Author: angela
Date: Tue Nov 5 11:14:35 2013
New Revision: 1538944
URL: http://svn.apache.org/r1538944
Log:
OAK-51 : Access Control Management (minor improvement)
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlManagementTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java?rev=1538944&r1=1538943&r2=1538944&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACL.java
Tue Nov 5 11:14:35 2013
@@ -52,25 +52,25 @@ abstract class ACL extends AbstractAcces
private final List<ACE> entries = new ArrayList<ACE>();
- ACL(@Nullable String oakPath, @Nonnull NamePathMapper namePathMapper) {
- this(oakPath, null, namePathMapper);
- }
+ private final PrincipalManager principalManager;
+ private final PrivilegeManager privilegeManager;
+ private final PrivilegeBitsProvider privilegeBitsProvider;
ACL(@Nullable String oakPath, @Nullable List<ACE> entries,
- @Nonnull NamePathMapper namePathMapper) {
+ @Nonnull NamePathMapper namePathMapper,
+ @Nonnull PrincipalManager principalManager,
+ @Nonnull PrivilegeManager privilegeManager,
+ @Nonnull PrivilegeBitsProvider privilegeBitsProvider) {
super(oakPath, namePathMapper);
if (entries != null) {
this.entries.addAll(entries);
}
+ this.principalManager = principalManager;
+ this.privilegeManager = privilegeManager;
+ this.privilegeBitsProvider = privilegeBitsProvider;
}
- abstract PrincipalManager getPrincipalManager();
-
- abstract PrivilegeManager getPrivilegeManager();
-
- abstract PrivilegeBitsProvider getPrivilegeBitsProvider();
-
- abstract ACE createACE(Principal principal, PrivilegeBits privilegeBits,
boolean isAllow, Set<Restriction> restrictions, NamePathMapper namePathMapper)
throws RepositoryException;
+ abstract ACE createACE(Principal principal, PrivilegeBits privilegeBits,
boolean isAllow, Set<Restriction> restrictions) throws RepositoryException;
//------------------------------------------< AbstractAccessControlList
>---
@Nonnull
@@ -98,13 +98,13 @@ abstract class ACL extends AbstractAcces
throw new AccessControlException("Privileges may not be null nor
an empty array");
}
for (Privilege p : privileges) {
- Privilege pv = getPrivilegeManager().getPrivilege(p.getName());
+ Privilege pv = privilegeManager.getPrivilege(p.getName());
if (pv.isAbstract()) {
throw new AccessControlException("Privilege " + p + " is
abstract.");
}
}
- Util.checkValidPrincipal(principal, getPrincipalManager());
+ Util.checkValidPrincipal(principal, principalManager);
for (RestrictionDefinition def :
getRestrictionProvider().getSupportedRestrictions(getOakPath())) {
String jcrName = getNamePathMapper().getJcrName(def.getName());
@@ -132,7 +132,7 @@ abstract class ACL extends AbstractAcces
}
}
- ACE entry = createACE(principal, getPrivilegeBits(privileges),
isAllow, rs, getNamePathMapper());
+ ACE entry = createACE(principal, getPrivilegeBits(privileges),
isAllow, rs);
if (entries.contains(entry)) {
log.debug("Entry is already contained in policy -> no
modification.");
return false;
@@ -239,10 +239,10 @@ abstract class ACL extends AbstractAcces
}
private ACE createACE(@Nonnull ACE existing, @Nonnull PrivilegeBits
newPrivilegeBits) throws RepositoryException {
- return createACE(existing.getPrincipal(), newPrivilegeBits,
existing.isAllow(), existing.getRestrictions(), getNamePathMapper());
+ return createACE(existing.getPrincipal(), newPrivilegeBits,
existing.isAllow(), existing.getRestrictions());
}
private PrivilegeBits getPrivilegeBits(Privilege[] privileges) {
- return getPrivilegeBitsProvider().getBits(privileges,
getNamePathMapper());
+ return privilegeBitsProvider.getBits(privileges, getNamePathMapper());
}
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java?rev=1538944&r1=1538943&r2=1538944&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java
Tue Nov 5 11:14:35 2013
@@ -696,11 +696,11 @@ public class AccessControlManagerImpl im
private class NodeACL extends ACL {
NodeACL(@Nullable String oakPath) {
- super(oakPath, namePathMapper);
+ this(oakPath, null);
}
NodeACL(@Nullable String oakPath, @Nullable List<ACE> entries) {
- super(oakPath, entries, namePathMapper);
+ super(oakPath, entries, namePathMapper, principalManager,
privilegeManager, bitsProvider);
}
@Nonnull
@@ -710,23 +710,8 @@ public class AccessControlManagerImpl im
}
@Override
- PrincipalManager getPrincipalManager() {
- return principalManager;
- }
-
- @Override
- PrivilegeManager getPrivilegeManager() {
- return privilegeManager;
- }
-
- @Override
- PrivilegeBitsProvider getPrivilegeBitsProvider() {
- return bitsProvider;
- }
-
- @Override
- ACE createACE(Principal principal, PrivilegeBits privilegeBits,
boolean isAllow, Set<Restriction> restrictions, NamePathMapper namePathMapper)
throws RepositoryException {
- return new Entry(principal, privilegeBits, isAllow, restrictions,
namePathMapper);
+ ACE createACE(Principal principal, PrivilegeBits privilegeBits,
boolean isAllow, Set<Restriction> restrictions) throws RepositoryException {
