Author: jukka
Date: Tue Jan 14 18:51:27 2014
New Revision: 1558161
URL: http://svn.apache.org/r1558161
Log:
OAK-519: Migration of custom jr2.x privileges into OAK
Merge PrivilegeMigrator into RepositoryUpgrade
Removed:
jackrabbit/oak/trunk/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/security/PrivilegeMigrator.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java
jackrabbit/oak/trunk/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgrade.java
jackrabbit/oak/trunk/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgradeTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java?rev=1558161&r1=1558160&r2=1558161&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeDefinitionWriter.java
Tue Jan 14 18:51:27 2014
@@ -42,7 +42,7 @@ import org.apache.jackrabbit.oak.util.No
* PrivilegeDefinitionWriter is responsible for writing privilege definitions
* to the repository without applying any validation checks.
*/
-public class PrivilegeDefinitionWriter implements PrivilegeConstants {
+class PrivilegeDefinitionWriter implements PrivilegeConstants {
/**
* The internal names of all built-in privileges that are not aggregates.
@@ -71,14 +71,14 @@ public class PrivilegeDefinitionWriter i
private PrivilegeBits next;
- public PrivilegeDefinitionWriter(Root root) {
+ PrivilegeDefinitionWriter(Root root) {
this.root = root;
this.bitsMgr = new PrivilegeBitsProvider(root);
Tree privilegesTree = bitsMgr.getPrivilegesTree();
if (privilegesTree.exists() && privilegesTree.hasProperty(REP_NEXT)) {
next = PrivilegeBits.getInstance(privilegesTree);
} else {
- next = PrivilegeBits.BUILT_IN.get(REP_USER_MANAGEMENT).nextBits();
+ next = PrivilegeBits.NEXT_AFTER_BUILT_INS;
}
}
@@ -88,7 +88,7 @@ public class PrivilegeDefinitionWriter i
* @param definition The new privilege definition.
* @throws RepositoryException If the definition can't be written.
*/
- public void writeDefinition(PrivilegeDefinition definition) throws
RepositoryException {
+ void writeDefinition(PrivilegeDefinition definition) throws
RepositoryException {
writeDefinitions(Collections.singleton(definition));
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java?rev=1558161&r1=1558160&r2=1558161&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/privilege/PrivilegeBits.java
Tue Jan 14 18:51:27 2014
@@ -94,6 +94,9 @@ public final class PrivilegeBits impleme
BUILT_IN.put(REP_WRITE, PrivilegeBits.getInstance(WRITE2));
}
+ public static PrivilegeBits NEXT_AFTER_BUILT_INS =
+ getInstance(USER_MNGMT).nextBits();
+
private final Data d;
/**
Modified:
jackrabbit/oak/trunk/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgrade.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgrade.java?rev=1558161&r1=1558160&r2=1558161&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgrade.java
(original)
+++
jackrabbit/oak/trunk/oak-upgrade/src/main/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgrade.java
Tue Jan 14 18:51:27 2014
@@ -27,6 +27,7 @@ import java.util.Set;
import javax.jcr.NamespaceException;
import javax.jcr.NamespaceRegistry;
import javax.jcr.RepositoryException;
+import javax.jcr.security.Privilege;
import javax.jcr.version.OnParentVersionAction;
import org.apache.jackrabbit.core.NamespaceRegistryImpl;
@@ -36,6 +37,7 @@ import org.apache.jackrabbit.core.fs.Fil
import org.apache.jackrabbit.core.fs.FileSystemException;
import org.apache.jackrabbit.core.nodetype.NodeTypeRegistry;
import org.apache.jackrabbit.core.persistence.PersistenceManager;
+import org.apache.jackrabbit.core.security.authorization.PrivilegeRegistry;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.index.CompositeIndexEditorProvider;
@@ -50,6 +52,7 @@ import org.apache.jackrabbit.oak.spi.com
import org.apache.jackrabbit.oak.spi.commit.CompositeEditorProvider;
import org.apache.jackrabbit.oak.spi.commit.CompositeHook;
import org.apache.jackrabbit.oak.spi.commit.EditorHook;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.state.ChildNodeEntry;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.oak.spi.state.NodeState;
@@ -107,6 +110,13 @@ import static org.apache.jackrabbit.oak.
