredField("defaultCtx");
+ def.setAccessible(true);
+
+ Field delegatees = cls.getDeclaredField("delegatees");
+ delegatees.setAccessible(true);
+
+ Context ctx = compositeConfiguration.getContext();
+ assertSame(cls, ctx.getClass());
+ assertNull(delegatees.get(ctx));
+ assertSame(Context.DEFAULT, def.get(ctx));
+
+ SecurityConfiguration sc = new TestConfiguration();
+ compositeConfiguration.setDefaultConfig(sc);
+ ctx = compositeConfiguration.getContext();
+ assertNull(delegatees.get(ctx));
+ assertSame(sc.getContext(), def.get(ctx));
+ assertSame(cls, ctx.getClass());
+
+ compositeConfiguration.addConfiguration(sc);
+ ctx = compositeConfiguration.getContext();
+ assertNotSame(sc.getContext(), ctx);
+ assertEquals(1, ((Context[]) delegatees.get(ctx)).length);
+
+ // add configuration that has DEFAULT ctx -> must not be added
+ SecurityConfiguration defConfig = new SecurityConfiguration.Default();
+ compositeConfiguration.addConfiguration(defConfig);
+ assertEquals(1, ((Context[]) delegatees.get(compositeConfiguration.getContext())).length);
+
+ // add same test configuration again -> no duplicate entries
+ compositeConfiguration.addConfiguration(sc);
+ assertEquals(1, ((Context[]) delegatees.get(compositeConfiguration.getContext())).length);
+
+ SecurityConfiguration sc2 = new TestConfiguration();
+ compositeConfiguration.addConfiguration(sc2);
+ assertEquals(2, ((Context[]) delegatees.get(compositeConfiguration.getContext())).length);
+
+ compositeConfiguration.removeConfiguration(sc2);
+ assertEquals(1, ((Context[]) delegatees.get(compositeConfiguration.getContext())).length);
+
+ compositeConfiguration.removeConfiguration(sc);
+ compositeConfiguration.removeConfiguration(sc);
+ compositeConfiguration.removeConfiguration(defConfig);
+ assertNull(delegatees.get(compositeConfiguration.getContext()));
+ }
+
+ private static final class TestConfiguration extends SecurityConfiguration.Default {
+
+ private final Context ctx = new TestContext();
+ @Nonnull
+ @Override
+ public Context getContext() {
+ return ctx;
+ }
+ }
+
+ private static final class TestContext extends Context.Default {
+
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java?rev=1711313&r1=1711312&r2=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java (original)
+++ jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/BenchmarkRunner.java Thu Oct 29 17:59:53 2015
@@ -231,7 +231,7 @@ public class BenchmarkRunner {
runAsAdmin.value(options),
itemsToRead.value(options),
report.value(options)),
- new CompositeAuthorizationReadTest(
+ new CompositeAuthorizationTest(
runAsAdmin.value(options),
itemsToRead.value(options)), // TODO: is currently the no of configurations (hack)
new ConcurrentReadDeepTreeTest(
Copied: jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/CompositeAuthorizationTest.java (from r1710980, jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/CompositeAuthorizationReadTest.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/CompositeAuthorizationTest.java?p2=jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/CompositeAuthorizationTest.java&p1=jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/CompositeAuthorizationReadTest.java&r1=1710980&r2=1711313&rev=1711313&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/CompositeAuthorizationReadTest.java (original)
+++ jackrabbit/oak/trunk/oak-run/src/main/java/org/apache/jackrabbit/oak/benchmark/CompositeAuthorizationTest.java Thu Oct 29 17:59:53 2015
@@ -18,7 +18,6 @@ package org.apache.jackrabbit.oak.benchm
import java.security.Principal;
import java.util.Collections;
-import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.Nonnull;
@@ -36,9 +35,9 @@ import org.apache.jackrabbit.oak.fixture
import org.apache.jackrabbit.oak.jcr.Jcr;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.tree.RootFactory;
+import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
-import org.apache.jackrabbit.oak.security.authorization.permission.PermissionUtil;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
@@ -46,23 +45,28 @@ import org.apache.jackrabbit.oak.spi.lif
import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.Context;
-import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
-import org.apache.jackrabbit.oak.spi.security.authorization.permission.OpenPermissionProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
+import static com.google.common.base.Preconditions.checkNotNull;
+
/**
- * CompositeAuthorizationReadTest... TODO
+ * Test the effect of multiple authorization configurations on the general read
+ * operations.
