Author: angela
Date: Thu Oct 31 16:54:20 2013
New Revision: 1537553
URL: http://svn.apache.org/r1537553
Log:
OAK-51 Access Control Management (adjust code to implement API modifications ->
see JCR-3641)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlList.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACL.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACLTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/TestACL.java
jackrabbit/oak/trunk/oak-parent/pom.xml
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java?rev=1537553&r1=1537552&r2=1537553&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
Thu Oct 31 16:54:20 2013
@@ -90,10 +90,10 @@ abstract class ACL extends AbstractAcces
}
//----------------------------------------< JackrabbitAccessControlList
>---
-
@Override
public boolean addEntry(Principal principal, Privilege[] privileges,
- boolean isAllow, Map<String, Value> restrictions)
throws RepositoryException {
+ boolean isAllow, Map<String, Value> restrictions,
+ Map<String, Value[]> mvRestrictions) throws
RepositoryException {
if (privileges == null || privileges.length == 0) {
throw new AccessControlException("Privileges may not be null nor
an empty array");
}
@@ -114,13 +114,21 @@ abstract class ACL extends AbstractAcces
}
Set<Restriction> rs;
- if (restrictions == null) {
+ if (restrictions == null && mvRestrictions == null) {
rs = Collections.emptySet();
} else {
- rs = new HashSet<Restriction>(restrictions.size());
- for (String jcrName : restrictions.keySet()) {
- String oakName = getNamePathMapper().getOakName(jcrName);
-
rs.add(getRestrictionProvider().createRestriction(getOakPath(), oakName,
restrictions.get(oakName)));
+ rs = new HashSet<Restriction>();
+ if (restrictions != null) {
+ for (String jcrName : restrictions.keySet()) {
+ String oakName = getNamePathMapper().getOakName(jcrName);
+
rs.add(getRestrictionProvider().createRestriction(getOakPath(), oakName,
restrictions.get(oakName)));
+ }
+ }
+ if (mvRestrictions != null) {
+ for (String jcrName : mvRestrictions.keySet()) {
+ String oakName = getNamePathMapper().getOakName(jcrName);
+
rs.add(getRestrictionProvider().createRestriction(getOakPath(), oakName,
mvRestrictions.get(oakName)));
+ }
}
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlList.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlList.java?rev=1537553&r1=1537552&r2=1537553&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlList.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlList.java
Thu Oct 31 16:54:20 2013
@@ -20,6 +20,7 @@ import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
+import java.util.Map;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
@@ -27,6 +28,7 @@ import javax.jcr.PropertyType;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
import com.google.common.base.Function;
@@ -131,4 +133,9 @@ public abstract class AbstractAccessCont
public boolean addEntry(Principal principal, Privilege[] privileges,
boolean isAllow) throws RepositoryException {
return addEntry(principal, privileges, isAllow, Collections.<String,
Value>emptyMap());
}
+
+ @Override
+ public boolean addEntry(Principal principal, Privilege[] privileges,
boolean isAllow, Map<String, Value> restrictions) throws
AccessControlException, RepositoryException {
+ return addEntry(principal, privileges, isAllow, restrictions, null);
+ }
}
\ No newline at end of file
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACL.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACL.java?rev=1537553&r1=1537552&r2=1537553&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACL.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACL.java
Thu Oct 31 16:54:20 2013
@@ -76,6 +76,11 @@ public class ImmutableACL extends Abstra
}
@Override
+ public boolean addEntry(Principal principal, Privilege[] privileges,
boolean isAllow, Map<String, Value> restrictions, Map<String, Value[]>
mvRestrictions) throws AccessControlException {
+ throw new AccessControlException("Immutable ACL. Use
AccessControlManager#getPolicy or #getApplicablePolicies in order to obtain an
modifiable ACL.");
+ }
+
+ @Override
public void orderBefore(AccessControlEntry srcEntry, AccessControlEntry
destEntry) throws AccessControlException {
