Author: angela
Date: Thu Aug 8 09:05:06 2013
New Revision: 1511631
URL: http://svn.apache.org/r1511631
Log:
OAK-51 : Access Control Management
improve separation between ac-mgt and permission evaluation
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionConstants.java
(contents, props changed)
- copied, changed from r1511389,
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionConstants.java
Removed:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionConstants.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContext.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlInitializer.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreValidatorProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AccessControlConstants.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/Jr2CompatibilityTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionHookTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContext.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContext.java?rev=1511631&r1=1511630&r2=1511631&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContext.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationContext.java
Thu Aug 8 09:05:06 2013
@@ -19,8 +19,8 @@ package org.apache.jackrabbit.oak.securi
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
+import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.util.TreeLocation;
-import
org.apache.jackrabbit.oak.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.util.TreeUtil;
import org.apache.jackrabbit.util.Text;
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlInitializer.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlInitializer.java?rev=1511631&r1=1511630&r2=1511631&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlInitializer.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlInitializer.java
Thu Aug 8 09:05:06 2013
@@ -22,7 +22,7 @@ import com.google.common.collect.Immutab
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.index.IndexUtils;
-import
org.apache.jackrabbit.oak.security.authorization.permission.PermissionConstants;
+import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider;
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java?rev=1511631&r1=1511630&r2=1511631&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
Thu Aug 8 09:05:06 2013
@@ -71,6 +71,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ImmutableACL;
+import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import
org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
@@ -124,7 +125,7 @@ public class AccessControlManagerImpl im
restrictionProvider = acConfig.getRestrictionProvider();
ntMgr = ReadOnlyNodeTypeManager.getInstance(root, namePathMapper);
- readPaths =
ImmutableSet.copyOf(acConfig.getParameters().getConfigValue(PARAM_READ_PATHS,
DEFAULT_READ_PATHS));
+ readPaths =
ImmutableSet.copyOf(acConfig.getParameters().getConfigValue(PermissionConstants.PARAM_READ_PATHS,
PermissionConstants.DEFAULT_READ_PATHS));
}
private static <T> T getConfig(SecurityProvider sp, Class<T> clss) {
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java?rev=1511631&r1=1511630&r2=1511631&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
Thu Aug 8 09:05:06 2013
@@ -38,6 +38,7 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.core.ImmutableTree;
+import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.ReadStatus;
import
org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern;
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java?rev=1511631&r1=1511630&r2=1511631&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
Thu Aug 8 09:05:06 2013
@@ -36,6 +36,7 @@ import org.apache.jackrabbit.oak.core.Tr
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
import org.apache.jackrabbit.oak.spi.commit.PostValidationHook;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
+import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import
org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
import
org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java?rev=1511631&r1=1511630&r2=1511631&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
Thu Aug 8 09:05:06 2013
@@ -38,6 +38,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
+import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.ReadStatus;
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreValidatorProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreValidatorProvider.java?rev=1511631&r1=1511630&r2=1511631&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreValidatorProvider.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreValidatorProvider.java
Thu Aug 8 09:05:06 2013
@@ -22,6 +22,7 @@ import org.apache.jackrabbit.oak.spi.com
import org.apache.jackrabbit.oak.spi.commit.SubtreeValidator;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import static org.apache.jackrabbit.JcrConstants.JCR_SYSTEM;
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java?rev=1511631&r1=1511630&r2=1511631&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
Thu Aug 8 09:05:06 2013
@@ -24,12 +24,12 @@ import org.apache.jackrabbit.oak.core.Im
import org.apache.jackrabbit.oak.core.TreeTypeProviderImpl;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
-import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
@@ -54,7 +54,7 @@ public class PermissionValidatorProvider
this.acConfig =
securityProvider.getConfiguration(AuthorizationConfiguration.class);
ConfigurationParameters params = acConfig.getParameters();
- String compatValue =
params.getNullableConfigValue(AccessControlConstants.PARAM_PERMISSIONS_JR2,
null);
+ String compatValue =
params.getNullableConfigValue(PermissionConstants.PARAM_PERMISSIONS_JR2, null);
jr2Permissions = Permissions.getPermissions(compatValue);
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AccessControlConstants.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AccessControlConstants.java?rev=1511631&r1=1511630&r2=1511631&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AccessControlConstants.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AccessControlConstants.java
Thu Aug 8 09:05:06 2013
@@ -68,69 +68,4 @@ public interface AccessControlConstants
Collection<String> AC_NODETYPE_NAMES = ImmutableSet.of(NT_REP_POLICY,
NT_REP_ACL, NT_REP_ACE, NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_RESTRICTIONS);
- /**
- * Configuration parameter to enforce backwards compatible permission
- * validation with respect to user management and node removal:
- *
- * <ul>
- * <li>User Management: As of OAK 1.0 creation/removal of user and
- * groups as well as modification of user/group specific protected
properties
- * requires {@link
org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions#USER_MANAGEMENT
USER_MANAGEMENT}
- * permissions while in Jackrabbit 2.0 they were covered by regular
item
- * write permissions.</li>
- * <li>Removing Nodes: As of OAK 1.0 removing a node will succeed if
the
- * removal is granted on that specific node irrespective of the
permission
- * granted or denied within the subtree. This contrasts to JR 2.0 where
- * removal of a node only succeeded if all child items (nodes and
properties)
- * could be removed.</li>
- * </ul>
- *
- * In order to enforce backwards compatible behavior of the listed
permissions
- * above the access control configuration setup needs to contain the
- * {@code #PARAM_PERMISSIONS_JR2} configuration parameter whose value is
- * expected to be a comma separated string of permission names for which
- * backwards compatible behavior should be turned on.<p>
- *
- * Currently the following values are respected:
- * <ul>
- * <li>"USER_MANAGEMENT" : to avoid enforcing {@link
Permissions#USER_MANAGEMENT}
- * permission.</li>
- * <li>"REMOVE_NODE" : to enforce permission checks for all items
located
- * in the subtree in case of removal.</li>
- * </ul>
- * @since OAK 1.0
- */
- String PARAM_PERMISSIONS_JR2 = "permissionsJr2";
-
- /**
- * Value of the {@link #PARAM_PERMISSIONS_JR2} configuration parameter that
- * contains all value entries.
