You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by st...@apache.org on 2018/04/09 09:50:22 UTC
svn commit: r1828689 - in /jackrabbit/oak/trunk:
oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/
oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/
oak-c...
Author: stillalex
Date: Mon Apr 9 09:50:21 2018
New Revision: 1828689
URL: http://svn.apache.org/viewvc?rev=1828689&view=rev
Log:
OAK-7340 Remove SecurityProviderImpl usage from tests
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImplTest.java
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/composite.md
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/cug.md
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/restriction.md
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizableaction.md
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizablenodename.md
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java?rev=1828689&r1=1828688&r2=1828689&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java Mon Apr 9 09:50:21 2018
@@ -192,13 +192,17 @@ public class CugConfiguration extends Co
return CugContext.INSTANCE;
}
+ @Override
+ public void setParameters(ConfigurationParameters config) {
+ super.setParameters(config);
+ supportedPaths = CugUtil.getSupportedPaths(config, mountInfoProvider);
+ }
+
//----------------------------------------------------< SCR Integration >---
@SuppressWarnings("UnusedDeclaration")
@Activate
protected void activate(Map<String, Object> properties) {
- ConfigurationParameters params = ConfigurationParameters.of(properties);
- setParameters(params);
- supportedPaths = CugUtil.getSupportedPaths(params, mountInfoProvider);
+ setParameters(ConfigurationParameters.of(properties));
}
@SuppressWarnings("UnusedDeclaration")
Modified: jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java?rev=1828689&r1=1828688&r2=1828689&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java (original)
+++ jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java Mon Apr 9 09:50:21 2018
@@ -33,7 +33,7 @@ final class CugSecurityProvider {
CugConfiguration cugConfiguration = new CugConfiguration();
ConfigurationParameters params = configuration.getConfigValue(AuthorizationConfiguration.NAME, ConfigurationParameters.EMPTY);
- cugConfiguration.activate(params);
+ cugConfiguration.setParameters(params);
SecurityProvider sp = SecurityProviderBuilder.newBuilder().with(configuration).build();
SecurityProviderHelper.updateConfig(sp, cugConfiguration, AuthorizationConfiguration.class);
Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImplTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImplTest.java?rev=1828689&r1=1828688&r2=1828689&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImplTest.java (original)
+++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImplTest.java Mon Apr 9 09:50:21 2018
@@ -24,11 +24,16 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder;
import org.apache.jackrabbit.oak.security.user.UserConfigurationImpl;
+import org.apache.jackrabbit.oak.spi.security.CompositeConfiguration;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import org.apache.jackrabbit.oak.spi.security.principal.EmptyPrincipalProvider;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalManagerImpl;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
@@ -148,4 +153,35 @@ public class PrincipalConfigurationImplT
PrincipalProvider pp = pc3.getPrincipalProvider(root, NamePathMapper.DEFAULT);
assertTrue(pp instanceof PrincipalProviderImpl);
}
+
+ @Test
+ public void testGetPrincipalProvider5() {
+ PrincipalProvider pp = EmptyPrincipalProvider.INSTANCE;
+
+ PrincipalConfigurationImpl pc = new PrincipalConfigurationImpl() {
+
+ @Override
+ public PrincipalProvider getPrincipalProvider(Root root, NamePathMapper namePathMapper) {
+ return pp;
+ }
+ };
+
+ ConfigurationParameters params = ConfigurationParameters.EMPTY;
+ pc.setParameters(params);
+ SecurityProvider securityProvider = SecurityProviderBuilder.newBuilder().with(params).build();
+
+ CompositeConfiguration<PrincipalConfiguration> composite = (CompositeConfiguration) securityProvider
+ .getConfiguration(PrincipalConfiguration.class);
+ PrincipalConfiguration defConfig = composite.getDefaultConfig();
+
+ pc.setSecurityProvider(securityProvider);
+ pc.setRootProvider(((ConfigurationBase) defConfig).getRootProvider());
+ pc.setTreeProvider(((ConfigurationBase) defConfig).getTreeProvider());
+
+ composite.addConfiguration(pc);
+ composite.addConfiguration(defConfig);
+
+ PrincipalProvider ppt = pc.getPrincipalProvider(root, NamePathMapper.DEFAULT);
+ assertEquals(pp, ppt);
+ }
}
\ No newline at end of file
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/composite.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/composite.md?rev=1828689&r1=1828688&r2=1828689&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/composite.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/composite.md Mon Apr 9 09:50:21 2018
@@ -164,15 +164,15 @@ the Oak repository:
`requiredServicePids` property of the `SecurityProviderRegistration` _("Apache Jackrabbit Oak SecurityProvider")_
i.e. forcing the recreation of the `SecurityProvider`.
