You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2013/05/15 18:17:03 UTC
svn commit: r1482930 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/security/authorization/
main/java/org/apache/jackrabbit/oak/security/authorization/permission/
main/java/org/apache/jackrabbit/oak/security/authorization/...
Author: angela
Date: Wed May 15 16:17:03 2013
New Revision: 1482930
URL: http://svn.apache.org/r1482930
Log:
OAK-51 : Access Control Management (wip)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConstants.java (contents, props changed)
- copied, changed from r1482611, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConstants.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProvider.java
- copied, changed from r1482611, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProviderTest.java
Removed:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConstants.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContext.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlInitializer.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/NodeTypePattern.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ReadPolicyTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/Jr2CompatibilityTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHookTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContext.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContext.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContext.java Wed May 15 16:17:03 2013
@@ -18,6 +18,7 @@ package org.apache.jackrabbit.oak.securi
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.util.TreeLocation;
import org.apache.jackrabbit.oak.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.Context;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlImporter.java Wed May 15 16:17:03 2013
@@ -39,6 +39,7 @@ import org.apache.jackrabbit.oak.namepat
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.xml.NodeInfo;
import org.apache.jackrabbit.oak.spi.xml.PropInfo;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlInitializer.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlInitializer.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlInitializer.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlInitializer.java Wed May 15 16:17:03 2013
@@ -26,6 +26,7 @@ import org.apache.jackrabbit.oak.securit
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.oak.spi.state.NodeState;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImpl.java Wed May 15 16:17:03 2013
@@ -45,7 +45,6 @@ import javax.jcr.security.Privilege;
import com.google.common.base.Objects;
import com.google.common.collect.Lists;
import org.apache.jackrabbit.JcrConstants;
-import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
@@ -69,6 +68,7 @@ import org.apache.jackrabbit.oak.securit
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.ACE;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.ImmutableACL;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
@@ -84,7 +84,6 @@ import org.apache.jackrabbit.util.Text;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import static com.google.common.base.Preconditions.checkArgument;
import static com.google.common.base.Preconditions.checkNotNull;
/**
@@ -252,9 +251,10 @@ public class AccessControlManagerImpl im
toRemove = existing.getEntries();
toRemove.removeAll(principalAcl.getEntries());
}
+
// add new entries
- for (JackrabbitAccessControlEntry ace : toAdd) {
- String path = getOakPath(ace.getRestriction(REP_NODE_PATH).getString());
+ for (ACE ace : toAdd) {
+ String path = getNodePath(ace);
Tree tree = getTree(path, Permissions.MODIFY_ACCESS_CONTROL);
ACL acl = (ACL) createACL(path, tree, false);
@@ -273,13 +273,17 @@ public class AccessControlManagerImpl im
}
// remove entries that are not longer present in the acl to write
- for (JackrabbitAccessControlEntry ace : toRemove) {
- String path = getOakPath(ace.getRestriction(REP_NODE_PATH).getString());
+ for (ACE ace : toRemove) {
+ String path = getNodePath(ace);
Tree tree = getTree(path, Permissions.MODIFY_ACCESS_CONTROL);
ACL acl = (ACL) createACL(path, tree, false);
- acl.removeAccessControlEntry(ace);
- setNodeBasedAcl(path, tree, acl);
+ if (acl != null) {
+ acl.removeAccessControlEntry(ace);
+ setNodeBasedAcl(path, tree, acl);
+ } else {