- */
- String VALUE_PERMISSIONS_JR2 =
Permissions.getString(Permissions.USER_MANAGEMENT | Permissions.REMOVE_NODE);
-
- /**
- * Configuration parameter to enable full read access to regular nodes and
- * properties at the specified paths.
- *
- * @since OAK 1.0
- */
- String PARAM_READ_PATHS = "readPaths";
-
- /**
- * Default value for the {@link #PARAM_READ_PATHS} configuration parameter.
- */
- String[] DEFAULT_READ_PATHS = new String[] {
- NamespaceConstants.NAMESPACES_PATH,
- NodeTypeConstants.NODE_TYPES_PATH,
- PrivilegeConstants.PRIVILEGES_PATH
- };
-
- /**
- * Configuration parameter specifying additional principals that should be
- * treated as 'administrator' thus get granted full permissions on the
- * complete repository content.
- *
- * @since OAK 1.0
- */
- String PARAM_ADMINISTRATOR_PRINCIPALS = "administratorPrincipals";
}
Copied:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionConstants.java
(from r1511389,
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionConstants.java)
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionConstants.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionConstants.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionConstants.java&r1=1511389&r2=1511631&rev=1511631&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionConstants.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionConstants.java
Thu Aug 8 09:05:06 2013
@@ -14,12 +14,15 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.jackrabbit.oak.security.authorization.permission;
+package org.apache.jackrabbit.oak.spi.security.authorization.permission;
import java.util.Set;
import com.google.common.collect.ImmutableSet;
import org.apache.jackrabbit.JcrConstants;
+import org.apache.jackrabbit.oak.plugins.name.NamespaceConstants;
+import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
/**
* Implementation specific constants related to permission evaluation.
@@ -41,4 +44,72 @@ public interface PermissionConstants {
Set<String> PERMISSION_NODETYPE_NAMES =
ImmutableSet.of(NT_REP_PERMISSIONS, NT_REP_PERMISSION_STORE);
Set<String> PERMISSION_NODE_NAMES = ImmutableSet.of(REP_PERMISSION_STORE);
Set<String> PERMISSION_PROPERTY_NAMES =
ImmutableSet.of(REP_ACCESS_CONTROLLED_PATH, REP_PRIVILEGE_BITS, REP_INDEX);
+
+ /**
+ * Configuration parameter to enforce backwards compatible permission
+ * validation with respect to user management and node removal:
+ *
+ * <ul>
+ * <li>User Management: As of OAK 1.0 creation/removal of user and
+ * groups as well as modification of user/group specific protected
properties
+ * requires {@link Permissions#USER_MANAGEMENT USER_MANAGEMENT}
+ * permissions while in Jackrabbit 2.0 they were covered by regular
item
+ * write permissions.</li>
+ * <li>Removing Nodes: As of OAK 1.0 removing a node will succeed if
the
+ * removal is granted on that specific node irrespective of the
permission
+ * granted or denied within the subtree. This contrasts to JR 2.0 where
+ * removal of a node only succeeded if all child items (nodes and
properties)
+ * could be removed.</li>
+ * </ul>
+ *
+ * In order to enforce backwards compatible behavior of the listed
permissions
+ * above the access control configuration setup needs to contain the
+ * {@code #PARAM_PERMISSIONS_JR2} configuration parameter whose value is
+ * expected to be a comma separated string of permission names for which
+ * backwards compatible behavior should be turned on.<p>
+ *
+ * Currently the following values are respected:
+ * <ul>
+ * <li>"USER_MANAGEMENT" : to avoid enforcing {@link
org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions#USER_MANAGEMENT}
+ * permission.</li>
+ * <li>"REMOVE_NODE" : to enforce permission checks for all items
located
+ * in the subtree in case of removal.</li>
+ * </ul>
+ * @since OAK 1.0
+ */
+ String PARAM_PERMISSIONS_JR2 = "permissionsJr2";
+
+ /**
+ * Value of the {@link #PARAM_PERMISSIONS_JR2} configuration parameter that
+ * contains all value entries.