- in a non-OSGi setup this requires adding the configuration
- to the `SecurityProvider` (e.g. _SecurityProviderImpl.bindAuthorizationConfiguration_)
+ to the `SecurityProvider` (e.g. _SecurityProviderBuilder.newBuilder().with(params).build()_)
and subsequently creating the JCR/Oak repository object.
-
+
**Important Note**
Despite the fact that Oak supports the aggregation of multiple authorization
models, this extension is only recommended for experts that have in-depth
knowledge and understanding of Jackrabbit/Oak authorization concepts. Doing so
might otherwise result in severe security issues and heavily impact overall performance.
-
+
<!-- hidden references -->
[PolicyOwner]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/PolicyOwner.html
[AggregatedPermissionProvider]: /oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authorization/permission/AggregatedPermissionProvider.html
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/cug.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/cug.md?rev=1828689&r1=1828688&r2=1828689&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/cug.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/cug.md Mon Apr 9 09:50:21 2018
@@ -276,18 +276,27 @@ unit tests for an alternative approach.
CugConfiguration cug = new CugConfiguration();
cug.setParameters(params);
- // bind it to the security provider (simplified => subclassing required due to protected access)
- SecurityProviderImpl securityProvider = new SecurityProviderImpl();
- securityProvider.bindAuthorizationConfiguration(cug);
+ // bind it to the security provider
+ SecurityProvider securityProvider = SecurityProviderBuilder.newBuilder().with(configuration).build();
+
+ CompositeConfiguration<AuthorizationConfiguration> composite = (CompositeConfiguration) securityProvider
+ .getConfiguration(AuthorizationConfiguration.class);
+ AuthorizationConfiguration defConfig = composite.getDefaultConfig();
+
+ cug.setSecurityProvider(securityProvider);
+ cug.setRootProvider(((ConfigurationBase) defConfig).getRootProvider());
+ cug.setTreeProvider(((ConfigurationBase) defConfig).getTreeProvider());
+ composite.addConfiguration(cug);
+ composite.addConfiguration(defConfig);
// create the Oak repository (alternatively: create the JCR repository)
Oak oak = new Oak()
.with(new InitialContent())
// TODO: add all required editors
.with(securityProvider);
- withEditors(oak);
- ContentRepository contentRepository = oak.createContentRepository();
-
+ withEditors(oak);
+ ContentRepository contentRepository = oak.createContentRepository();
+
#### Customize CugExclude
The following steps are required in order to customize the `CugExclude` implementation
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/restriction.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/restriction.md?rev=1828689&r1=1828688&r2=1828689&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/restriction.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/authorization/restriction.md Mon Apr 9 09:50:21 2018
@@ -281,7 +281,7 @@ The time-based `RestrictionPattern` used
RestrictionProvider rProvider = CompositeRestrictionProvider.newInstance(new MyRestrictionProvider(), ...);
Map<String, RestrictionProvider> authorizMap = ImmutableMap.of(PARAM_RESTRICTION_PROVIDER, rProvider);
ConfigurationParameters config = ConfigurationParameters.of(ImmutableMap.of(AuthorizationConfiguration.NAME, ConfigurationParameters.of(authorizMap)));
- SecurityProvider securityProvider = new SecurityProviderImpl(config));
+ SecurityProvider securityProvider = SecurityProviderBuilder.newBuilder().with(config).build();
Repository repo = new Jcr(new Oak()).with(securityProvider).createRepository();
<!-- hidden references -->
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md?rev=1828689&r1=1828688&r2=1828689&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md Mon Apr 9 09:50:21 2018
@@ -91,8 +91,8 @@ The following example has been extracted
NodeStore nodeStore = ...