+ log.debug("Missing ACL at {}; cannot remove entry {}", path, ace);
+ }
}
}
@@ -295,8 +299,7 @@ public class AccessControlManagerImpl im
aclTree = createAclTree(oakPath, tree);
}
aclTree.setOrderableChildren(true);
- for (JackrabbitAccessControlEntry ace : acl.getEntries()) {
- checkArgument(ace instanceof ACE);
+ for (ACE ace : acl.getEntries()) {
boolean isAllow = ace.isAllow();
String nodeName = AccessControlUtils.generateAceName(aclTree, isAllow);
String ntName = (isAllow) ? NT_REP_GRANT_ACE : NT_REP_DENY_ACE;
@@ -304,7 +307,7 @@ public class AccessControlManagerImpl im
NodeUtil aceNode = new NodeUtil(aclTree).addChild(nodeName, ntName);
aceNode.setString(REP_PRINCIPAL_NAME, ace.getPrincipal().getName());
aceNode.setNames(REP_PRIVILEGES, AccessControlUtils.namesFromPrivileges(ace.getPrivileges()));
- Set<Restriction> restrictions = ((ACE) ace).getRestrictions();
+ Set<Restriction> restrictions = ace.getRestrictions();
restrictionProvider.writeRestrictions(oakPath, aceNode.getTree(), restrictions);
}
}
@@ -316,8 +319,8 @@ public class AccessControlManagerImpl im
if (policy instanceof PrincipalACL) {
PrincipalACL principalAcl = (PrincipalACL) policy;
- for (JackrabbitAccessControlEntry ace : principalAcl.getEntries()) {
- String path = getOakPath(ace.getRestriction(REP_NODE_PATH).getString());
+ for (ACE ace : principalAcl.getEntries()) {
+ String path = getNodePath(ace);
Tree aclTree = getAclTree(path, getTree(path, Permissions.MODIFY_ACCESS_CONTROL));
if (aclTree == null) {
throw new AccessControlException("Unable to retrieve policy node at " + path);
@@ -676,6 +679,15 @@ public class AccessControlManagerImpl im
}
}
+ private String getNodePath(ACE principalBasedAce) throws RepositoryException {
+ Value v = principalBasedAce.getRestriction(REP_NODE_PATH);
+ if (v == null) {
+ throw new AccessControlException("Missing mandatory restriction rep:nodePath");
+ } else {
+ return getOakPath(v.getString());
+ }
+ }
+
//--------------------------------------------------------------------------
private class NodeACL extends ACL {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlUtils.java Wed May 15 16:17:03 2013
@@ -26,6 +26,7 @@ import javax.jcr.security.AccessControlP
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
/**
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java Wed May 15 16:17:03 2013
@@ -31,6 +31,7 @@ import org.apache.jackrabbit.oak.core.Tr
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
import org.apache.jackrabbit.oak.spi.commit.DefaultValidator;
import org.apache.jackrabbit.oak.spi.commit.Validator;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.util.TreeUtil;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java Wed May 15 16:17:03 2013
@@ -35,7 +35,7 @@ import org.apache.jackrabbit.oak.core.Im
import org.apache.jackrabbit.oak.core.TreeImpl;
import org.apache.jackrabbit.oak.core.TreeTypeProvider;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.commit.PostValidationHook;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java Wed May 15 16:17:03 2013
@@ -33,7 +33,7 @@ import org.apache.jackrabbit.oak.core.Im
import org.apache.jackrabbit.oak.core.TreeTypeProvider;
import org.apache.jackrabbit.oak.core.TreeTypeProviderImpl;
import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java Wed May 15 16:17:03 2013
@@ -23,7 +23,7 @@ import javax.security.auth.Subject;
import org.apache.jackrabbit.oak.core.ImmutableTree;
import org.apache.jackrabbit.oak.core.TreeTypeProviderImpl;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/NodeTypePattern.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/NodeTypePattern.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/NodeTypePattern.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/NodeTypePattern.java Wed May 15 16:17:03 2013
@@ -55,4 +55,36 @@ class NodeTypePattern implements Restric
log.debug("Unable to validate node type restriction.");
return false;
}
+
+ //-------------------------------------------------------------< Object >---
+ /**
+ * @see Object#hashCode()
+ */
+ @Override
+ public int hashCode() {
+ return nodeTypeNames.hashCode();
+ }
+
+ /**
+ * @see Object#toString()
+ */
+ @Override
+ public String toString() {
+ return nodeTypeNames.toString();
+ }
+
+ /**
+ * @see Object#equals(Object)
+ */
+ @Override
