Author: angela
Date: Thu Sep 12 17:24:44 2013
New Revision: 1522671
URL: http://svn.apache.org/r1522671
Log:
OAK-51 : Access Control Management (simplify permission related code in oak-jcr)
Modified:
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegate.java
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/repository/RepositoryImpl.java
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/AccessManager.java
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/SessionContext.java
Modified:
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegate.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegate.java?rev=1522671&r1=1522670&r2=1522671&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegate.java
(original)
+++
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/SessionDelegate.java
Thu Sep 12 17:24:44 2013
@@ -16,14 +16,8 @@
*/
package org.apache.jackrabbit.oak.jcr.delegate;
-import static com.google.common.base.Preconditions.checkNotNull;
-import static com.google.common.collect.Lists.newArrayList;
-import static org.apache.jackrabbit.oak.commons.PathUtils.denotesRoot;
-import static org.apache.jackrabbit.oak.commons.PathUtils.elements;
-
import java.io.IOException;
import java.util.List;
-
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.jcr.ItemExistsException;
@@ -40,18 +34,15 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.core.IdentifierManager;
+import org.apache.jackrabbit.oak.jcr.security.AccessManager;
import org.apache.jackrabbit.oak.jcr.session.RefreshStrategy;
import org.apache.jackrabbit.oak.jcr.session.operation.SessionOperation;
-import org.apache.jackrabbit.oak.jcr.security.AccessManager;
import org.apache.jackrabbit.oak.spi.commit.Editor;
import org.apache.jackrabbit.oak.spi.commit.EditorHook;
import org.apache.jackrabbit.oak.spi.commit.EditorProvider;
import org.apache.jackrabbit.oak.spi.commit.FailingValidator;
import org.apache.jackrabbit.oak.spi.commit.SubtreeExcludingValidator;
import org.apache.jackrabbit.oak.spi.commit.Validator;
-import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
-import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
-import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.oak.spi.state.NodeState;
@@ -60,6 +51,11 @@ import org.slf4j.LoggerFactory;
import org.slf4j.Marker;
import org.slf4j.MarkerFactory;
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.collect.Lists.newArrayList;
+import static org.apache.jackrabbit.oak.commons.PathUtils.denotesRoot;
+import static org.apache.jackrabbit.oak.commons.PathUtils.elements;
+
/**
* TODO document
*/
@@ -72,7 +68,6 @@ public class SessionDelegate {
private final Root root;
private final IdentifierManager idManager;
- private final PermissionProvider permissionProvider;
private boolean isAlive = true;
private int sessionOpCount;
@@ -88,17 +83,12 @@ public class SessionDelegate {
*
* @param contentSession the content session
* @param refreshStrategy the refresh strategy used for auto refreshing
this session
- * @param securityProvider the security provider
*/
- public SessionDelegate(@Nonnull ContentSession contentSession,
RefreshStrategy refreshStrategy,
- SecurityProvider securityProvider) {
+ public SessionDelegate(@Nonnull ContentSession contentSession,
RefreshStrategy refreshStrategy) {
this.contentSession = checkNotNull(contentSession);
this.refreshStrategy = checkNotNull(refreshStrategy);
this.root = contentSession.getLatestRoot();
this.idManager = new IdentifierManager(root);
- this.permissionProvider = checkNotNull(securityProvider)
- .getConfiguration(AuthorizationConfiguration.class)
- .getPermissionProvider(root,
contentSession.getAuthInfo().getPrincipals());
}
public synchronized void refreshAtNextAccess() {
@@ -306,7 +296,6 @@ public class SessionDelegate {
} catch (CommitFailedException e) {
throw newRepositoryException(e);
}
- permissionProvider.refresh();
}
/**
@@ -334,7 +323,6 @@ public class SessionDelegate {
throw newRepositoryException(e);
}
}
- permissionProvider.refresh();
}
public void refresh(boolean keepChanges) {
@@ -343,7 +331,6 @@ public class SessionDelegate {
} else {
root.refresh();
}
- permissionProvider.refresh();
}
//----------------------------------------------------------< Workspace
>---
@@ -404,11 +391,6 @@ public class SessionDelegate {
return root.getQueryEngine();
}
- @Nonnull
- public PermissionProvider getPermissionProvider() {
- return permissionProvider;
- }
-
/**
* The current {@code Root} instance this session delegate instance
operates on.