+ */
+ String VALUE_PERMISSIONS_JR2 =
Permissions.getString(Permissions.USER_MANAGEMENT | Permissions.REMOVE_NODE);
+
+ /**
+ * Configuration parameter specifying additional principals that should be
+ * treated as 'administrator' thus get granted full permissions on the
+ * complete repository content.
+ *
+ * @since OAK 1.0
+ */
+ String PARAM_ADMINISTRATOR_PRINCIPALS = "administratorPrincipals";
+
+ /**
+ * Configuration parameter to enable full read access to regular nodes and
+ * properties at the specified paths.
+ *
+ * @since OAK 1.0
+ */
+ String PARAM_READ_PATHS = "readPaths";
+
+ /**
+ * Default value for the {@link #PARAM_READ_PATHS} configuration parameter.
+ *
+ * @since OAK 1.0
+ */
+ String[] DEFAULT_READ_PATHS = new String[] {
+ NamespaceConstants.NAMESPACES_PATH,
+ NodeTypeConstants.NODE_TYPES_PATH,
+ PrivilegeConstants.PRIVILEGES_PATH
+ };
}
Propchange:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/permission/PermissionConstants.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/Jr2CompatibilityTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/Jr2CompatibilityTest.java?rev=1511631&r1=1511630&r2=1511631&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/Jr2CompatibilityTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/evaluation/Jr2CompatibilityTest.java
Thu Aug 8 09:05:06 2013
@@ -37,7 +37,7 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
-import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
+import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.junit.After;
import org.junit.Before;
@@ -45,7 +45,7 @@ import org.junit.Test;
/**
* Test compatibility with Jackrabbit 2.x using the
- * {@link AccessControlConstants#PARAM_PERMISSIONS_JR2} configuration
parameter.
+ * {@link
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants#PARAM_PERMISSIONS_JR2}
configuration parameter.
*/
public class Jr2CompatibilityTest extends AbstractOakCoreTest {
@@ -82,7 +82,7 @@ public class Jr2CompatibilityTest extend
@Override
protected ConfigurationParameters getSecurityConfigParameters() {
- Map<String, String> map =
Collections.singletonMap(AccessControlConstants.PARAM_PERMISSIONS_JR2,
AccessControlConstants.VALUE_PERMISSIONS_JR2);
+ Map<String, String> map =
Collections.singletonMap(PermissionConstants.PARAM_PERMISSIONS_JR2,
PermissionConstants.VALUE_PERMISSIONS_JR2);
ConfigurationParameters acConfig = new ConfigurationParameters(map);
return new
ConfigurationParameters(ImmutableMap.of(AuthorizationConfiguration.NAME,
acConfig));
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionHookTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionHookTest.java?rev=1511631&r1=1511630&r2=1511631&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionHookTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/AbstractPermissionHookTest.java
Thu Aug 8 09:05:06 2013
@@ -34,6 +34,7 @@ import org.apache.jackrabbit.oak.api.Tre
import org.apache.jackrabbit.oak.api.Type;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlTest;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
+import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImplTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImplTest.java?rev=1511631&r1=1511630&r2=1511631&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImplTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImplTest.java
Thu Aug 8 09:05:06 2013
@@ -42,6 +42,7 @@ import org.apache.jackrabbit.oak.spi.sec
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import
org.apache.jackrabbit.oak.spi.security.authorization.OpenAuthorizationConfiguration;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
+import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.ReadStatus;
import
org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java?rev=1511631&r1=1511630&r2=1511631&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
Thu Aug 8 09:05:06 2013
@@ -33,6 +33,7 @@ import org.apache.jackrabbit.oak.plugins
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
+import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.ReadStatus;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
@@ -84,8 +85,8 @@ public class PermissionProviderImplTest
@Override
protected ConfigurationParameters getSecurityConfigParameters() {
Map<String, Object> map = new HashMap<String, Object>();
- map.put(PARAM_READ_PATHS, READ_PATHS);
- map.put(PARAM_ADMINISTRATOR_PRINCIPALS, new String[]
{ADMINISTRATOR_GROUP});
+ map.put(PermissionConstants.PARAM_READ_PATHS, READ_PATHS);
+ map.put(PermissionConstants.PARAM_ADMINISTRATOR_PRINCIPALS, new
String[] {ADMINISTRATOR_GROUP});
ConfigurationParameters acConfig = new ConfigurationParameters(map);
return new
ConfigurationParameters(ImmutableMap.of(AuthorizationConfiguration.NAME,
acConfig));