+ public boolean equals(Object obj) {
+ if (obj == this) {
+ return true;
+ }
+ if (obj instanceof NodeTypePattern) {
+ NodeTypePattern other = (NodeTypePattern) obj;
+ return nodeTypeNames.equals(other.nodeTypeNames);
+ }
+ return false;
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/PrincipalRestrictionProvider.java Wed May 15 16:17:03 2013
@@ -31,7 +31,7 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinitionImpl;
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java Wed May 15 16:17:03 2013
@@ -17,167 +17,45 @@
package org.apache.jackrabbit.oak.security.authorization.restriction;
import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
import java.util.List;
import java.util.Map;
-import java.util.Set;
-import javax.annotation.Nonnull;
-import javax.jcr.NamespaceRegistry;
-import javax.jcr.PropertyType;
-import javax.jcr.RepositoryException;
-import javax.jcr.Value;
-import javax.jcr.security.AccessControlException;
-import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
-import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.AbstractRestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositePattern;
-import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinitionImpl;
-import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionImpl;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern;
-import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
-import org.apache.jackrabbit.oak.util.NodeUtil;
-import org.apache.jackrabbit.util.Text;
/**
- * RestrictionProviderImpl... TODO
+ * Default restriction provider implementation that supports the following
+ * restrictions:
+ *
+ * <ul>
+ * <li>{@link #REP_GLOB}: A simple paths matching pattern. See {@link GlobPattern}
+ * for details.</li>
+ * <li>{@link #REP_NT_NAMES}: A restriction that allows to limit the effect
+ * of a given access control entries to JCR nodes of any of the specified
+ * primary node type. In case of a JCR property the primary type of the
+ * parent node is taken into consideration when evaluating the permissions.</li>
+ * </ul>
*/
-public class RestrictionProviderImpl implements RestrictionProvider, AccessControlConstants {
-
- private Map<String, RestrictionDefinition> supported;
+public class RestrictionProviderImpl extends AbstractRestrictionProvider {
public RestrictionProviderImpl() {
+ super(supportedRestrictions());
+ }
+
+ private static Map<String, RestrictionDefinition> supportedRestrictions() {
RestrictionDefinition glob = new RestrictionDefinitionImpl(REP_GLOB, Type.STRING, false);
RestrictionDefinition nts = new RestrictionDefinitionImpl(REP_NT_NAMES, Type.NAMES, false);
- this.supported = ImmutableMap.of(glob.getName(), glob, nts.getName(), nts);
+ return ImmutableMap.of(glob.getName(), glob, nts.getName(), nts);
}
//------------------------------------------------< RestrictionProvider >---
- @Nonnull
- @Override
- public Set<RestrictionDefinition> getSupportedRestrictions(String oakPath) {
- if (isUnsupportedPath(oakPath)) {
- return Collections.emptySet();
- } else {
- return ImmutableSet.copyOf(supported.values());
- }
- }
-
- @Override
- public Restriction createRestriction(String oakPath, String oakName, Value value) throws RepositoryException {
- if (isUnsupportedPath(oakPath)) {
- throw new AccessControlException("Unsupported restriction at " + oakPath);
- }
- RestrictionDefinition definition = supported.get(oakName);
- if (definition == null) {
- throw new AccessControlException("Unsupported restriction: " + oakName);
- }
- Type requiredType = definition.getRequiredType();
- int tag = requiredType.tag();
- if (tag != PropertyType.UNDEFINED && tag != value.getType()) {
- throw new AccessControlException("Unsupported restriction: Expected value of type " + requiredType);
- }
- PropertyState propertyState;
- if (requiredType.isArray()) {
- propertyState = PropertyStates.createProperty(oakName, ImmutableList.of(value));
- } else {
- propertyState = PropertyStates.createProperty(oakName, value);
- }
- return createRestriction(propertyState, definition);
- }
-
- @Override
- public Restriction createRestriction(String oakPath, String oakName, Value... values) throws RepositoryException {
- if (isUnsupportedPath(oakPath)) {
- throw new AccessControlException("Unsupported restriction at " + oakPath);