import static
org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants.JCR_IS_QUERYABLE;
import static
org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants.JCR_IS_QUERY_ORDERABLE;
import static
org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants.JCR_NODE_TYPES;
+import static
org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.NT_REP_PRIVILEGE;
+import static
org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.NT_REP_PRIVILEGES;
+import static
org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_AGGREGATES;
+import static
org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_BITS;
+import static
org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_IS_ABSTRACT;
+import static
org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_NEXT;
+import static
org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants.REP_PRIVILEGES;
import static org.apache.jackrabbit.spi.commons.name.NameConstants.ANY_NAME;
public class RepositoryUpgrade {
@@ -379,8 +389,66 @@ public class RepositoryUpgrade {
return properties;
}
+ @SuppressWarnings("deprecation")
private void copyPrivileges(NodeBuilder root) throws RepositoryException {
- // TODO
+ PrivilegeRegistry registry = source.getPrivilegeRegistry();
+ NodeBuilder privileges = root.child(JCR_SYSTEM).child(REP_PRIVILEGES);
+ privileges.setProperty(JCR_PRIMARYTYPE, NT_REP_PRIVILEGES, NAME);
+
+ PrivilegeBits next = PrivilegeBits.NEXT_AFTER_BUILT_INS;
+
+ logger.info("Copying registered privileges");
+ for (Privilege privilege : registry.getRegisteredPrivileges()) {
+ String name = privilege.getName();
+ NodeBuilder def = privileges.child(name);
+ def.setProperty(JCR_PRIMARYTYPE, NT_REP_PRIVILEGE, NAME);
+
+ if (privilege.isAbstract()) {
+ def.setProperty(REP_IS_ABSTRACT, true);
+ }
+
+ Privilege[] aggregate = privilege.getDeclaredAggregatePrivileges();
+ if (aggregate.length > 0) {
+ List<String> names =
newArrayListWithCapacity(aggregate.length);
+ for (Privilege p : aggregate) {
+ names.add(p.getName());
+ }
+ def.setProperty(REP_AGGREGATES, names, NAMES);
+ }
+
+ PrivilegeBits bits = PrivilegeBits.BUILT_IN.get(name);
+ if (bits != null) {
+ def.setProperty(bits.asPropertyState(REP_BITS));
+ } else if (aggregate.length == 0) {
+ bits = next;
+ next = next.nextBits();
+ def.setProperty(bits.asPropertyState(REP_BITS));
+ }
+ }
+
+ privileges.setProperty(next.asPropertyState(REP_NEXT));
+
+ // resolve privilege bits also for all aggregates
+ for (String name : privileges.getChildNodeNames()) {
+ resolvePrivilegeBits(privileges, name);
+ }
+ }
+
+ private PrivilegeBits resolvePrivilegeBits(
+ NodeBuilder privileges, String name) {
+ NodeBuilder def = privileges.getChildNode(name);
+
+ PropertyState b = def.getProperty(REP_BITS);
+ if (b != null) {
+ return PrivilegeBits.getInstance(b);
+ }
+
+ PrivilegeBits bits = PrivilegeBits.getInstance();
+ for (String n : def.getNames(REP_AGGREGATES)) {
+ bits.add(resolvePrivilegeBits(privileges, n));
+ }
+ def.setProperty(bits.asPropertyState(REP_BITS));
+ return bits;
}
private void copyNodeTypes(NodeBuilder root) throws RepositoryException {
Modified:
jackrabbit/oak/trunk/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgradeTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgradeTest.java?rev=1558161&r1=1558160&r2=1558161&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgradeTest.java
(original)
+++
jackrabbit/oak/trunk/oak-upgrade/src/test/java/org/apache/jackrabbit/oak/upgrade/RepositoryUpgradeTest.java
Tue Jan 14 18:51:27 2014
@@ -35,13 +35,18 @@ import javax.jcr.Value;
import javax.jcr.nodetype.NodeType;
import javax.jcr.nodetype.NodeTypeManager;
import javax.jcr.nodetype.NodeTypeTemplate;
+import javax.jcr.security.Privilege;
+import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.JackrabbitWorkspace;
+import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.oak.plugins.index.IndexConstants;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.junit.Test;
import static junit.framework.Assert.assertEquals;
import static junit.framework.Assert.assertFalse;
+import static junit.framework.Assert.assertNotNull;
import static junit.framework.Assert.assertTrue;
public class RepositoryUpgradeTest extends AbstractRepositoryUpgradeTest {
@@ -60,17 +65,23 @@ public class RepositoryUpgradeTest exten
protected void createSourceContent(Repository repository) throws Exception
{
Session session = repository.login(CREDENTIALS);
try {
- NamespaceRegistry registry =
- session.getWorkspace().getNamespaceRegistry();
+ JackrabbitWorkspace workspace =
+ (JackrabbitWorkspace) session.getWorkspace();
+
+ NamespaceRegistry registry = workspace.getNamespaceRegistry();
registry.registerNamespace("test", "http://www.example.org/";);
- NodeTypeManager manager =
- session.getWorkspace().getNodeTypeManager();
- NodeTypeTemplate template = manager.createNodeTypeTemplate();
+ PrivilegeManager privilegeManager =
workspace.getPrivilegeManager();
+ privilegeManager.registerPrivilege("test:privilege", false, null);
+ privilegeManager.registerPrivilege(
+ "test:aggregate", false, new String[] { "jcr:read",
"test:privilege" });
+
+ NodeTypeManager nodeTypeManager = workspace.getNodeTypeManager();
+ NodeTypeTemplate template =
nodeTypeManager.createNodeTypeTemplate();
template.setName("test:unstructured");
template.setDeclaredSuperTypeNames(
new String[] { "nt:unstructured" });
- manager.registerNodeType(template, false);
+ nodeTypeManager.registerNodeType(template, false);
Node root = session.getRootNode();
@@ -136,6 +147,30 @@ public class RepositoryUpgradeTest exten
}
@Test
+ public void verifyCustomPrivileges() throws Exception {
+ JackrabbitSession session = createAdminSession();
+ try {
+ JackrabbitWorkspace workspace =
+ (JackrabbitWorkspace) session.getWorkspace();
+ PrivilegeManager manager = workspace.getPrivilegeManager();
+
+ Privilege privilege = manager.getPrivilege("test:privilege");
+ assertNotNull(privilege);
+ assertFalse(privilege.isAbstract());
+ assertFalse(privilege.isAggregate());
+ assertEquals(0, privilege.getDeclaredAggregatePrivileges().length);
+
+ Privilege aggregate = manager.getPrivilege("test:aggregate");
+ assertNotNull(aggregate);
+ assertFalse(aggregate.isAbstract());
+ assertTrue(aggregate.isAggregate());
+ assertEquals(2, aggregate.getDeclaredAggregatePrivileges().length);
+ } finally {
+ session.logout();
+ }
+ }
+
+ @Test
public void verifyCustomNodeTypes() throws Exception {
Session session = createAdminSession();
try {
