Author: angela
Date: Thu Feb 28 18:25:22 2013
New Revision: 1451275
URL: http://svn.apache.org/r1451275
Log:
OAK-527: permissions (wip, store must be read-only)
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreValidatorProvider.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java?rev=1451275&r1=1451274&r2=1451275&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AccessControlConfigurationImpl.java
Thu Feb 28 18:25:22 2013
@@ -26,6 +26,7 @@ import javax.jcr.security.AccessControlM
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.version.VersionablePathHook;
+import
org.apache.jackrabbit.oak.security.authorization.permission.PermissionStoreValidatorProvider;
import
org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidatorProvider;
import
org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionProviderImpl;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
@@ -85,7 +86,10 @@ public class AccessControlConfigurationI
@Nonnull
@Override
public CommitHook getCommitHook(@Nonnull final String
workspaceName) {
- return new ValidatingHook(new
PermissionValidatorProvider(securityProvider, workspaceName), new
AccessControlValidatorProvider(securityProvider));
+ return new ValidatingHook(
+ new PermissionStoreValidatorProvider(),
+ new PermissionValidatorProvider(securityProvider,
workspaceName),
+ new AccessControlValidatorProvider(securityProvider));
}
};
}
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreValidatorProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreValidatorProvider.java?rev=1451275&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreValidatorProvider.java
(added)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreValidatorProvider.java
Thu Feb 28 18:25:22 2013
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.permission;
+
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.oak.api.CommitFailedException;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.spi.commit.SubtreeValidator;
+import org.apache.jackrabbit.oak.spi.commit.Validator;
+import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+import org.apache.jackrabbit.oak.spi.state.NodeState;
+
+/**
+ * Validator implementation that asserts that the permission store is
read-only.
+ */
+public class PermissionStoreValidatorProvider implements ValidatorProvider,
PermissionConstants {
+
+ @Nonnull
+ @Override
+ public Validator getRootValidator(NodeState before, NodeState after) {
+ return new SubtreeValidator(new PermissionStoreValidator(),
PERMISSIONS_STORE_PATH);
+ }
+
+ private final static class PermissionStoreValidator implements Validator {
+
+ private static final String errorMsg = "Attempt to modify permission
store.";
+
+ @Override
+ public void propertyAdded(PropertyState after) throws
CommitFailedException {
+ throw new CommitFailedException(errorMsg);
+ }
+
+ @Override
+ public void propertyChanged(PropertyState before, PropertyState after)
throws CommitFailedException {
+ throw new CommitFailedException(errorMsg);
+ }
+
+ @Override
+ public void propertyDeleted(PropertyState before) throws
CommitFailedException {
+ throw new CommitFailedException(errorMsg);
+ }
+
+ @Override
+ public Validator childNodeAdded(String name, NodeState after) throws
CommitFailedException {
+ throw new CommitFailedException(errorMsg);
+ }
+
+ @Override
+ public Validator childNodeChanged(String name, NodeState before,
NodeState after) throws CommitFailedException {
+ throw new CommitFailedException(errorMsg);
+ }
+
+ @Override
+ public Validator childNodeDeleted(String name, NodeState before)
throws CommitFailedException {
+ throw new CommitFailedException(errorMsg);
+ }
+ }
+}