*/
-public class CompositeAuthorizationReadTest extends ReadDeepTreeTest {
+public class CompositeAuthorizationTest extends ReadDeepTreeTest {
private int cnt;
- protected CompositeAuthorizationReadTest(boolean runAsAdmin, int cntConfigurations) {
+ protected CompositeAuthorizationTest(boolean runAsAdmin, int cntConfigurations) {
super(runAsAdmin, 1000, false);
cnt = cntConfigurations;
}
@@ -83,147 +87,110 @@ public class CompositeAuthorizationReadT
private static final class TmpSecurityProvider extends SecurityProviderImpl {
- private final int cnt;
-
private TmpSecurityProvider(int cnt) {
- this.cnt = cnt;
+ super();
+
+ AuthorizationConfiguration authorizationConfiguration = getConfiguration(AuthorizationConfiguration.class);
+ if (!(authorizationConfiguration instanceof CompositeAuthorizationConfiguration)) {
+ throw new IllegalStateException();
+ } else {
+ final AuthorizationConfiguration defConfig = checkNotNull(((CompositeAuthorizationConfiguration) authorizationConfiguration).getDefaultConfig());
+ for (int i = 0; i < cnt; i++) {
+ bindAuthorizationConfiguration(new TmpAuthorizationConfig(defConfig));
+ }
+ bindAuthorizationConfiguration(defConfig);
+ }
+ }
+ }
+
+ private static final class TmpAuthorizationConfig implements AuthorizationConfiguration {
+
+ private final AuthorizationConfiguration defConfig;
+
+ private TmpAuthorizationConfig(@Nonnull AuthorizationConfiguration defConfig) {
+ this.defConfig = defConfig;
}
@Nonnull
@Override
- public ConfigurationParameters getParameters(@Nullable String name) {
- return ConfigurationParameters.EMPTY;
+ public AccessControlManager getAccessControlManager(@Nonnull Root root, @Nonnull NamePathMapper namePathMapper) {
+ return defConfig.getAccessControlManager(root, namePathMapper);
}
@Nonnull
@Override
- public Iterable<? extends SecurityConfiguration> getConfigurations() {
- Set<SecurityConfiguration> configs = (Set<SecurityConfiguration>) super.getConfigurations();
+ public RestrictionProvider getRestrictionProvider() {
+ return defConfig.getRestrictionProvider();
+ }
- CompositeAuthorizationConfiguration composite = new CompositeAuthorizationConfiguration(this);
- Iterator<SecurityConfiguration> it = configs.iterator();
- AuthorizationConfiguration base = null;
- while (it.hasNext()) {
- SecurityConfiguration sc = it.next();
- if (sc instanceof AuthorizationConfiguration) {
- base = (AuthorizationConfiguration) sc;
- it.remove();
- break;
- }
- }
- fillComposite(composite, base, cnt);
- configs.add(composite);
+ @Nonnull
+ @Override
+ public PermissionProvider getPermissionProvider(@Nonnull Root root, @Nonnull String workspaceName, @Nonnull Set<Principal> principals) {
+ return new TmpPermissionProvider(root);
+ }
- return configs;
+ @Nonnull
+ @Override
+ public String getName() {
+ return defConfig.getName();
}
@Nonnull
@Override
- public <T> T getConfiguration(@Nonnull Class<T> configClass) {
- T c = super.getConfiguration(configClass);
- if (AuthorizationConfiguration.class == configClass) {
- CompositeAuthorizationConfiguration composite = new CompositeAuthorizationConfiguration(this);
- fillComposite(composite, (AuthorizationConfiguration) c, cnt);
- return (T) composite;
- } else {
- return c;
- }
+ public ConfigurationParameters getParameters() {
+ return defConfig.getParameters();
}
- private static void fillComposite(CompositeAuthorizationConfiguration composite,
- final AuthorizationConfiguration base,
- int cnt) {
- composite.addConfiguration(base);
- for (int i = 0; i < cnt; i++) {
- composite.addConfiguration(new AuthorizationConfiguration() {
-
- @Nonnull
- @Override
- public AccessControlManager getAccessControlManager(@Nonnull Root root, @Nonnull NamePathMapper namePathMapper) {
- return base.getAccessControlManager(root, namePathMapper);
- }
-
- @Nonnull
- @Override
- public RestrictionProvider getRestrictionProvider() {
- return base.getRestrictionProvider();
- }
-
- @Nonnull
- @Override
- public PermissionProvider getPermissionProvider(@Nonnull Root root, @Nonnull String workspaceName, @Nonnull Set<Principal> principals) {
- return new TmpPermissionProvider(root);
- }
-
- @Nonnull
- @Override
- public String getName() {
- return base.getName();
- }
-
- @Nonnull
- @Override
- public ConfigurationParameters getParameters() {
- return base.getParameters();
- }
-
- @Nonnull
- @Override
- public WorkspaceInitializer getWorkspaceInitializer() {
- return WorkspaceInitializer.DEFAULT;
- }
-
- @Nonnull
- @Override
- public RepositoryInitializer getRepositoryInitializer() {