- }
- RestrictionDefinition definition = supported.get(oakName);
- if (definition == null) {
- throw new AccessControlException("Unsupported restriction: " + oakName);
- }
- Type requiredType = definition.getRequiredType();
- for (Value v : values) {
- if (requiredType.tag() != PropertyType.UNDEFINED && requiredType.tag() != v.getType()) {
- throw new AccessControlException("Unsupported restriction: Expected value of type " + requiredType);
- }
- }
-
- PropertyState propertyState;
- if (requiredType.isArray()) {
- propertyState = PropertyStates.createProperty(oakName, ImmutableList.of(values));
- } else {
- if (values.length != 1) {
- throw new AccessControlException("Unsupported restriction: Expected single value.");
- }
- propertyState = PropertyStates.createProperty(oakName, values[0]);
- }
- return createRestriction(propertyState, definition);
- }
-
- @Override
- public Set<Restriction> readRestrictions(String oakPath, Tree aceTree) {
- if (isUnsupportedPath(oakPath)) {
- return Collections.emptySet();
- } else {
- Set<Restriction> restrictions = new HashSet<Restriction>();
- for (PropertyState propertyState : getRestrictionsTree(aceTree).getProperties()) {
- String propName = propertyState.getName();
- if (isRestrictionProperty(propName) && supported.containsKey(propName)) {
- RestrictionDefinition def = supported.get(propName);
- if (def.getRequiredType() == propertyState.getType()) {
- restrictions.add(createRestriction(propertyState, def));
- }
- }
- }
- return restrictions;
- }
- }
-
- @Override
- public void writeRestrictions(String oakPath, Tree aceTree, Set<Restriction> restrictions) {
- // validation of the restrictions is delegated to the commit hook
- // see #validateRestrictions below
- if (!restrictions.isEmpty()) {
- NodeUtil aceNode = new NodeUtil(aceTree);
- NodeUtil rNode = aceNode.getOrAddChild(REP_RESTRICTIONS, NT_REP_RESTRICTIONS);
- for (Restriction restriction : restrictions) {
- rNode.getTree().setProperty(restriction.getProperty());
- }
- }
- }
-
- @Override
- public void validateRestrictions(String oakPath, Tree aceTree) throws AccessControlException {
- Map<String, PropertyState> restrictionProperties = getRestrictionProperties(aceTree);
- if (isUnsupportedPath(oakPath) && !restrictionProperties.isEmpty()) {
- throw new AccessControlException("Restrictions not supported with 'null' path.");
- }
- for (Map.Entry<String, PropertyState> entry : restrictionProperties.entrySet()) {
- String restrName = entry.getKey();
- RestrictionDefinition def = supported.get(restrName);
- if (def == null) {
- throw new AccessControlException("Unsupported restriction: " + restrName);
- }
- Type type = entry.getValue().getType();
- if (type != def.getRequiredType()) {
- throw new AccessControlException("Invalid restriction type '" + type + "'. Expected " + def.getRequiredType());
- }
- }
- for (RestrictionDefinition def : supported.values()) {
- if (def.isMandatory() && !restrictionProperties.containsKey(def.getName())) {
- throw new AccessControlException("Mandatory restriction " + def.getName() + " is missing.");
- }
- }
- }
@Override
public RestrictionPattern getPattern(String oakPath, Tree tree) {
@@ -202,42 +80,4 @@ public class RestrictionProviderImpl imp
}
}
}
-
- //------------------------------------------------------------< private >---
- @Nonnull
- private Restriction createRestriction(PropertyState propertyState, RestrictionDefinition definition) {
- return new RestrictionImpl(propertyState, definition.isMandatory());
- }
-
- @Nonnull
- private Tree getRestrictionsTree(Tree aceTree) {
- Tree restrictions = aceTree.getChild(REP_RESTRICTIONS);
- if (!restrictions.exists()) {
- // no rep:restrictions tree -> read from aceTree for backwards compatibility
- restrictions = aceTree;
- }
- return restrictions;
- }
-
- @Nonnull
- private Map<String, PropertyState> getRestrictionProperties(Tree aceTree) {
- Tree rTree = getRestrictionsTree(aceTree);
- Map<String, PropertyState> restrictionProperties = new HashMap<String, PropertyState>();
- for (PropertyState property : rTree.getProperties()) {
- String name = property.getName();
- if (isRestrictionProperty(name)) {
- restrictionProperties.put(name, property);
- }
- }
- return restrictionProperties;
- }
-
- private static boolean isRestrictionProperty(String propertyName) {
