Author: tripod
Date: Fri Jan 31 01:00:13 2014
New Revision: 1563031
URL: http://svn.apache.org/r1563031
Log:
OAK-1377 Consolidate OsgiSecurityProvider and SecurityProviderImpl
Removed:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/osgi/OsgiSecurityProvider.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
jackrabbit/oak/trunk/oak-jcr/pom.xml
jackrabbit/oak/trunk/oak-sling/pom.xml
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java?rev=1563031&r1=1563030&r2=1563031&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
Fri Jan 31 01:00:13 2014
@@ -16,110 +16,277 @@
*/
package org.apache.jackrabbit.oak.security;
-import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+import org.apache.felix.scr.annotations.Activate;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Deactivate;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.ReferenceCardinality;
+import org.apache.felix.scr.annotations.ReferencePolicyOption;
+import org.apache.felix.scr.annotations.Service;
+import org.apache.jackrabbit.oak.osgi.OsgiWhiteboard;
import
org.apache.jackrabbit.oak.security.authentication.AuthenticationConfigurationImpl;
import
org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl;
import
org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl;
import org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeConfigurationImpl;
import org.apache.jackrabbit.oak.security.user.UserConfigurationImpl;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import
org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration;
+import
org.apache.jackrabbit.oak.spi.security.authentication.token.CompositeTokenConfiguration;
import
org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration;
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
+import
org.apache.jackrabbit.oak.spi.security.principal.CompositePrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
+import org.apache.jackrabbit.oak.spi.security.user.AuthorizableNodeName;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
+import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
+import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
+import
org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardAuthorizableActionProvider;
+import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardRestrictionProvider;
+import org.osgi.framework.ServiceReference;
+import org.osgi.service.component.ComponentContext;
-public class SecurityProviderImpl implements SecurityProvider {
+import com.google.common.collect.ImmutableMap;
- private final ConfigurationParameters configuration;
+@Component(immediate = true)
+@Service
+public class SecurityProviderImpl implements SecurityProvider {
- // we only need 1 instance of authorization config.
- // todo: maybe provide general mechanism to singletons of configs
+ @Reference(bind = "bindAuthorizationConfiguration",
+ cardinality = ReferenceCardinality.MANDATORY_UNARY, // FIXME
OAK-1268
+ policyOption = ReferencePolicyOption.GREEDY)
private AuthorizationConfiguration authorizationConfiguration;
+ @Reference(bind = "bindAuthenticationConfiguration",
+ cardinality = ReferenceCardinality.MANDATORY_UNARY,
+ policyOption = ReferencePolicyOption.GREEDY)
+ private AuthenticationConfiguration authenticationConfiguration;
+
+ @Reference(bind = "bindPrivilegeConfiguration",
+ cardinality = ReferenceCardinality.MANDATORY_UNARY,
+ policyOption = ReferencePolicyOption.GREEDY)
+ private PrivilegeConfiguration privilegeConfiguration;
+
+ @Reference(bind = "bindUserConfiguration",
+ cardinality = ReferenceCardinality.MANDATORY_UNARY,
+ policyOption = ReferencePolicyOption.GREEDY)
+ private UserConfiguration userConfiguration;
+
+ @Reference(referenceInterface = PrincipalConfiguration.class,
+ bind = "bindPrincipalConfiguration",
+ unbind = "unbindPrincipalConfiguration",
+ cardinality = ReferenceCardinality.MANDATORY_MULTIPLE,
+ policyOption = ReferencePolicyOption.GREEDY)
+ private PrincipalConfiguration principalConfiguration = new
CompositePrincipalConfiguration(this);
+
+ @Reference(referenceInterface = TokenConfiguration.class,
+ bind = "bindTokenConfiguration",
+ unbind = "unbindTokenConfiguration",
+ cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE,
+ policyOption = ReferencePolicyOption.GREEDY)
+ private TokenConfiguration tokenConfiguration = new
CompositeTokenConfiguration(this);
+
+ @Reference(referenceInterface = AuthorizableNodeName.class,
+ bind = "bindAuthorizableNodeName",
+ cardinality = ReferenceCardinality.OPTIONAL_UNARY,
+ policyOption = ReferencePolicyOption.GREEDY)
+ private NameGenerator authorizableNodeName = new NameGenerator();
+
+ private final WhiteboardAuthorizableActionProvider
authorizableActionProvider = new WhiteboardAuthorizableActionProvider();
+ private final WhiteboardRestrictionProvider restrictionProvider = new
WhiteboardRestrictionProvider();
+
+ private ConfigurationParameters configuration;
+
+ /**
+ * Default constructor used in OSGi environments.
+ */
public SecurityProviderImpl() {
this(ConfigurationParameters.EMPTY);
}
+ /**
+ * Constructor used for non OSGi environments.