* To ensure the returned root reflects the correct repository revision
access
Modified:
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/repository/RepositoryImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/repository/RepositoryImpl.java?rev=1522671&r1=1522670&r2=1522671&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/repository/RepositoryImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/repository/RepositoryImpl.java
Thu Sep 12 17:24:44 2013
@@ -205,8 +205,7 @@ public class RepositoryImpl implements J
RefreshStrategy refreshStrategy =
createRefreshStrategy(refreshInterval);
ContentSession contentSession =
contentRepository.login(credentials, workspaceName);
- SessionDelegate sessionDelegate = new SessionDelegate(
- contentSession, refreshStrategy, securityProvider);
+ SessionDelegate sessionDelegate = new
SessionDelegate(contentSession, refreshStrategy);
SessionContext context = createSessionContext(
securityProvider, createAttributes(refreshInterval),
sessionDelegate);
return context.getSession();
@@ -328,4 +327,4 @@ public class RepositoryImpl implements J
new ThreadSynchronising(threadSaveCount)});
}
-}
\ No newline at end of file
+}
Modified:
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/AccessManager.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/AccessManager.java?rev=1522671&r1=1522670&r2=1522671&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/AccessManager.java
(original)
+++
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/AccessManager.java
Thu Sep 12 17:24:44 2013
@@ -31,18 +31,20 @@ import org.apache.jackrabbit.oak.spi.sec
* AccessManager
*/
public class AccessManager {
+
private final SessionDelegate delegate;
private final PermissionProvider permissionProvider;
- public AccessManager(SessionDelegate delegate) {
+ public AccessManager(SessionDelegate delegate, PermissionProvider
permissionProvider) {
this.delegate = delegate;
- this.permissionProvider = delegate.getPermissionProvider();
+ this.permissionProvider = permissionProvider;
}
public boolean hasPermissions(@Nonnull final String oakPath, @Nonnull
final String actions) {
return delegate.safePerform(new SessionOperation<Boolean>() {
@Override
public Boolean perform() {
+ permissionProvider.refresh();
return permissionProvider.isGranted(oakPath, actions);
}
});
@@ -52,6 +54,7 @@ public class AccessManager {
return delegate.safePerform(new SessionOperation<Boolean>() {
@Override
public Boolean perform() {
+ permissionProvider.refresh();
return permissionProvider.isGranted(tree, property,
permissions);
}
});
@@ -68,4 +71,4 @@ public class AccessManager {
throw new AccessDeniedException("Access denied.");
}
}
-}
\ No newline at end of file
+}
Modified:
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/SessionContext.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/SessionContext.java?rev=1522671&r1=1522670&r2=1522671&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/SessionContext.java
(original)
+++
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/session/SessionContext.java
Thu Sep 12 17:24:44 2013
@@ -16,16 +16,11 @@
*/
package org.apache.jackrabbit.oak.jcr.session;
-import static com.google.common.base.Preconditions.checkNotNull;
-import static com.google.common.collect.Sets.newHashSet;
-import static com.google.common.collect.Sets.newTreeSet;
-
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
-
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.jcr.PathNotFoundException;
@@ -51,8 +46,8 @@ import org.apache.jackrabbit.oak.jcr.del
import org.apache.jackrabbit.oak.jcr.delegate.SessionDelegate;
import org.apache.jackrabbit.oak.jcr.delegate.UserManagerDelegator;
import org.apache.jackrabbit.oak.jcr.observation.ObservationManagerImpl;
-import org.apache.jackrabbit.oak.jcr.session.operation.SessionOperation;
import org.apache.jackrabbit.oak.jcr.security.AccessManager;
+import org.apache.jackrabbit.oak.jcr.session.operation.SessionOperation;
import org.apache.jackrabbit.oak.namepath.LocalNameMapper;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.namepath.NamePathMapperImpl;
@@ -63,6 +58,7 @@ import org.apache.jackrabbit.oak.plugins
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
@@ -71,6 +67,10 @@ import org.apache.jackrabbit.oak.spi.xml
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import static com.google.common.base.Preconditions.checkNotNull;
+import static com.google.common.collect.Sets.newHashSet;
+import static com.google.common.collect.Sets.newTreeSet;
+
/**
* Instances of this class are passed to all JCR implementation classes
* (e.g. {@code SessionImpl}, {@code NodeImpl}, etc.) and provide access to
@@ -97,6 +97,7 @@ public class SessionContext implements N
private WorkspaceImpl workspace = null;
private AccessControlManager accessControlManager;
+ private AccessManager accessManager;
private PrincipalManager principalManager;
private UserManager userManager;
private PrivilegeManager privilegeManager;
@@ -353,7 +354,13 @@ public class SessionContext implements N
@Nonnull
public AccessManager getAccessManager() throws RepositoryException {
- return new AccessManager(delegate);
+ if (accessManager == null) {
+ PermissionProvider pp = checkNotNull(securityProvider)
+ .getConfiguration(AuthorizationConfiguration.class)
+ .getPermissionProvider(delegate.getRoot(),
delegate.getAuthInfo().getPrincipals());
+ accessManager = new AccessManager(delegate, pp);
+ }
+ return accessManager;
}
@Nonnull