- return !AccessControlConstants.ACE_PROPERTY_NAMES.contains(propertyName) &&
- !NamespaceRegistry.PREFIX_JCR.equals(Text.getNamespacePrefix(propertyName));
- }
-
- private static boolean isUnsupportedPath(String oakPath) {
- return oakPath == null;
- }
}
Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConstants.java (from r1482611, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConstants.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConstants.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConstants.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConstants.java&r1=1482611&r2=1482930&rev=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConstants.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConstants.java Wed May 15 16:17:03 2013
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.jackrabbit.oak.security.authorization;
+package org.apache.jackrabbit.oak.spi.security.authorization;
import java.util.Collection;
import java.util.Set;
@@ -26,7 +26,8 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
/**
- * Constants for this access control management implementation.
+ * Constants for the default access control management implementation and
+ * and for built-in access control related node types.
*/
public interface AccessControlConstants {
@@ -36,7 +37,11 @@ public interface AccessControlConstants
String REP_PRINCIPAL_NAME = "rep:principalName";
String REP_GLOB = "rep:glob";
String REP_NODE_PATH = "rep:nodePath";
+
/**
+ * Name of the optional access control restriction by node type name.
+ * The corresponding restriction type is {@link org.apache.jackrabbit.oak.api.Type#NAMES}.
+ *
* @since OAK 1.0
*/
String REP_NT_NAMES = "rep:ntNames";
Propchange: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlConstants.java
------------------------------------------------------------------------------
svn:eol-style = native
Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProvider.java (from r1482611, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java)
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProvider.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProvider.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java&r1=1482611&r2=1482930&rev=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProvider.java Wed May 15 16:17:03 2013
@@ -14,13 +14,11 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.jackrabbit.oak.security.authorization.restriction;
+package org.apache.jackrabbit.oak.spi.security.authorization.restriction;
-import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
-import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
@@ -37,28 +35,16 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
-import org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositePattern;
-import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
-import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
-import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinitionImpl;
-import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionImpl;
-import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern;
-import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.util.Text;
-/**
- * RestrictionProviderImpl... TODO
- */
-public class RestrictionProviderImpl implements RestrictionProvider, AccessControlConstants {
+public abstract class AbstractRestrictionProvider implements RestrictionProvider, AccessControlConstants {
private Map<String, RestrictionDefinition> supported;
- public RestrictionProviderImpl() {
- RestrictionDefinition glob = new RestrictionDefinitionImpl(REP_GLOB, Type.STRING, false);
- RestrictionDefinition nts = new RestrictionDefinitionImpl(REP_NT_NAMES, Type.NAMES, false);
- this.supported = ImmutableMap.of(glob.getName(), glob, nts.getName(), nts);
+ public AbstractRestrictionProvider(Map<String, ? extends RestrictionDefinition> definitions) {
+ this.supported = ImmutableMap.copyOf(definitions);
}
//------------------------------------------------< RestrictionProvider >---
@@ -179,30 +165,6 @@ public class RestrictionProviderImpl imp
}
}
- @Override
- public RestrictionPattern getPattern(String oakPath, Tree tree) {
- if (oakPath == null) {
- return RestrictionPattern.EMPTY;
- } else {
- PropertyState glob = tree.getProperty(REP_GLOB);
