You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by an...@apache.org on 2012/08/20 17:45:42 UTC
svn commit: r1375073 - in /jackrabbit/oak/trunk/oak-core/src:
main/java/org/apache/jackrabbit/oak/core/
main/java/org/apache/jackrabbit/oak/security/authorization/
main/java/org/apache/jackrabbit/oak/spi/commit/
main/java/org/apache/jackrabbit/oak/spi/...
Author: angela
Date: Mon Aug 20 15:45:41 2012
New Revision: 1375073
URL: http://svn.apache.org/viewvc?rev=1375073&view=rev
Log:
OAK-51 : Implement JCR Access Control Management (Work In Progress)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/DefaultValidatorProvider.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContext.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestAcContext.java
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java?rev=1375073&r1=1375072&r2=1375073&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/RootImpl.java Mon Aug 20 15:45:41 2012
@@ -28,7 +28,6 @@ import org.apache.jackrabbit.oak.api.Con
import org.apache.jackrabbit.oak.api.CoreValueFactory;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
-import org.apache.jackrabbit.oak.security.authorization.PermissionValidatorProvider;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeValidatorProvider;
import org.apache.jackrabbit.oak.security.user.UserValidatorProvider;
import org.apache.jackrabbit.oak.spi.commit.CommitEditor;
@@ -252,7 +251,8 @@ public class RootImpl implements Root {
List<ValidatorProvider> providers = new ArrayList<ValidatorProvider>();
// TODO: refactor once permissions are read from content (make sure we read from an up to date store)
- providers.add(new PermissionValidatorProvider(valueFactory, accessControlContext));
+ providers.add(accessControlContext.getPermissionValidatorProvider(valueFactory));
+ providers.add(accessControlContext.getAccessControlValdatorProvider(valueFactory));
// TODO the following v-providers could be initialized at ContentRepo level
// FIXME: use proper configuration
providers.add(new UserValidatorProvider(valueFactory, new UserManagerConfig("admin")));
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java?rev=1375073&r1=1375072&r2=1375073&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlContextImpl.java Mon Aug 20 15:45:41 2012
@@ -19,6 +19,8 @@ package org.apache.jackrabbit.oak.securi
import java.security.Principal;
import java.util.Set;
+import org.apache.jackrabbit.oak.api.CoreValueFactory;
+import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
@@ -33,6 +35,7 @@ public class AccessControlContextImpl im
private Set<Principal> principals;
+ //-----------------------------------------------< AccessControlContext >---
@Override
public void initialize(Set<Principal> principals) {
this.principals = principals;
@@ -50,6 +53,17 @@ public class AccessControlContextImpl im
}
}
+ @Override
+ public ValidatorProvider getPermissionValidatorProvider(CoreValueFactory valueFactory) {
+ return new PermissionValidatorProvider(valueFactory, this);
+ }
+
+ @Override
+ public ValidatorProvider getAccessControlValdatorProvider(CoreValueFactory valueFactory) {
+ return new AccessControlValidatorProvider(valueFactory, this);
+ }
+
+ //--------------------------------------------------------------------------
/**
* Trivial implementation of the {@code CompiledPermissions} interface that
* either allows or denies all permissions.