ConfigurationParameters params = ... // TODO: provide config options
- SecurityProvider sp = new SecurityProviderImpl(params);
- // Optional: bind additional/custom implementations of the supported `SecurityConfiguration`s
+ // Optional: set additional/custom implementations of the supported `SecurityConfiguration`s via the params
+ SecurityProvider sp = SecurityProviderBuilder.newBuilder().with(params).build();
Repository repository = new Jcr(nodeStore).with(sp).createRepository();
@@ -216,7 +216,7 @@ See section [pluggability](#pluggability
| Parameter | Type | Default | Description |
|--------------------------|----------|-----------|------------------------|
-| `Authorization Composition Type` | String (AND|OR) | AND | The Composite Authorization model uses this flag to determine what type of logic to apply to the existing providers|
+| `Authorization Composition Type` | String (AND\|OR) | AND | The Composite Authorization model uses this flag to determine what type of logic to apply to the existing providers|
Given a set of permission providers, the composite model can aggregate the results by applying an `AND` logic (for example all providers must allow a specific privilege in order to be granted), or an `OR` (for example any provider can allow a privilege). By default the `AND` version is used.
@@ -294,9 +294,23 @@ interface definition.
Extend the default `SecurityProvider` with a custom `PrincipalConfiguration`.
See also _oak-exercise_ module for an example.
- SecurityProvider sp = new SecurityProviderImpl();
- sp.bindPrincipalConfiguration(new MyPrincipalConfiguration());
- Repository repository = new Jcr().with(sp).createRepository();
+ MyPrincipalConfiguration pc = new MyPrincipalConfiguration();
+
+ ConfigurationParameters params = ConfigurationParameters.EMPTY;
+ pc.setParameters(params);
+ SecurityProvider securityProvider = SecurityProviderBuilder.newBuilder().with(params).build();
+
+ CompositeConfiguration<PrincipalConfiguration> composite = (CompositeConfiguration) securityProvider
+ .getConfiguration(PrincipalConfiguration.class);
+ PrincipalConfiguration defConfig = composite.getDefaultConfig();
+
+ pc.setSecurityProvider(securityProvider);
+ pc.setRootProvider(((ConfigurationBase) defConfig).getRootProvider());
+ pc.setTreeProvider(((ConfigurationBase) defConfig).getTreeProvider());
+ composite.addConfiguration(pc);
+ composite.addConfiguration(defConfig);
+
+ Repository repo = new Jcr(new Oak()).with(securityProvider).createRepository();
##### Initialization of SecurityConfiguration(s)
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizableaction.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizableaction.md?rev=1828689&r1=1828688&r2=1828689&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizableaction.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizableaction.md Mon Apr 9 09:50:21 2018
@@ -183,7 +183,7 @@ that will later be used to store various
Map<String, Object> userParams = new HashMap<String, Object>();
userParams.put(UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER, new MyAuthorizableActionProvider());
ConfigurationParameters config = ConfigurationParameters.of(ImmutableMap.of(UserConfiguration.NAME, ConfigurationParameters.of(userParams)));
- SecurityProvider securityProvider = new SecurityProviderImpl(config));
+ SecurityProvider securityProvider = SecurityProviderBuilder.newBuilder().with(config).build();
Repository repo = new Jcr(new Oak()).with(securityProvider).createRepository();
Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizablenodename.md
URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizablenodename.md?rev=1828689&r1=1828688&r2=1828689&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizablenodename.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/authorizablenodename.md Mon Apr 9 09:50:21 2018
@@ -101,7 +101,7 @@ to the user configuration as follows:
Map<String, Object> userParams = new HashMap<String, Object>();
userParams.put(UserConstants.PARAM_AUTHORIZABLE_NODE_NAME, new UUIDNodeName());
ConfigurationParameters config = ConfigurationParameters.of(ImmutableMap.of(UserConfiguration.NAME, ConfigurationParameters.of(userParams)));
- SecurityProvider securityProvider = new SecurityProviderImpl(config));
+ SecurityProvider securityProvider = SecurityProviderBuilder.newBuilder().with(config).build();
Repository repo = new Jcr(new Oak()).with(securityProvider).createRepository();
<!-- hidden references -->