You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jackrabbit.apache.org by ju...@apache.org on 2009/12/02 16:10:49 UTC
svn commit: r886170 - in /jackrabbit/sandbox/JCR-1456: ./
jackrabbit-core/src/main/java/org/apache/jackrabbit/core/
jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/
jackrabbit-core/src/test/java/org/apache/jackrabbit/core/ jackrab...
Author: jukka
Date: Wed Dec 2 15:10:49 2009
New Revision: 886170
URL: http://svn.apache.org/viewvc?rev=886170&view=rev
Log:
JCR-1456: Database connection pooling
Merge latest changes from trunk.
Added:
jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ReadTest.java
- copied unchanged from r886168, jackrabbit/trunk/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/ReadTest.java
Modified:
jackrabbit/sandbox/JCR-1456/ (props changed)
jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java
jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java
jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/MultiIndex.java
jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java
jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
Propchange: jackrabbit/sandbox/JCR-1456/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Dec 2 15:10:49 2009
@@ -2,4 +2,4 @@
/jackrabbit/branches/1.5:794012,794100,794102
/jackrabbit/sandbox/JCR-2170:812417-816332
/jackrabbit/sandbox/tripod-JCR-2209:795441-795863
-/jackrabbit/trunk:387422-885400
+/jackrabbit/trunk:387422-886168
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java?rev=886170&r1=886169&r2=886170&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/ItemManager.java Wed Dec 2 15:10:49 2009
@@ -181,8 +181,11 @@
}
NodeState parentState = null;
try {
- NodeImpl parent = (NodeImpl) getItem(parentId);
- parentState = parent.getNodeState();
+ // access the parent state circumventing permission check, since
+ // read permission on the parent isn't required in order to retrieve
+ // a node's definition. see also JCR-2418
+ ItemData parentData = getItemData(parentId, null, false);
+ parentState = (NodeState) parentData.getState();
if (state.getParentId() == null) {
// indicates state has been removed, must use
// overlayed state of parent, otherwise child node entry
@@ -237,7 +240,11 @@
PropertyDefinitionImpl getDefinition(PropertyState state)
throws RepositoryException {
try {
- NodeImpl parent = (NodeImpl) getItem(state.getParentId());
+ // retrieve parent in 2 steps in order to avoid the check for
+ // read permissions on the parent which isn't required in order
+ // to read the property's definition. see also JCR-2418.
+ ItemData parentData = getItemData(state.getParentId(), null, false);
+ NodeImpl parent = (NodeImpl) createItemInstance(parentData);
return parent.getApplicablePropertyDefinition(
state.getName(), state.getType(), state.isMultiValued(), true);
} catch (ItemNotFoundException e) {
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java?rev=886170&r1=886169&r2=886170&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManager.java Wed Dec 2 15:10:49 2009
@@ -28,8 +28,6 @@
import org.apache.jackrabbit.core.security.simple.SimpleWorkspaceAccessManager;
import org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager;
import org.apache.jackrabbit.core.security.user.UserManagerImpl;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import javax.jcr.Credentials;
import javax.jcr.Repository;
@@ -37,6 +35,7 @@
import javax.jcr.Session;
import javax.security.auth.Subject;
import java.security.Principal;
+import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
@@ -63,11 +62,6 @@
*/
public class UserPerWorkspaceSecurityManager extends DefaultSecurityManager {
- /**
- * the default logger
- */
- private static final Logger log = LoggerFactory.getLogger(UserPerWorkspaceSecurityManager.class);
-
private final Map<String, PrincipalProviderRegistry> ppRegistries = new HashMap<String, PrincipalProviderRegistry>();
/**
@@ -304,14 +298,47 @@
}
}
- private final class WorkspaceAccessManagerImpl extends SimpleWorkspaceAccessManager {
- @Override
+ private final class WorkspaceAccessManagerImpl implements WorkspaceAccessManager {
+ /**
+ * Does nothing.
+ * @see WorkspaceAccessManager#init(javax.jcr.Session)
+ */
+ public void init(Session systemSession) throws RepositoryException {
+ // nothing to do.
+ }
+
+ /**
+ * Does nothing.
+ * @see org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager#close()
+ */
+ public void close() throws RepositoryException {
+ // nothing to do.
+ }
+
+ /**
+ * Returns <code>true</code> if a workspace with the given
+ * <code>workspaceName</code> exists and if that workspace defines a
+ * user that matches any of the given <code>principals</code>;
+ * <code>false</code> otherwise.
+ *
+ * @see WorkspaceAccessManager#grants(java.util.Set, String)
+ */
public boolean grants(Set<Principal> principals, String workspaceName) throws RepositoryException {
if (!(Arrays.asList(((RepositoryImpl) getRepository()).getWorkspaceNames())).contains(workspaceName)) {
return false;
} else {
- return super.grants(principals, workspaceName);
+ UserManager umgr = UserPerWorkspaceSecurityManager.this.getSystemUserManager(workspaceName);
+ for (Principal principal : principals) {
+ if (!(principal instanceof Group)) {
+ // check if the workspace identified by the given workspace
+ // name contains a user with this principal
+ if (umgr.getAuthorizable(principal) != null) {
+ return true;
+ }
+ }
+ }
}
+ return false;
}
}
}
\ No newline at end of file
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/MultiIndex.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/MultiIndex.java?rev=886170&r1=886169&r2=886170&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/MultiIndex.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/main/java/org/apache/jackrabbit/core/query/lucene/MultiIndex.java Wed Dec 2 15:10:49 2009
@@ -329,7 +329,7 @@
flushTask = new Timer.Task() {
public void run() {
// check if there are any indexing jobs finished
- checkIndexingQueue();
+ checkIndexingQueue(false);
// check if volatile index should be flushed
checkFlush();
}
@@ -1266,17 +1266,6 @@
/**
* Checks the indexing queue for finished text extrator jobs and updates the
- * index accordingly if there are any new ones. This method is synchronized
- * and should only be called by the timer task that periodically checks if
- * there are documents ready in the indexing queue. A new transaction is
- * used when documents are transfered from the indexing queue to the index.
