Author: jukka
Date: Thu Sep 19 20:38:54 2013
New Revision: 1524828
URL: http://svn.apache.org/r1524828
Log:
OAK-1028: Pass Subject directly to the permission validator
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java?rev=1524828&r1=1524827&r2=1524828&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/core/AbstractRoot.java
Thu Sep 19 20:38:54 2013
@@ -239,21 +239,7 @@ public abstract class AbstractRoot imple
public void commit(final CommitHook... hooks) throws CommitFailedException
{
checkLive();
purgePendingChanges();
- CommitFailedException exception = Subject.doAs(
- getCommitSubject(), new
PrivilegedAction<CommitFailedException>() {
- @Override
- public CommitFailedException run() {
- try {
- branch.merge(getCommitHook(hooks), postHook);
- return null;
- } catch (CommitFailedException e) {
- return e;
- }
- }
- });
- if (exception != null) {
- throw exception;
- }
+ branch.merge(getCommitHook(hooks), postHook);
refresh();
}
@@ -277,7 +263,8 @@ public abstract class AbstractRoot imple
commitHooks.add(ch);
}
}
- List<? extends ValidatorProvider> validators =
sc.getValidators(workspaceName);
+ List<? extends ValidatorProvider> validators =
+ sc.getValidators(workspaceName, getCommitSubject());
if (!validators.isEmpty()) {
commitHooks.add(new
EditorHook(CompositeEditorProvider.compose(validators)));
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java?rev=1524828&r1=1524827&r2=1524828&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
Thu Sep 19 20:38:54 2013
@@ -20,10 +20,13 @@ import java.security.Principal;
import java.util.Collections;
import java.util.List;
import java.util.Set;
+
import javax.annotation.Nonnull;
import javax.jcr.security.AccessControlManager;
+import javax.security.auth.Subject;
import com.google.common.collect.ImmutableList;
+
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.oak.api.Root;
@@ -92,10 +95,11 @@ public class AuthorizationConfigurationI
}
@Override
- public List<ValidatorProvider> getValidators(String workspaceName) {
+ public List<ValidatorProvider> getValidators(
+ String workspaceName, Subject subject) {
return ImmutableList.of(
new PermissionStoreValidatorProvider(),
- new PermissionValidatorProvider(getSecurityProvider()),
+ new PermissionValidatorProvider(getSecurityProvider(),
subject),
new AccessControlValidatorProvider(getSecurityProvider()));
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java?rev=1524828&r1=1524827&r2=1524828&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
Thu Sep 19 20:38:54 2013
@@ -16,7 +16,6 @@
*/
package org.apache.jackrabbit.oak.security.authorization.permission;
-import java.security.AccessController;
import javax.annotation.Nonnull;
import javax.security.auth.Subject;
@@ -45,17 +44,22 @@ public class PermissionValidatorProvider
private final AuthorizationConfiguration acConfig;
private final long jr2Permissions;
+ private final Subject subject;
+
private ReadOnlyNodeTypeManager ntMgr;
private Context acCtx;
private Context userCtx;
- public PermissionValidatorProvider(SecurityProvider securityProvider) {
+ public PermissionValidatorProvider(
+ SecurityProvider securityProvider, Subject subject) {
this.securityProvider = securityProvider;
this.acConfig =
securityProvider.getConfiguration(AuthorizationConfiguration.class);
ConfigurationParameters params = acConfig.getParameters();
String compatValue =
params.getConfigValue(PermissionConstants.PARAM_PERMISSIONS_JR2, null,
String.class);
jr2Permissions = Permissions.getPermissions(compatValue);
+
+ this.subject = subject;
}
//--------------------------------------------------< ValidatorProvider
>---
@@ -97,7 +101,6 @@ public class PermissionValidatorProvider
}
private PermissionProvider getPermissionProvider() {
- Subject subject = Subject.getSubject(AccessController.getContext());
if (subject == null ||
subject.getPublicCredentials(PermissionProvider.class).isEmpty()) {
throw new IllegalStateException("Unable to validate permissions;
no permission provider associated with the commit call.");
} else {
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java?rev=1524828&r1=1524827&r2=1524828&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
Thu Sep 19 20:38:54 2013
@@ -18,7 +18,9 @@ package org.apache.jackrabbit.oak.securi
import java.util.Collections;
import java.util.List;
+
import javax.annotation.Nonnull;
+import javax.security.auth.Subject;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Service;
@@ -68,7 +70,8 @@ public class PrivilegeConfigurationImpl
@Nonnull
@Override
- public List<? extends ValidatorProvider> getValidators(String
workspaceName) {
+ public List<? extends ValidatorProvider> getValidators(
+ String workspaceName, Subject subject) {
return Collections.singletonList(new PrivilegeValidatorProvider());
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java?rev=1524828&r1=1524827&r2=1524828&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java
Thu Sep 19 20:38:54 2013
@@ -18,7 +18,9 @@ package org.apache.jackrabbit.oak.securi
import java.util.Collections;
import java.util.List;
+
import javax.annotation.Nonnull;
+import javax.security.auth.Subject;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Service;
@@ -64,7 +66,8 @@ public class UserConfigurationImpl exten
@Nonnull
@Override
- public List<? extends ValidatorProvider> getValidators(String
workspaceName) {
+ public List<? extends ValidatorProvider> getValidators(
+ String workspaceName, Subject subject) {
return Collections.singletonList(new
UserValidatorProvider(getParameters()));
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java?rev=1524828&r1=1524827&r2=1524828&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/SecurityConfiguration.java
Thu Sep 19 20:38:54 2013
@@ -18,7 +18,9 @@ package org.apache.jackrabbit.oak.spi.se
import java.util.Collections;
import java.util.List;
+
import javax.annotation.Nonnull;
+import javax.security.auth.Subject;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
@@ -73,7 +75,8 @@ public interface SecurityConfiguration {
List<? extends CommitHook> getCommitHooks(String workspaceName);
@Nonnull
- List<? extends ValidatorProvider> getValidators(String workspaceName);
+ List<? extends ValidatorProvider> getValidators(
+ String workspaceName, Subject subject);
@Nonnull
List<ProtectedItemImporter> getProtectedItemImporters();
@@ -119,7 +122,8 @@ public interface SecurityConfiguration {
@Nonnull
@Override
- public List<? extends ValidatorProvider> getValidators(String
workspaceName) {
+ public List<? extends ValidatorProvider> getValidators(
+ String workspaceName, Subject subject) {
return Collections.emptyList();
}