throw new AccessControlException("Immutable ACL. Use
AccessControlManager#getPolicy or #getApplicablePolicy in order to obtain a
modifiable ACL.");
}
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java?rev=1537553&r1=1537552&r2=1537553&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
Thu Oct 31 16:54:20 2013
@@ -30,12 +30,15 @@ import javax.annotation.Nullable;
import javax.jcr.PropertyType;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
+import javax.jcr.ValueFactory;
+import javax.jcr.ValueFormatException;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
+import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
@@ -640,6 +643,31 @@ public class ACLTest extends AbstractAcc
}
@Test
+ public void testMvRestrictions() throws Exception {
+
+ ValueFactory vf = getValueFactory();
+ Value[] vs = new Value[] {
+ vf.createValue(JcrConstants.NT_FILE, PropertyType.NAME),
+ vf.createValue(JcrConstants.NT_FOLDER, PropertyType.NAME)
+ };
+ Map<String, Value[]> mvRestrictions =
Collections.singletonMap(REP_NT_NAMES, vs);
+ Map<String, Value> restrictions = Collections.singletonMap(REP_GLOB,
vf.createValue("/.*"));
+
+ assertTrue(acl.addEntry(testPrincipal, testPrivileges, false,
restrictions, mvRestrictions));
+ assertFalse(acl.addEntry(testPrincipal, testPrivileges, false,
restrictions, mvRestrictions));
+ assertEquals(1, acl.getAccessControlEntries().length);
+ JackrabbitAccessControlEntry ace = (JackrabbitAccessControlEntry)
acl.getAccessControlEntries()[0];
+ try {
+ ace.getRestriction(REP_NT_NAMES);
+ fail();
+ } catch (ValueFormatException e) {
+ // success
+ }
+ Value[] vvs = ace.getRestrictions(REP_NT_NAMES);
+ assertArrayEquals(vs, vvs);
+ }
+
+ @Test
public void testUnsupportedRestrictions() throws Exception {
Map<String, Value> restrictions =
Collections.singletonMap("unknownRestriction",
getValueFactory().createValue("value"));
try {
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACLTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACLTest.java?rev=1537553&r1=1537552&r2=1537553&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACLTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/ImmutableACLTest.java
Thu Oct 31 16:54:20 2013
@@ -86,6 +86,13 @@ public class ImmutableACLTest extends Ab
// success
}
+ try {
+ acl.addEntry(testPrincipal, testPrivileges, false,
Collections.<String, Value>emptyMap(), Collections.<String, Value[]>emptyMap());
+ fail(msg);
+ } catch (AccessControlException e) {
+ // success
+ }
+
AccessControlEntry[] entries = acl.getAccessControlEntries();
if (entries.length > 1) {
try {
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/TestACL.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/TestACL.java?rev=1537553&r1=1537552&r2=1537553&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/TestACL.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/TestACL.java
Thu Oct 31 16:54:20 2013
@@ -21,8 +21,10 @@ import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.annotation.Nonnull;
+import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.security.AccessControlEntry;
+import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
import com.google.common.collect.Lists;
@@ -67,6 +69,11 @@ public final class TestACL extends Abstr
}
@Override
+ public boolean addEntry(Principal principal, Privilege[] privileges,
boolean isAllow, Map<String, Value> restrictions, Map<String, Value[]>
mvRestrictions) throws AccessControlException, RepositoryException {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
public void orderBefore(AccessControlEntry srcEntry, AccessControlEntry
destEntry) {
throw new UnsupportedOperationException();
}
Modified: jackrabbit/oak/trunk/oak-parent/pom.xml
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-parent/pom.xml?rev=1537553&r1=1537552&r2=1537553&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-parent/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-parent/pom.xml Thu Oct 31 16:54:20 2013
@@ -40,7 +40,7 @@
<project.reporting.outputEncoding>
${project.build.sourceEncoding}
</project.reporting.outputEncoding>
- <jackrabbit.version>2.7.1</jackrabbit.version>
+ <jackrabbit.version>2.8-SNAPSHOT</jackrabbit.version>
<mongo.host>127.0.0.1</mongo.host>
<mongo.port>27017</mongo.port>
<mongo.db>MongoMKDB</mongo.db>
