Author: angela
Date: Tue Jul 30 09:34:15 2013
New Revision: 1508359
URL: http://svn.apache.org/r1508359
Log:
OAK-64 : Privilege Management
- adjust security configuration and drop special treatment of privilege
configuration in the Oak utility
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/lifecycle/RepositoryInitializer.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/lifecycle/WorkspaceInitializer.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java?rev=1508359&r1=1508358&r2=1508359&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/Oak.java
Tue Jul 30 09:34:15 2013
@@ -16,9 +16,6 @@
*/
package org.apache.jackrabbit.oak;
-import static com.google.common.base.Preconditions.checkNotNull;
-import static com.google.common.collect.Lists.newArrayList;
-
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
@@ -28,7 +25,6 @@ import java.util.concurrent.ScheduledThr
import java.util.concurrent.ThreadFactory;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
-
import javax.annotation.Nonnull;
import javax.jcr.NoSuchWorkspaceException;
import javax.management.JMException;
@@ -65,7 +61,6 @@ import org.apache.jackrabbit.oak.spi.que
import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.spi.state.NodeStore;
@@ -73,6 +68,9 @@ import org.apache.jackrabbit.oak.spi.whi
import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardUtils;
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.collect.Lists.newArrayList;
+
/**
* Builder class for constructing {@link ContentRepository} instances with
* a set of specified plugin components. This class acts as a public facade
@@ -338,7 +336,12 @@ public class Oak {
@Nonnull
public Oak with(@Nonnull SecurityProvider securityProvider) {
this.securityProvider = checkNotNull(securityProvider);
-
initializers.add(securityProvider.getConfiguration(PrivilegeConfiguration.class).getPrivilegeInitializer());
+ for (SecurityConfiguration sc : securityProvider.getConfigurations()) {
+ RepositoryInitializer ri = sc.getRepositoryInitializer();
+ if (ri != RepositoryInitializer.DEFAULT) {
+ initializers.add(ri);
+ }
+ }
return this;
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java?rev=1508359&r1=1508358&r2=1508359&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
Tue Jul 30 09:34:15 2013
@@ -42,17 +42,17 @@ public class PrivilegeConfigurationImpl
return new PrivilegeManagerImpl(root, namePathMapper);
}
+ //----------------------------------------------< SecurityConfiguration
>---
@Nonnull
@Override
- public RepositoryInitializer getPrivilegeInitializer() {
- return new PrivilegeInitializer();
+ public String getName() {
+ return NAME;
}
- //----------------------------------------------< SecurityConfiguration
>---
@Nonnull
@Override
- public String getName() {
- return NAME;
+ public RepositoryInitializer getRepositoryInitializer() {
+ return new PrivilegeInitializer();
}
@Nonnull
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/lifecycle/RepositoryInitializer.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/lifecycle/RepositoryInitializer.java?rev=1508359&r1=1508358&r2=1508359&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/lifecycle/RepositoryInitializer.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/lifecycle/RepositoryInitializer.java
Tue Jul 30 09:34:15 2013
@@ -29,6 +29,17 @@ import org.apache.jackrabbit.oak.spi.sta
public interface RepositoryInitializer {
/**
+ * Default implementation that returns the given {@code state} without
+ * making any changes.
+ */
+ RepositoryInitializer DEFAULT = new RepositoryInitializer() {
+ @Override
+ public NodeState initialize(NodeState state) {
+ return state;
+ }
+ };
+
+ /**
* Initializes repository content. This method is called as soon as a
* repository becomes available. Note that the repository may already
* have been initialized, so the implementation of this method should
@@ -37,5 +48,4 @@ public interface RepositoryInitializer {
* @param state the current state of the repository
*/
NodeState initialize(NodeState state);
-
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/lifecycle/WorkspaceInitializer.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/lifecycle/WorkspaceInitializer.java?rev=1508359&r1=1508358&r2=1508359&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/lifecycle/WorkspaceInitializer.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/lifecycle/WorkspaceInitializer.java
Tue Jul 30 09:34:15 2013
@@ -31,6 +31,14 @@ import org.apache.jackrabbit.oak.spi.sta
*/
public interface WorkspaceInitializer {
+ WorkspaceInitializer DEFAULT = new WorkspaceInitializer() {
+ @Nonnull
+ @Override
+ public NodeState initialize(NodeState workspaceRoot, String
workspaceName, QueryIndexProvider indexProvider, CommitHook commitHook) {
+ return workspaceRoot;
+ }
+ };
+
/**
* Initialize the content of a new workspace. This method is called before
* the workspace becomes available.