-
- List<RestrictionPattern> patterns = new ArrayList<RestrictionPattern>(2);
- if (glob != null) {
- patterns.add(GlobPattern.create(oakPath, glob.getValue(Type.STRING)));
- }
- PropertyState ntNames = tree.getProperty(REP_NT_NAMES);
- if (ntNames != null) {
- patterns.add(new NodeTypePattern(ntNames.getValue(Type.NAMES)));
- }
-
- switch (patterns.size()) {
- case 1 : return patterns.get(0);
- case 2 : return new CompositePattern(patterns);
- default : return RestrictionPattern.EMPTY;
- }
- }
- }
-
//------------------------------------------------------------< private >---
@Nonnull
private Restriction createRestriction(PropertyState propertyState, RestrictionDefinition definition) {
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImpl.java Wed May 15 16:17:03 2013
@@ -53,7 +53,7 @@ public class RestrictionImpl extends Res
}
if (o instanceof RestrictionImpl) {
RestrictionImpl other = (RestrictionImpl) o;
- return super.equals(other) && property.equals(property);
+ return super.equals(other) && property.equals(other.property);
}
return false;
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ACLTest.java Wed May 15 16:17:03 2013
@@ -28,32 +28,28 @@ import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.PropertyType;
-import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
import com.google.common.collect.ImmutableList;
-import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
-import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.ACE;
import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlList;
import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlListTest;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.AbstractRestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
-import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinitionImpl;
-import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionImpl;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
@@ -704,62 +700,10 @@ public class ACLTest extends AbstractAcc
}
}
- private final class TestRestrictionProvider implements RestrictionProvider {
-
- private final RestrictionDefinition supported;
+ private final class TestRestrictionProvider extends AbstractRestrictionProvider {
private TestRestrictionProvider(String name, Type type, boolean isMandatory) {
- supported = new RestrictionDefinitionImpl(name, type, isMandatory);
- }
-
- @Nonnull
- @Override
- public Set<RestrictionDefinition> getSupportedRestrictions(@Nullable String oakPath) {
- return ImmutableSet.of(supported);
- }
-
- @Nonnull
- @Override
- public Restriction createRestriction(@Nullable String oakPath, @Nonnull String oakName, @Nonnull Value value) throws RepositoryException {
- if (!supported.getName().equals(oakName)) {
- throw new AccessControlException();
- }
- if (supported.getRequiredType().tag() != value.getType()) {
- throw new AccessControlException();
- }
- PropertyState property = PropertyStates.createProperty(namePathMapper.getOakName(oakName), value.getString(), value.getType());
- return new RestrictionImpl(property, supported.isMandatory());
- }
-
- @Nonnull
- @Override
- public Restriction createRestriction(@Nullable String oakPath, @Nonnull String oakName, @Nonnull Value... values) throws RepositoryException {
- if (!supported.getName().equals(oakName)) {
- throw new AccessControlException();
- }
- for (Value v : values) {
- if (supported.getRequiredType().tag() != v.getType()) {
- throw new AccessControlException();
- }
- }
- PropertyState property = PropertyStates.createProperty(namePathMapper.getOakName(oakName), Arrays.asList(values), supported.getRequiredType());
- return new RestrictionImpl(property, supported.isMandatory());
- }
-
- @Nonnull
- @Override
- public Set<Restriction> readRestrictions(@Nullable String oakPath, @Nonnull Tree aceTree) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void writeRestrictions(String oakPath, Tree aceTree, Set<Restriction> restrictions) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public void validateRestrictions(@Nullable String oakPath, @Nonnull Tree aceTree) {
- throw new UnsupportedOperationException();
+ super(Collections.singletonMap(name, new RestrictionDefinitionImpl(name, type, isMandatory)));
}
@Nonnull
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlManagerImplTest.java Wed May 15 16:17:03 2013