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java?rev=1375073&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidator.java Mon Aug 20 15:45:41 2012
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization;
+
+import org.apache.jackrabbit.oak.api.CommitFailedException;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.spi.commit.Validator;
+import org.apache.jackrabbit.oak.spi.state.NodeState;
+
+/**
+ * AccessControlValidator... TODO
+ */
+class AccessControlValidator implements Validator {
+
+ //----------------------------------------------------------< Validator >---
+ @Override
+ public void propertyAdded(PropertyState after) throws CommitFailedException {
+ // TODO: validate access control property
+ }
+
+ @Override
+ public void propertyChanged(PropertyState before, PropertyState after) throws CommitFailedException {
+ // TODO: validate access control property
+ }
+
+ @Override
+ public void propertyDeleted(PropertyState before) throws CommitFailedException {
+ // nothing to do: mandatory properties will be enforced by node type validator
+ }
+
+ @Override
+ public Validator childNodeAdded(String name, NodeState after) throws CommitFailedException {
+ // TODO validate new acl / ace
+ return null;
+ }
+
+ @Override
+ public Validator childNodeChanged(String name, NodeState before, NodeState after) throws CommitFailedException {
+ // TODO validate acl / ace / restriction modification
+ return null;
+ }
+
+ @Override
+ public Validator childNodeDeleted(String name, NodeState before) throws CommitFailedException {
+ // TODO validate acl / ace / restriction removal
+ return null;
+ }
+}
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java?rev=1375073&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlValidatorProvider.java Mon Aug 20 15:45:41 2012
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization;
+
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.oak.api.CoreValueFactory;
+import org.apache.jackrabbit.oak.spi.commit.Validator;
+import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
+import org.apache.jackrabbit.oak.spi.state.NodeState;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * AccessControlValidatorProvider... TODO
+ */
+class AccessControlValidatorProvider implements ValidatorProvider {
+
+ /**
+ * logger instance
+ */
+ private static final Logger log = LoggerFactory.getLogger(AccessControlValidatorProvider.class);
+
+ public AccessControlValidatorProvider(CoreValueFactory valueFactory, AccessControlContext accessControlContext) {
+ // TODO
+ }
+
+ @Nonnull
+ @Override
+ public Validator getRootValidator(NodeState before, NodeState after) {
+ return new AccessControlValidator();
+ }
+}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java?rev=1375073&r1=1375072&r2=1375073&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/PermissionValidatorProvider.java Mon Aug 20 15:45:41 2012
@@ -30,7 +30,7 @@ import org.apache.jackrabbit.oak.util.No
/**
* PermissionValidatorProvider... TODO
*/
-public class PermissionValidatorProvider implements ValidatorProvider {
+class PermissionValidatorProvider implements ValidatorProvider {
private final CoreValueFactory coreValueFactory;
private final AccessControlContext accessControlContext;
@@ -48,4 +48,4 @@ public class PermissionValidatorProvider
NodeUtil rootAfter = new NodeUtil(new ReadOnlyTree(after), coreValueFactory, NamePathMapper.DEFAULT);
return new PermissionValidator(accessControlContext.getPermissions(), rootBefore, rootAfter);
}
-}
\ No newline at end of file
+}
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/DefaultValidatorProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/DefaultValidatorProvider.java?rev=1375073&view=auto
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/DefaultValidatorProvider.java (added)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/commit/DefaultValidatorProvider.java Mon Aug 20 15:45:41 2012
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.commit;
+
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.oak.spi.state.NodeState;
+
+/**
+ * Validator provider that returns a new instance of {@link DefaultValidator}.
+ */
+public class DefaultValidatorProvider implements ValidatorProvider {
+
+ @Nonnull
+ @Override
+ public Validator getRootValidator(NodeState before, NodeState after) {
+ return new DefaultValidator();
+ }
+}
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContext.java?rev=1375073&r1=1375072&r2=1375073&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContext.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/AccessControlContext.java Mon Aug 20 15:45:41 2012
@@ -19,6 +19,11 @@ package org.apache.jackrabbit.oak.spi.se
import java.security.Principal;
import java.util.Set;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.CoreValue;
+import org.apache.jackrabbit.oak.api.CoreValueFactory;
+import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+
/**
* PermissionProvider... TODO
*/
@@ -28,4 +33,8 @@ public interface AccessControlContext {
// TODO define how permissions eval is bound to a particular revision/branch. (passing Tree?)
CompiledPermissions getPermissions();
+
+ ValidatorProvider getPermissionValidatorProvider(CoreValueFactory valueFactory);
+
+ ValidatorProvider getAccessControlValdatorProvider(CoreValueFactory valueFactory);
}
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestAcContext.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestAcContext.java?rev=1375073&r1=1375072&r2=1375073&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestAcContext.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/core/TestAcContext.java Mon Aug 20 15:45:41 2012
@@ -19,6 +19,9 @@ package org.apache.jackrabbit.oak.core;
import java.security.Principal;
import java.util.Set;
+import org.apache.jackrabbit.oak.api.CoreValueFactory;
+import org.apache.jackrabbit.oak.spi.commit.DefaultValidatorProvider;
+import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AccessControlContext;
import org.apache.jackrabbit.oak.spi.security.authorization.CompiledPermissions;
import org.slf4j.Logger;
@@ -54,4 +57,14 @@ public class TestAcContext implements Ac
}
};
}
+
+ @Override
+ public ValidatorProvider getPermissionValidatorProvider(CoreValueFactory valueFactory) {
+ return new DefaultValidatorProvider();
+ }
+
+ @Override
+ public ValidatorProvider getAccessControlValdatorProvider(CoreValueFactory valueFactory) {
+ return new DefaultValidatorProvider();
+ }
}