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java?rev=1508359&r1=1508358&r2=1508359&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/OpenSecurityProvider.java
Tue Jul 30 09:34:15 2013
@@ -20,11 +20,6 @@ import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import com.google.common.collect.ImmutableList;
-import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
-import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.spi.lifecycle.CompositeInitializer;
-import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
import
org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration;
import
org.apache.jackrabbit.oak.spi.security.authentication.OpenAuthenticationConfiguration;
import
org.apache.jackrabbit.oak.spi.security.authorization.AccessControlConfiguration;
@@ -47,7 +42,7 @@ public class OpenSecurityProvider implem
@Nonnull
@Override
public Iterable<? extends SecurityConfiguration> getConfigurations() {
- return ImmutableList.of(new OpenAuthenticationConfiguration(), new
OpenAccessControlConfiguration(), new OpenPrivilegeConfiguration());
+ return ImmutableList.of(new OpenAuthenticationConfiguration(), new
OpenAccessControlConfiguration());
}
@Nonnull
@@ -62,23 +57,9 @@ public class OpenSecurityProvider implem
} else if (PrincipalConfiguration.class == configClass) {
throw new UnsupportedOperationException();
} else if (PrivilegeConfiguration.class == configClass) {
- return (T) new OpenPrivilegeConfiguration();
+ throw new UnsupportedOperationException();
} else {
throw new IllegalArgumentException("Unsupported security
configuration class " + configClass);
}
}
-
- private static final class OpenPrivilegeConfiguration extends
SecurityConfiguration.Default implements PrivilegeConfiguration {
- @Nonnull
- @Override
- public PrivilegeManager getPrivilegeManager(Root root, NamePathMapper
namePathMapper) {
- throw new UnsupportedOperationException();
- }
-
- @Nonnull
- @Override
- public RepositoryInitializer getPrivilegeInitializer() {
- return new CompositeInitializer();
- }
- }
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java?rev=1508359&r1=1508358&r2=1508359&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
Tue Jul 30 09:34:15 2013
@@ -22,9 +22,8 @@ import javax.annotation.Nonnull;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
-import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
-import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
/**
@@ -32,15 +31,44 @@ import org.apache.jackrabbit.oak.spi.xml
*/
public interface SecurityConfiguration {
+ /**
+ * Returns the name of this security configuration.
+ *
+ * @return The name of this configuration.
+ */
@Nonnull
String getName();
+ /**
+ * Returns the configuration parameters associated with this security
+ * configuration instance. If no parameters are present
+ * {@link ConfigurationParameters#EMPTY} should be returned.
+ *
+ * @return The configuration parameters.
+ */
@Nonnull
ConfigurationParameters getParameters();
+ /**
+ * Returns a workspace initializer for this security configuration. If this
+ * configuration doesn't require any specific workspace initialization
+ * {@link WorkspaceInitializer#DEFAULT} should be returned.
+ *
+ * @return An instance of {@code WorkspaceInitializer}.
+ */
@Nonnull
WorkspaceInitializer getWorkspaceInitializer();
+ /**
+ * Returns a repository initializer for this security configuration. If
this
+ * configuration doesn't require any specific repository initialization
+ * {@link RepositoryInitializer#DEFAULT} should be returned.
+ *
+ * @return An instance of {@code RepositoryInitializer}.
+ */
+ @Nonnull
+ RepositoryInitializer getRepositoryInitializer();
+
@Nonnull
List<? extends CommitHook> getCommitHooks(String workspaceName);
@@ -54,7 +82,8 @@ public interface SecurityConfiguration {
Context getContext();
/**
- * Default implementation that provides empty validators/parameters.
+ * Default implementation that provides empty initializers, validators,
+ * commit hooks and parameters.
*/
class Default implements SecurityConfiguration {
@@ -73,13 +102,13 @@ public interface SecurityConfiguration {
@Nonnull
@Override
public WorkspaceInitializer getWorkspaceInitializer() {
- return new WorkspaceInitializer() {
- @Nonnull
- @Override
- public NodeState initialize(NodeState workspaceRoot, String
workspaceName, QueryIndexProvider indexProvider, CommitHook commitHook) {
- return workspaceRoot;
- }
- };
+ return WorkspaceInitializer.DEFAULT;
+ }
+
+ @Nonnull
+ @Override
+ public RepositoryInitializer getRepositoryInitializer() {
+ return RepositoryInitializer.DEFAULT;
}
@Nonnull
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java?rev=1508359&r1=1508358&r2=1508359&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeConfiguration.java
Tue Jul 30 09:34:15 2013
@@ -21,7 +21,6 @@ import javax.annotation.Nonnull;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
/**
@@ -40,13 +39,4 @@ public interface PrivilegeConfiguration
*/
@Nonnull
PrivilegeManager getPrivilegeManager(Root root, NamePathMapper
namePathMapper);
-
- /**
- * Returns the privilege specific repository initializer.
- *
- * @return An instance of {@code RepositoryInitializer} that initializes
- * the built-in privileges.
- */
- @Nonnull
- RepositoryInitializer getPrivilegeInitializer();
}
