Author: chetanm
Date: Sun Jan 4 09:08:25 2015
New Revision: 1649301
URL: http://svn.apache.org/r1649301
Log:
SLING-4277 - Enable JAAS integration with Oak
-- Use SecurityProvider registered by Oak instead of instantiating a custom one
-- Add OSGi config to enable JR2 compatible config. This replaces the config as
created in buildSecurityConfig
-- Replace the various login method with a single login method which is
eventually called by RepositoryImpl
-- Add import for Felix JAAS package
Added:
sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.security.user.UserConfigurationImpl.config
(with props)
sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider.config
(with props)
Modified:
sling/trunk/bundles/jcr/oak-server/pom.xml
sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/JcrRepositoryHacks.java
sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/OakSlingRepositoryManager.java
Modified: sling/trunk/bundles/jcr/oak-server/pom.xml
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/oak-server/pom.xml?rev=1649301&r1=1649300&r2=1649301&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/oak-server/pom.xml (original)
+++ sling/trunk/bundles/jcr/oak-server/pom.xml Sun Jan 4 09:08:25 2015
@@ -63,6 +63,7 @@
com.mongodb;resolution:=optional,
org.apache.jackrabbit.oak.security.user;resolution:=optional,
org.apache.jackrabbit.oak.spi.security.authentication,
+ org.apache.felix.jaas.boot,
*
</Import-Package>
Modified:
sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/JcrRepositoryHacks.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/JcrRepositoryHacks.java?rev=1649301&r1=1649300&r2=1649301&view=diff
==============================================================================
---
sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/JcrRepositoryHacks.java
(original)
+++
sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/JcrRepositoryHacks.java
Sun Jan 4 09:08:25 2015
@@ -31,74 +31,23 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
class JcrRepositoryHacks extends RepositoryImpl {
-
- // TODO TCCL switching shouldn't be needed?
- // LoginModules are not found without this
- static abstract class LoginHelper {
- Session TCCLLogin() throws RepositoryException {
- final Thread thread = Thread.currentThread();
- final ClassLoader loader = thread.getContextClassLoader();
- try {
- thread.setContextClassLoader(Oak.class.getClassLoader());
- return doLogin();
- } finally {
- thread.setContextClassLoader(loader);
- }
-
- }
-
- protected abstract Session doLogin() throws RepositoryException;
- };
-
+
JcrRepositoryHacks(ContentRepository contentRepository, Whiteboard
whiteboard,
SecurityProvider securityProvider, int observationQueueLenght,
CommitRateLimiter commitRateLimiter) {
super(contentRepository, whiteboard, securityProvider,
observationQueueLenght, commitRateLimiter);
}
-
- @Override
- public Session login() throws RepositoryException {
- return new LoginHelper() {
- protected Session doLogin() throws RepositoryException {
- return JcrRepositoryHacks.super.login();
- }
- }.TCCLLogin();
- }
-
- @Override
- public Session login(final Credentials creds, final String workspace,
final Map<String, Object> opt)
- throws RepositoryException {
- return new LoginHelper() {
- protected Session doLogin() throws RepositoryException {
- return JcrRepositoryHacks.super.login(creds, workspace, opt);
- }
- }.TCCLLogin();
- }
@Override
- public Session login(final Credentials credentials) throws
RepositoryException {
- return new LoginHelper() {
- protected Session doLogin() throws RepositoryException {
- return JcrRepositoryHacks.super.login(credentials);
- }
- }.TCCLLogin();
- }
-
- @Override
- public Session login(final String workspace) throws RepositoryException {
- return new LoginHelper() {
- protected Session doLogin() throws RepositoryException {
- return JcrRepositoryHacks.super.login(workspace);
- }
- }.TCCLLogin();
- }
-
- @Override
- public Session login(final Credentials credentials, final String workspace)
- throws RepositoryException {
- return new LoginHelper() {
- protected Session doLogin() throws RepositoryException {
- return JcrRepositoryHacks.super.login(credentials, workspace);
- }
- }.TCCLLogin();
+ public Session login(
+ Credentials credentials, String workspace,
+ Map<String, Object> attributes) throws RepositoryException {
+ Thread thread = Thread.currentThread();
+ ClassLoader loader = thread.getContextClassLoader();
+ try {
+ thread.setContextClassLoader(Oak.class.getClassLoader());
+ return super.login(credentials, workspace, attributes);
+ } finally {
+ thread.setContextClassLoader(loader);
+ }
}
}
\ No newline at end of file
Modified:
sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/OakSlingRepositoryManager.java
URL:
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/OakSlingRepositoryManager.java?rev=1649301&r1=1649300&r2=1649301&view=diff
==============================================================================
---
sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/OakSlingRepositoryManager.java
(original)
+++
sling/trunk/bundles/jcr/oak-server/src/main/java/org/apache/sling/oak/server/OakSlingRepositoryManager.java
Sun Jan 4 09:08:25 2015
@@ -19,12 +19,13 @@ package org.apache.sling.oak.server;
import static com.google.common.collect.ImmutableSet.of;
import static java.util.Collections.singleton;
+import static org.apache.felix.scr.annotations.ReferencePolicy.STATIC;