- */
- private synchronized void checkIndexingQueue() {
- checkIndexingQueue(false);
- }
-
- /**
- * Checks the indexing queue for finished text extrator jobs and updates the
* index accordingly if there are any new ones.
*
* @param transactionPresent whether a transaction is in progress and the
@@ -1304,11 +1293,13 @@
try {
if (transactionPresent) {
- for (NodeId id : finished.keySet()) {
- executeAndLog(new DeleteNode(getTransactionId(), id));
- }
- for (Document document : finished.values()) {
- executeAndLog(new AddNode(getTransactionId(), document));
+ synchronized (this) {
+ for (NodeId id : finished.keySet()) {
+ executeAndLog(new DeleteNode(getTransactionId(), id));
+ }
+ for (Document document : finished.values()) {
+ executeAndLog(new AddNode(getTransactionId(), document));
+ }
}
} else {
update(finished.keySet(), finished.values());
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java?rev=886170&r1=886169&r2=886170&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/UserPerWorkspaceSecurityManagerTest.java Wed Dec 2 15:10:49 2009
@@ -18,36 +18,30 @@
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
+import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
-import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.core.security.JackrabbitSecurityManager;
import org.apache.jackrabbit.test.AbstractJCRTest;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.util.Text;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import javax.jcr.Item;
import javax.jcr.LoginException;
+import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.jcr.UnsupportedRepositoryOperationException;
-import javax.jcr.Node;
import javax.jcr.Value;
import java.security.Principal;
+import java.util.Arrays;
/**
* <code>SecurityManagerTest</code>...
*/
public class UserPerWorkspaceSecurityManagerTest extends AbstractJCRTest {
- /**
- * logger instance
- */
- private static final Logger log = LoggerFactory.getLogger(UserPerWorkspaceSecurityManagerTest.class);
-
private JackrabbitSecurityManager secMgr;
@Override
@@ -147,6 +141,37 @@
}
}
+ public void testAccessibleWorkspaceNames() throws Exception {
+ String altWsp = getAlternativeWorkspaceName();
+ if (altWsp == null) {
+ throw new NotExecutableException();
+ }
+
+ Session s = getHelper().getSuperuserSession(altWsp);
+ User u = null;
+ Session us = null;
+ try {
+ // other users created in the default workspace...
+ u = ((JackrabbitSession) superuser).getUserManager().createUser("testUser", "testUser");
+ superuser.save();
+
+ us = getHelper().getRepository().login(new SimpleCredentials("testUser", "testUser".toCharArray()));
+ String[] wspNames = us.getWorkspace().getAccessibleWorkspaceNames();
+ assertFalse(Arrays.asList(wspNames).contains(altWsp));
+
+ } finally {
+ s.logout();
+ if (us != null) {
+ us.logout();
+ }
+ if (u != null) {
+ u.remove();
+ superuser.save();
+ }
+ }
+
+ }
+
public void testCloneUser() throws Exception {
String altWsp = getAlternativeWorkspaceName();
if (altWsp == null) {
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java?rev=886170&r1=886169&r2=886170&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/TestAll.java Wed Dec 2 15:10:49 2009
@@ -40,6 +40,7 @@
suite.addTestSuite(ACLTemplateTest.class);
suite.addTestSuite(EntryTest.class);
+ suite.addTestSuite(ReadTest.class);
suite.addTestSuite(WriteTest.class);
suite.addTestSuite(LockTest.class);
suite.addTestSuite(VersionTest.class);
Modified: jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java?rev=886170&r1=886169&r2=886170&view=diff
==============================================================================
--- jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java (original)
+++ jackrabbit/sandbox/JCR-1456/jackrabbit-core/src/test/java/org/apache/jackrabbit/core/security/authorization/acl/WriteTest.java Wed Dec 2 15:10:49 2009
@@ -338,4 +338,27 @@
group2.remove();
}
}
+
+ public void testWriteIfReadingParentIsDenied() throws Exception {
+ Privilege[] privileges = privilegesFromNames(new String[] {Privilege.JCR_READ, Privilege.JCR_WRITE});
+
+ /* deny READ/WRITE privilege for testUser at 'path' */
+ withdrawPrivileges(path, testUser.getPrincipal(), privileges, getRestrictions(superuser, path));
+ /*
+ allow READ/WRITE privilege for testUser at 'childNPath'
+ */
+ givePrivileges(childNPath, testUser.getPrincipal(), privileges, getRestrictions(superuser, childNPath));
+
+
+ Session testSession = getTestSession();
+
+ assertFalse(testSession.nodeExists(path));
+
+ // reading the node and it's definition must succeed.
+ assertTrue(testSession.nodeExists(childNPath));
+ Node n = testSession.getNode(childNPath);
+
+ n.addNode("someChild");
+ n.save();
+ }
}
\ No newline at end of file