+ * @param configuration security configuration
+ */
public SecurityProviderImpl(ConfigurationParameters configuration) {
this.configuration = configuration;
+
+ authenticationConfiguration = new
AuthenticationConfigurationImpl(this);
+ authorizationConfiguration = new AuthorizationConfigurationImpl(this);
+ userConfiguration = new UserConfigurationImpl(this);
+ principalConfiguration = new PrincipalConfigurationImpl(this);
+ privilegeConfiguration = new PrivilegeConfigurationImpl();
+ tokenConfiguration = new TokenConfigurationImpl(this);
}
@Nonnull
@Override
- public ConfigurationParameters getParameters(String name) {
- return (name == null) ? configuration :
configuration.getConfigValue(name, ConfigurationParameters.EMPTY);
+ public ConfigurationParameters getParameters(@Nullable String name) {
+ if (name == null) {
+ return configuration;
+ }
+ ConfigurationParameters params = configuration.getConfigValue(name,
ConfigurationParameters.EMPTY);
+ for (SecurityConfiguration sc : getConfigurations()) {
+ if (sc != null && sc.getName().equals(name)) {
+ return ConfigurationParameters.of(params, sc.getParameters());
+ }
+ }
+ return params;
}
@Nonnull
@Override
public Iterable<? extends SecurityConfiguration> getConfigurations() {
- return Arrays.asList(
- getAuthenticationConfiguration(),
- getAuthorizationConfiguration(),
- getUserConfiguration(),
- getPrincipalConfiguration(),
- getPrivilegeConfiguration(),
- getTokenConfiguration());
+ Set<SecurityConfiguration> scs = new HashSet<SecurityConfiguration>();
+ scs.add(authenticationConfiguration);
+ scs.add(authorizationConfiguration);
+ scs.add(userConfiguration);
+ scs.add(principalConfiguration);
+ scs.add(privilegeConfiguration);
+ scs.add(tokenConfiguration);
+ return scs;
}
+ @SuppressWarnings("unchecked")
@Nonnull
@Override
- public <T> T getConfiguration(Class<T> configClass) {
+ public <T> T getConfiguration(@Nonnull Class<T> configClass) {
if (AuthenticationConfiguration.class == configClass) {
- return (T) getAuthenticationConfiguration();
+ return (T) authenticationConfiguration;
} else if (AuthorizationConfiguration.class == configClass) {
- return (T) getAuthorizationConfiguration();
+ return (T) authorizationConfiguration;
} else if (UserConfiguration.class == configClass) {
- return (T) getUserConfiguration();
+ return (T) userConfiguration;
} else if (PrincipalConfiguration.class == configClass) {
- return (T) getPrincipalConfiguration();
+ return (T) principalConfiguration;
} else if (PrivilegeConfiguration.class == configClass) {
- return (T) getPrivilegeConfiguration();
+ return (T) privilegeConfiguration;
} else if (TokenConfiguration.class == configClass) {
- return (T) getTokenConfiguration();
+ return (T) tokenConfiguration;
} else {
throw new IllegalArgumentException("Unsupported security
configuration class " + configClass);
}
}
- @Nonnull
- private AuthenticationConfiguration getAuthenticationConfiguration() {
- return new AuthenticationConfigurationImpl(this);
+ @Activate
+ protected void activate(ComponentContext context) throws Exception {
+ Whiteboard whiteboard = new OsgiWhiteboard(context.getBundleContext());
+ authorizableActionProvider.start(whiteboard);
+ restrictionProvider.start(whiteboard);
}
- @Nonnull
- private AuthorizationConfiguration getAuthorizationConfiguration() {
- if (authorizationConfiguration == null) {
- authorizationConfiguration = new
AuthorizationConfigurationImpl(this);
+ @Deactivate
+ protected void deactivate() throws Exception {
+ authorizableActionProvider.stop();
+ restrictionProvider.stop();
+ }
+
+ protected void bindAuthorizationConfiguration(@Nonnull ServiceReference
reference) {
+ // also initialize authorization config specific default parameters or
OSGi environments
+ Map<String, WhiteboardRestrictionProvider> authorizMap =
ImmutableMap.of(
+ AccessControlConstants.PARAM_RESTRICTION_PROVIDER,
restrictionProvider
+ );
+ Map<String, Object> newConfig = new HashMap<String,
Object>(configuration);
+ newConfig.put(AuthorizationConfiguration.NAME,
ConfigurationParameters.of(authorizMap));
+ configuration = ConfigurationParameters.of(newConfig);
+
+ authorizationConfiguration = (AuthorizationConfiguration)
initConfiguration(reference);
+ }
+
+ protected void bindAuthenticationConfiguration(@Nonnull ServiceReference
reference) {
+ authenticationConfiguration = (AuthenticationConfiguration)
initConfiguration(reference);
+ }
+
+ protected void bindUserConfiguration(@Nonnull ServiceReference reference) {
+ // also initialize user config specific default parameters or OSGi
environments
+ Map<String, Object> userMap = ImmutableMap.of(
+ UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER,
authorizableActionProvider,