@@ -64,6 +64,7 @@ import org.apache.jackrabbit.oak.plugins
import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.TestACL;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorTest.java Wed May 15 16:17:03 2013
@@ -27,6 +27,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.junit.After;
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ReadPolicyTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ReadPolicyTest.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ReadPolicyTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/ReadPolicyTest.java Wed May 15 16:17:03 2013
@@ -21,6 +21,7 @@ import javax.jcr.security.AccessControlP
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
import org.junit.Before;
import org.junit.Test;
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/Jr2CompatibilityTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/Jr2CompatibilityTest.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/Jr2CompatibilityTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/Jr2CompatibilityTest.java Wed May 15 16:17:03 2013
@@ -30,7 +30,7 @@ import org.apache.jackrabbit.commons.jac
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/TreeTest.java Wed May 15 16:17:03 2013
@@ -16,20 +16,20 @@
*/
package org.apache.jackrabbit.oak.security.authorization.evaluation;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-
import java.util.List;
import com.google.common.collect.ImmutableList;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.junit.Before;
import org.junit.Test;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
public class TreeTest extends AbstractOakCoreTest {
// TODO: add tests for acls withs restrictions
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImplTest.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImplTest.java Wed May 15 16:17:03 2013
@@ -36,7 +36,7 @@ import org.apache.jackrabbit.oak.core.Im
import org.apache.jackrabbit.oak.core.ImmutableTree;
import org.apache.jackrabbit.oak.core.TreeTypeProvider;
import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionProviderImpl;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeBitsProvider;
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHookTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHookTest.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHookTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHookTest.java Wed May 15 16:17:03 2013
@@ -35,7 +35,7 @@ import org.apache.jackrabbit.oak.api.Con
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.java Wed May 15 16:17:03 2013
@@ -16,12 +16,23 @@
*/
package org.apache.jackrabbit.oak.security.authorization.restriction;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
import java.util.Set;
+import com.google.common.collect.ImmutableList;
+import org.apache.jackrabbit.JcrConstants;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
-import org.apache.jackrabbit.oak.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.spi.security.authorization.AbstractAccessControlTest;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConstants;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositePattern;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
+import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern;
+import org.apache.jackrabbit.oak.util.NodeUtil;
import org.junit.Before;
import org.junit.Test;
@@ -67,32 +78,30 @@ public class RestrictionProviderImplTest
}
@Test
- public void testCreateRestriction() {
- // TODO
- }
-
- @Test
- public void testCreateMvRestriction() {
- // TODO
- }
-
- @Test
- public void testReadRestrictions() {
- // TODO
- }
+ public void testGetRestrictionPattern() {
+ Map<PropertyState, RestrictionPattern> map = new HashMap();
+ map.put(PropertyStates.createProperty(REP_GLOB, "/*/jcr:content"), GlobPattern.create("/testPath", "/*/jcr:content"));
+ List<String> ntNames = ImmutableList.of(JcrConstants.NT_FOLDER, JcrConstants.NT_LINKEDFILE);
+ map.put(PropertyStates.createProperty(REP_NT_NAMES, ntNames, Type.NAMES), new NodeTypePattern(ntNames));
+
+ NodeUtil tree = new NodeUtil(root.getTree("/")).getOrAddTree("testPath", JcrConstants.NT_UNSTRUCTURED);
+ Tree restrictions = tree.addChild("restrictions", NT_REP_RESTRICTIONS).getTree();
+