+import static org.apache.felix.scr.annotations.ReferencePolicyOption.GREEDY;
import static
org.apache.jackrabbit.oak.plugins.index.IndexConstants.INDEX_DEFINITIONS_NAME;
import static
org.apache.jackrabbit.oak.plugins.index.IndexUtils.createIndexDefinition;
import java.util.Arrays;
import java.util.Dictionary;
-import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import java.util.TreeMap;
@@ -34,7 +35,6 @@ import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.Privilege;
-import javax.security.auth.login.Configuration;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
@@ -60,24 +60,17 @@ import org.apache.jackrabbit.oak.plugins
import org.apache.jackrabbit.oak.plugins.nodetype.write.InitialContent;
import org.apache.jackrabbit.oak.plugins.observation.CommitRateLimiter;
import org.apache.jackrabbit.oak.plugins.version.VersionEditorProvider;
-import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
import org.apache.jackrabbit.oak.spi.commit.EditorHook;
import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
-import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
-import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
-import org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.oak.spi.state.NodeStore;
import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardIndexEditorProvider;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardIndexProvider;
-import org.apache.jackrabbit.oak.spi.xml.ImportBehavior;
-import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.apache.sling.commons.threads.ThreadPool;
import org.apache.sling.commons.threads.ThreadPoolManager;
@@ -208,9 +201,11 @@ public class OakSlingRepositoryManager e
return this.namespaceMappers;
}
+ @Reference(policy = STATIC, policyOption = GREEDY)
+ private SecurityProvider securityProvider = null;
+
@Override
protected Repository acquireRepository() {
- final SecurityProvider securityProvider = new
SecurityProviderImpl(buildSecurityConfig());
this.adminUserName =
securityProvider.getConfiguration(UserConfiguration.class).getParameters().getConfigValue(
UserConstants.PARAM_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID);
@@ -330,8 +325,6 @@ public class OakSlingRepositoryManager e
@Activate
private void activate(ComponentContext componentContext) {
- // FIXME GRANITE-2315
-
Configuration.setConfiguration(ConfigurationUtil.getJackrabbit2Configuration(ConfigurationParameters.EMPTY));
this.componentContext = componentContext;
@SuppressWarnings("unchecked")
@@ -435,23 +428,6 @@ public class OakSlingRepositoryManager e
}
- // TODO: use proper osgi configuration (once that works in oak)
- private static ConfigurationParameters buildSecurityConfig() {
- Map<String, Object> userConfig = new HashMap<String, Object>();
- userConfig.put(UserConstants.PARAM_GROUP_PATH, "/home/groups");
- userConfig.put(UserConstants.PARAM_USER_PATH, "/home/users");
- userConfig.put(UserConstants.PARAM_DEFAULT_DEPTH, 1);
- userConfig.put(AccessControlAction.USER_PRIVILEGE_NAMES, new String[]
{ PrivilegeConstants.JCR_ALL });
- userConfig.put(AccessControlAction.GROUP_PRIVILEGE_NAMES, new String[]
{ PrivilegeConstants.JCR_READ });
- userConfig.put(ProtectedItemImporter.PARAM_IMPORT_BEHAVIOR,
ImportBehavior.NAME_BESTEFFORT);
-
- Map<String, Object> config = new HashMap<String, Object>();
- config.put(
- UserConfiguration.NAME,
- ConfigurationParameters.of(userConfig));
- return ConfigurationParameters.of(config);
- }
-
private static int getObservationQueueLength(ComponentContext context) {
Dictionary<?, ?> properties = context.getProperties();
Object value = properties.get(OBSERVATION_QUEUE_LENGTH);
Added:
sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.security.user.UserConfigurationImpl.config
URL:
http://svn.apache.org/viewvc/sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.security.user.UserConfigurationImpl.config?rev=1649301&view=auto
==============================================================================
---
sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.security.user.UserConfigurationImpl.config
(added)
+++
sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.security.user.UserConfigurationImpl.config
Sun Jan 4 09:08:25 2015
@@ -0,0 +1,4 @@
+groupsPath="/home/groups"
+usersPath="/home/users"
+defaultDepth="1"
+importBehavior="besteffort"
\ No newline at end of file
Propchange:
sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.security.user.UserConfigurationImpl.config
------------------------------------------------------------------------------
svn:eol-style = native
Added:
sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider.config
URL:
http://svn.apache.org/viewvc/sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider.config?rev=1649301&view=auto
==============================================================================
---
sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider.config
(added)
+++
sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider.config
Sun Jan 4 09:08:25 2015
@@ -0,0 +1,3 @@
+enabledActions=["org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction"]
+userPrivilegeNames=["jcr:all"]
+groupPrivilegeNames=["jcr:read"]
\ No newline at end of file
Propchange:
sling/trunk/launchpad/builder/src/main/config/oak/org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider.config
------------------------------------------------------------------------------
svn:eol-style = native