- return RepositoryInitializer.DEFAULT;
- }
-
- @Nonnull
- @Override
- public List<? extends CommitHook> getCommitHooks(@Nonnull String workspaceName) {
- return Collections.EMPTY_LIST;
- }
-
- @Nonnull
- @Override
- public List<? extends ValidatorProvider> getValidators(@Nonnull String workspaceName, @Nonnull Set<Principal> principals, @Nonnull MoveTracker moveTracker) {
- return Collections.EMPTY_LIST;
- }
-
- @Nonnull
- @Override
- public List<ProtectedItemImporter> getProtectedItemImporters() {
- return Collections.EMPTY_LIST;
- }
-
- @Nonnull
- @Override
- public Context getContext() {
- return base.getContext();
- }
- });
- }
+ @Nonnull
+ @Override
+ public WorkspaceInitializer getWorkspaceInitializer() {
+ return WorkspaceInitializer.DEFAULT;
+ }
+ @Nonnull
+ @Override
+ public RepositoryInitializer getRepositoryInitializer() {
+ return RepositoryInitializer.DEFAULT;
+ }
+
+ @Nonnull
+ @Override
+ public List<? extends CommitHook> getCommitHooks(@Nonnull String workspaceName) {
+ return Collections.EMPTY_LIST;
+ }
+
+ @Nonnull
+ @Override
+ public List<? extends ValidatorProvider> getValidators(@Nonnull String workspaceName, @Nonnull Set<Principal> principals, @Nonnull MoveTracker moveTracker) {
+ return Collections.EMPTY_LIST;
+ }
+
+ @Nonnull
+ @Override
+ public List<ProtectedItemImporter> getProtectedItemImporters() {
+ return Collections.EMPTY_LIST;
+ }
+
+ @Nonnull
+ @Override
+ public Context getContext() {
+ return defConfig.getContext();
}
}
- private static final class TmpPermissionProvider implements PermissionProvider {
+ private static final class TmpPermissionProvider implements AggregatedPermissionProvider {
private static final String POLICY_NAME = "customPolicy";
private Root root;
private Root immutableRoot;
- private final PermissionProvider fake = OpenPermissionProvider.getInstance();
-
private TmpPermissionProvider(Root root) {
this.root = root;
immutableRoot = RootFactory.createReadOnlyRoot(root);
}
@Override
public void refresh() {
- root.refresh();
immutableRoot = RootFactory.createReadOnlyRoot(root);
}
@@ -231,45 +198,71 @@ public class CompositeAuthorizationReadT
@Override
public Set<String> getPrivileges(@Nullable Tree tree) {
performSomeRead(tree);
- return fake.getPrivileges(tree);
+ return Collections.singleton(PrivilegeConstants.JCR_ALL);
}
@Override
public boolean hasPrivileges(@Nullable Tree tree, @Nonnull String... privilegeNames) {
performSomeRead(tree);
- return fake.hasPrivileges(tree, privilegeNames);
+ return true;
}
@Nonnull
@Override
public RepositoryPermission getRepositoryPermission() {
- return fake.getRepositoryPermission();
+ return RepositoryPermission.ALL;
}
@Nonnull
@Override
public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull TreePermission parentPermission) {
performSomeRead(tree);
- return fake.getTreePermission(tree, parentPermission);
+ return TreePermission.ALL;
}
@Override
public boolean isGranted(@Nonnull Tree tree, @Nullable PropertyState property, long permissions) {
performSomeRead(tree);
- return fake.isGranted(tree, property, permissions);
+ return true;
}
@Override
public boolean isGranted(@Nonnull String oakPath, @Nonnull String jcrActions) {
performSomeRead(immutableRoot.getTree(oakPath));
- return fake.isGranted(oakPath, jcrActions);
+ return true;
}
private void performSomeRead(@Nullable Tree tree) {
- Tree immutableTree = PermissionUtil.getImmutableTree(tree, immutableRoot);
- if (immutableTree != null) {
- immutableTree.hasChild(POLICY_NAME);
- }
+// Tree immutableTree = PermissionUtil.getImmutableTree(tree, immutableRoot);
+// if (immutableTree != null) {
+// immutableTree.hasChild(POLICY_NAME);
+// }
+ }
+
+ @Nonnull
+ @Override
+ public PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits) {
+ return (privilegeBits != null) ? privilegeBits : new PrivilegeBitsProvider(immutableRoot).getBits(PrivilegeConstants.JCR_ALL);
+ }
+
+ @Override
+ public long supportedPermissions(@Nullable Tree tree, @Nullable PropertyState property, long permissions) {
+ return permissions;
+ }
+
+ @Override
+ public long supportedPermissions(@Nonnull TreeLocation location, long permissions) {
+ return permissions;
+ }
+
+ @Override
+ public long supportedPermissions(@Nonnull TreePermission treePermission, @Nullable PropertyState propertyState, long permissions) {
+ return permissions;
+ }
+
+ @Override
+ public boolean isGranted(@Nonnull TreeLocation location, long permissions) {
+ return true;
}
}
}
\ No newline at end of file