You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2014/08/15 11:28:50 UTC

svn commit: r1618123 - /jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugExclude.java

Author: angela
Date: Fri Aug 15 09:28:50 2014
New Revision: 1618123

URL: http://svn.apache.org/r1618123
Log:
OAK-2008 : authorization setup for closed user groups (exclude system users as defined by JCR-3802)

Modified:
    jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugExclude.java

Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugExclude.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugExclude.java?rev=1618123&r1=1618122&r2=1618123&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugExclude.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugExclude.java Fri Aug 15 09:28:50 2014
@@ -20,6 +20,10 @@ import java.security.Principal;
 import java.util.Set;
 import javax.annotation.Nonnull;
 
+import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
+import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
+import org.apache.jackrabbit.oak.spi.security.principal.SystemUserPrincipal;
+
 /**
  * CugExclude... TODO
  */
@@ -33,7 +37,18 @@ public interface CugExclude {
 
         @Override
         public boolean isExcluded(@Nonnull Set<Principal> principals) {
-            return principals.isEmpty();
+            if (principals.isEmpty()) {
+                return true;
+            }
+            if (principals.contains(SystemPrincipal.INSTANCE)) {
+                return true;
+            }
+            for (Principal p : principals) {
+                if (p instanceof AdminPrincipal || p instanceof SystemUserPrincipal) {
+                    return true;
+                }
+            }
+            return false;
         }
     }
 }
\ No newline at end of file