+ UserConstants.PARAM_AUTHORIZABLE_NODE_NAME,
authorizableNodeName);
+
+ Map<String, Object> newConfig = new HashMap<String,
Object>(configuration);
+ newConfig.put(UserConfiguration.NAME,
ConfigurationParameters.of(userMap));
+ configuration = ConfigurationParameters.of(newConfig);
+
+ userConfiguration = (UserConfiguration) initConfiguration(reference);
+ }
+
+ protected void bindPrivilegeConfiguration(@Nonnull ServiceReference
reference) {
+ privilegeConfiguration = (PrivilegeConfiguration)
initConfiguration(reference);
+ }
+
+ protected void bindPrincipalConfiguration(@Nonnull ServiceReference
reference) {
+ // replace composite configuration if needed
+ if (!(principalConfiguration instanceof
CompositePrincipalConfiguration)) {
+ principalConfiguration = new CompositePrincipalConfiguration(this);
}
- return authorizationConfiguration;
+ ((CompositePrincipalConfiguration)
principalConfiguration).addConfiguration(
+ (PrincipalConfiguration) initConfiguration(reference));
}
- @Nonnull
- private PrivilegeConfiguration getPrivilegeConfiguration() {
- return new PrivilegeConfigurationImpl();
+ protected void unbindPrincipalConfiguration(@Nonnull ServiceReference
reference) {
+ Object pc =
reference.getBundle().getBundleContext().getService(reference);
+ if (pc instanceof PrincipalConfiguration) {
+ if (principalConfiguration instanceof
CompositePrincipalConfiguration) {
+ ((CompositePrincipalConfiguration)
principalConfiguration).removeConfiguration((PrincipalConfiguration) pc);
+ }
+ }
}
- @Nonnull
- private UserConfiguration getUserConfiguration() {
- return new UserConfigurationImpl(this);
+ protected void bindTokenConfiguration(@Nonnull ServiceReference reference)
{
+ // replace composite configuration if needed
+ if (!(tokenConfiguration instanceof CompositeTokenConfiguration)) {
+ tokenConfiguration = new CompositeTokenConfiguration(this);
+ }
+ ((CompositeTokenConfiguration) tokenConfiguration).addConfiguration(
+ (TokenConfiguration) initConfiguration(reference));
}
- @Nonnull
- private PrincipalConfiguration getPrincipalConfiguration() {
- return new PrincipalConfigurationImpl(this);
+ protected void unbindTokenConfiguration(@Nonnull ServiceReference
reference) {
+ Object tc =
reference.getBundle().getBundleContext().getService(reference);
+ if (tc instanceof TokenConfiguration) {
+ if (tokenConfiguration instanceof CompositeTokenConfiguration) {
+ ((CompositeTokenConfiguration)
tokenConfiguration).removeConfiguration((TokenConfiguration) tc);
+ }
+ }
}
- @Nonnull
- private TokenConfiguration getTokenConfiguration() {
- return new TokenConfigurationImpl(this);
+ protected void bindAuthorizableNodeName(@Nonnull ServiceReference
reference) {
+ Object ann =
reference.getBundle().getBundleContext().getService(reference);
+ if (ann instanceof AuthorizableNodeName) {
+ authorizableNodeName.dlg = (AuthorizableNodeName) ann;
+ }
}
+
+ private Object initConfiguration(@Nonnull ServiceReference reference) {
+ Object service =
reference.getBundle().getBundleContext().getService(reference);
+ if (service instanceof ConfigurationBase) {
+ ((ConfigurationBase) service).setSecurityProvider(this);
+ }
+ return service;
+ }
+
+ private final class NameGenerator implements AuthorizableNodeName {
+
+ private AuthorizableNodeName dlg = AuthorizableNodeName.DEFAULT;
+
+ @Nonnull
+ @Override
+ public String generateNodeName(@Nonnull String authorizableId) {
+ return dlg.generateNodeName(authorizableId);
+ }
+ }
+
}
Modified: jackrabbit/oak/trunk/oak-jcr/pom.xml
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/pom.xml?rev=1563031&r1=1563030&r2=1563031&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-jcr/pom.xml Fri Jan 31 01:00:13 2014
@@ -252,6 +252,12 @@
<artifactId>bndlib</artifactId>
<scope>provided</scope>
</dependency>
+ <dependency>
+ <!-- somehow the 1.6.0_65 compiler crashes on osx without this. -->
+ <groupId>org.apache.felix</groupId>
+ <artifactId>org.apache.felix.scr.annotations</artifactId>
+ <scope>provided</scope>
+ </dependency>
<dependency>
<groupId>javax.jcr</groupId>
Modified: jackrabbit/oak/trunk/oak-sling/pom.xml
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-sling/pom.xml?rev=1563031&r1=1563030&r2=1563031&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-sling/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-sling/pom.xml Fri Jan 31 01:00:13 2014
@@ -71,6 +71,12 @@
<scope>provided</scope>
<optional>true</optional>
</dependency>
+ <dependency>
+ <!-- somehow the 1.6.0_65 compiler crashes on osx without this. -->
+ <groupId>org.apache.felix</groupId>
+ <artifactId>org.apache.felix.scr.annotations</artifactId>
+ <scope>provided</scope>
+ </dependency>
<dependency>
<groupId>org.apache.jackrabbit</groupId>