+ // test restrictions individually
+ for (Map.Entry<PropertyState, RestrictionPattern> entry : map.entrySet()) {
+ restrictions.setProperty(entry.getKey());
- @Test
- public void testWriteRestrictions() {
- // TODO
- }
+ RestrictionPattern pattern = provider.getPattern("/testPath", restrictions);
+ assertEquals(entry.getValue(), pattern);
- @Test
- public void testValidateRestrictions() {
- // TODO
- }
+ restrictions.removeProperty(entry.getKey().getName());
+ }
- @Test
- public void testGetRestrictionPattern() {
- // TODO
+ // test combination on multiple restrictions
+ for (Map.Entry<PropertyState, RestrictionPattern> entry : map.entrySet()) {
+ restrictions.setProperty(entry.getKey());
+ }
+ RestrictionPattern pattern = provider.getPattern("/testPath", restrictions);
+ assertTrue(pattern instanceof CompositePattern);
}
}
\ No newline at end of file
Added: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProviderTest.java?rev=1482930&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProviderTest.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/AbstractRestrictionProviderTest.java Wed May 15 16:17:03 2013
@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization.restriction;
+
+import org.junit.Test;
+
+public class AbstractRestrictionProviderTest {
+
+ @Test
+ public void testCreateRestriction() {
+ // TODO
+ }
+
+ @Test
+ public void testCreateMvRestriction() {
+ // TODO
+ }
+
+ @Test
+ public void testReadRestrictions() {
+ // TODO
+ }
+
+ @Test
+ public void testWriteRestrictions() {
+ // TODO
+ }
+
+ @Test
+ public void testValidateRestrictions() {
+ // TODO
+ }
+}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java?rev=1482930&r1=1482929&r2=1482930&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/restriction/RestrictionImplTest.java Wed May 15 16:17:03 2013
@@ -18,8 +18,8 @@ package org.apache.jackrabbit.oak.spi.se
import java.util.ArrayList;
import java.util.List;
-import javax.jcr.PropertyType;
+import com.google.common.collect.ImmutableList;
import org.apache.jackrabbit.oak.TestNameMapper;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Type;
@@ -39,6 +39,7 @@ import static org.junit.Assert.fail;
public class RestrictionImplTest extends AbstractAccessControlTest {
private String name;
+ private String value = "value";
private RestrictionImpl restriction;
@Before
@@ -46,12 +47,12 @@ public class RestrictionImplTest extends
super.before();
name = TestNameMapper.TEST_PREFIX + ":defName";
- PropertyState property = createProperty(name);
+ PropertyState property = createProperty(name, value);
restriction = new RestrictionImpl(property, true);
}
- private static PropertyState createProperty(String name) {
- return PropertyStates.createProperty(name, "value", Type.NAME);
+ private static PropertyState createProperty(String name, String value) {
+ return PropertyStates.createProperty(name, value, Type.NAME);
}
@Test
@@ -82,18 +83,22 @@ public class RestrictionImplTest extends
@Test
public void testEquals() {
// same definition
- assertEquals(restriction, new RestrictionImpl(createProperty(name), true));
+ assertEquals(restriction, new RestrictionImpl(createProperty(name, value), true));
}
@Test
public void testNotEqual() {
List<Restriction> rs = new ArrayList<Restriction>();
// - different type
- rs.add(new RestrictionImpl(PropertyStates.createProperty(name, PropertyType.STRING), true));
+ rs.add(new RestrictionImpl(PropertyStates.createProperty(name, value, Type.STRING), true));
+ // - different multi-value status
+ rs.add(new RestrictionImpl(PropertyStates.createProperty(name, ImmutableList.of(value), Type.STRINGS), true));
// - different name
- rs.add(new RestrictionImpl(PropertyStates.createProperty("otherName", PropertyType.NAME), true));
+ rs.add(new RestrictionImpl(createProperty("otherName", value), true));
+ // - different value
+ rs.add(new RestrictionImpl(createProperty("name", "otherValue"), true));
// - different mandatory flag
- rs.add(new RestrictionImpl(createProperty(name), false));
+ rs.add(new RestrictionImpl(createProperty(name, value), false));
// - different impl
rs.add(new Restriction() {
@Override
@@ -110,7 +115,7 @@ public class RestrictionImplTest extends
}
@Override
public PropertyState getProperty() {
- return createProperty(name);
+ return createProperty(name, value);
}
});