+ return new Entry(principal, privilegeBits, isAllow, restrictions,
getNamePathMapper());
}
@Override
@@ -760,7 +745,7 @@ public class AccessControlManagerImpl im
private PrincipalACL(@Nullable String oakPath, @Nonnull Principal
principal,
@Nullable List<ACE> entries,
@Nonnull RestrictionProvider restrictionProvider)
{
- super(oakPath, entries, namePathMapper);
+ super(oakPath, entries, namePathMapper, principalManager,
privilegeManager, bitsProvider);
this.principal = principal;
rProvider = restrictionProvider;
}
@@ -772,23 +757,8 @@ public class AccessControlManagerImpl im
}
@Override
- PrincipalManager getPrincipalManager() {
- return principalManager;
- }
-
- @Override
- PrivilegeManager getPrivilegeManager() {
- return privilegeManager;
- }
-
- @Override
- PrivilegeBitsProvider getPrivilegeBitsProvider() {
- return bitsProvider;
- }
-
- @Override
- ACE createACE(Principal principal, PrivilegeBits privilegeBits,
boolean isAllow, Set<Restriction> restrictions, NamePathMapper namePathMapper)
throws RepositoryException {
- return new Entry(principal, privilegeBits, isAllow, restrictions,
namePathMapper);
+ ACE createACE(Principal principal, PrivilegeBits privilegeBits,
boolean isAllow, Set<Restriction> restrictions) throws RepositoryException {
+ return new Entry(principal, privilegeBits, isAllow, restrictions,
getNamePathMapper());
}
@Override
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java?rev=1538944&r1=1538943&r2=1538944&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
Tue Nov 5 11:14:35 2013
@@ -58,7 +58,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.junit.Before;
import org.junit.Test;
@@ -101,29 +100,14 @@ public class ACLTest extends AbstractAcc
@Nonnull NamePathMapper
namePathMapper,
final @Nonnull
RestrictionProvider restrictionProvider) {
String path = (jcrPath == null) ? null :
namePathMapper.getOakPathKeepIndex(jcrPath);
- return new ACL(path, entries, namePathMapper) {
+ return new ACL(path, entries, namePathMapper, principalManager,
privilegeManager, getBitsProvider()) {
@Override
public RestrictionProvider getRestrictionProvider() {
return restrictionProvider;
}
@Override
- PrincipalManager getPrincipalManager() {
- return principalManager;
- }
-
- @Override
- PrivilegeManager getPrivilegeManager() {
- return privilegeManager;
- }
-
- @Override
- PrivilegeBitsProvider getPrivilegeBitsProvider() {
- return getBitsProvider();
- }
-
- @Override
- ACE createACE(Principal principal, PrivilegeBits privilegeBits,
boolean isAllow, Set<Restriction> restrictions, NamePathMapper namePathMapper)
throws RepositoryException {
+ ACE createACE(Principal principal, PrivilegeBits privilegeBits,
boolean isAllow, Set<Restriction> restrictions) throws RepositoryException {
return createEntry(principal, privilegeBits, isAllow,
restrictions);
}
};
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java?rev=1538944&r1=1538943&r2=1538944&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java
Tue Nov 5 11:14:35 2013
@@ -50,7 +50,6 @@ import org.apache.jackrabbit.JcrConstant
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
-import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.oak.TestNameMapper;
import org.apache.jackrabbit.oak.api.ContentSession;
@@ -71,7 +70,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
-import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.oak.util.TreeUtil;
@@ -178,24 +176,10 @@ public class AccessControlManagerImplTes
private ACL createPolicy(@Nullable String path) {
final PrincipalManager pm = getPrincipalManager(root);
final RestrictionProvider rp = getRestrictionProvider();
- return new ACL(path, getNamePathMapper()) {
- @Override
- PrincipalManager getPrincipalManager() {
- return pm;
- }
-
- @Override
- PrivilegeManager getPrivilegeManager() {
- return
AccessControlManagerImplTest.this.getPrivilegeManager(root);
- }
-
- @Override
- PrivilegeBitsProvider getPrivilegeBitsProvider() {
- return new PrivilegeBitsProvider(root);
- }
+ return new ACL(path, null, getNamePathMapper(), pm,
AccessControlManagerImplTest.this.getPrivilegeManager(root), getBitsProvider())
{
@Override
- ACE createACE(Principal principal, PrivilegeBits privilegeBits,
boolean isAllow, Set<Restriction> restrictions, NamePathMapper namePathMapper)
throws RepositoryException {
+ ACE createACE(Principal principal, PrivilegeBits privilegeBits,
boolean isAllow, Set<Restriction> restrictions) {
throw new UnsupportedOperationException();
}
Modified:
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlManagementTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlManagementTest.java?rev=1538944&r1=1538943&r2=1538944&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlManagementTest.java
(original)
+++
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/authorization/AccessControlManagementTest.java
Tue Nov 5 11:14:35 2013
@@ -33,7 +33,6 @@ import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.util.Text;
-import org.junit.Ignore;
import org.junit.Test;
/**
