Author: chetanm
Date: Tue Mar 11 07:42:06 2014
New Revision: 1576209
URL: http://svn.apache.org/r1576209
Log:
OAK-1476 - Hardcoded SecurityProvider implementation in oak-jcr Activator
-- Refactored SecurityProviderImpl to use static references to various
configurations. This ensures a stable startup
-- Replaced the Activator in oak-jcr with RepositoryManager which is
responsible for registering the repository. This requires explicit config to be
enabled
Added:
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/osgi/RepositoryManager.java
(with props)
Removed:
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/osgi/Activator.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
jackrabbit/oak/trunk/oak-jcr/pom.xml
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java?rev=1576209&r1=1576208&r2=1576209&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/SecurityProviderImpl.java
Tue Mar 11 07:42:06 2014
@@ -56,56 +56,48 @@ import org.apache.jackrabbit.oak.spi.whi
import
org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardAuthorizableActionProvider;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardAware;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardRestrictionProvider;
-import org.osgi.framework.ServiceReference;
-import org.osgi.service.component.ComponentContext;
+import org.osgi.framework.BundleContext;
import com.google.common.collect.ImmutableMap;
import static com.google.common.base.Preconditions.checkNotNull;
-@Component(immediate = true)
-@Service
+@Component
+@Service(value = {SecurityProvider.class})
public class SecurityProviderImpl implements SecurityProvider, WhiteboardAware
{
- @Reference(bind = "bindAuthorizationConfiguration",
- cardinality = ReferenceCardinality.MANDATORY_UNARY, // FIXME
OAK-1268
- policyOption = ReferencePolicyOption.GREEDY)
- private AuthorizationConfiguration authorizationConfiguration;
+ @Reference
+ private volatile AuthorizationConfiguration authorizationConfiguration;
- @Reference(bind = "bindAuthenticationConfiguration",
- cardinality = ReferenceCardinality.MANDATORY_UNARY,
- policyOption = ReferencePolicyOption.GREEDY)
- private AuthenticationConfiguration authenticationConfiguration;
+ @Reference
+ private volatile AuthenticationConfiguration authenticationConfiguration;
- @Reference(bind = "bindPrivilegeConfiguration",
- cardinality = ReferenceCardinality.MANDATORY_UNARY,
- policyOption = ReferencePolicyOption.GREEDY)
- private PrivilegeConfiguration privilegeConfiguration;
+ @Reference
+ private volatile PrivilegeConfiguration privilegeConfiguration;
- @Reference(bind = "bindUserConfiguration",
- cardinality = ReferenceCardinality.MANDATORY_UNARY,
- policyOption = ReferencePolicyOption.GREEDY)
- private UserConfiguration userConfiguration;
+ @Reference
+ private volatile UserConfiguration userConfiguration;
@Reference(referenceInterface = PrincipalConfiguration.class,
+ name = "principalConfiguration",
bind = "bindPrincipalConfiguration",
unbind = "unbindPrincipalConfiguration",
- cardinality = ReferenceCardinality.MANDATORY_MULTIPLE,
- policyOption = ReferencePolicyOption.GREEDY)
- private PrincipalConfiguration principalConfiguration = new
CompositePrincipalConfiguration(this);
+ cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE)
+ private final CompositePrincipalConfiguration
compositePrincipalConfiguration = new CompositePrincipalConfiguration(this);
@Reference(referenceInterface = TokenConfiguration.class,
+ name = "tokenConfiguration",
bind = "bindTokenConfiguration",
unbind = "unbindTokenConfiguration",
- cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE,
- policyOption = ReferencePolicyOption.GREEDY)
- private TokenConfiguration tokenConfiguration = new
CompositeTokenConfiguration(this);
+ cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE)
+ private final CompositeTokenConfiguration compositeTokenConfiguration =
new CompositeTokenConfiguration(this);
@Reference(referenceInterface = AuthorizableNodeName.class,
+ name = "authorizableNodeName",
bind = "bindAuthorizableNodeName",
cardinality = ReferenceCardinality.OPTIONAL_UNARY,
policyOption = ReferencePolicyOption.GREEDY)
- private NameGenerator authorizableNodeName = new NameGenerator();
+ private final NameGenerator nameGenerator = new NameGenerator();
private final WhiteboardAuthorizableActionProvider
authorizableActionProvider = new WhiteboardAuthorizableActionProvider();
private final WhiteboardRestrictionProvider restrictionProvider = new
WhiteboardRestrictionProvider();
@@ -132,9 +124,9 @@ public class SecurityProviderImpl implem
authenticationConfiguration = new
AuthenticationConfigurationImpl(this);
authorizationConfiguration = new AuthorizationConfigurationImpl(this);
userConfiguration = new UserConfigurationImpl(this);
- principalConfiguration = new PrincipalConfigurationImpl(this);
+ compositePrincipalConfiguration.addConfiguration(new
PrincipalConfigurationImpl(this));
privilegeConfiguration = new PrivilegeConfigurationImpl();
- tokenConfiguration = new TokenConfigurationImpl(this);
+ compositeTokenConfiguration.addConfiguration(new
TokenConfigurationImpl(this));
}
@Override
@@ -169,9 +161,9 @@ public class SecurityProviderImpl implem
scs.add(authenticationConfiguration);
scs.add(authorizationConfiguration);
scs.add(userConfiguration);
- scs.add(principalConfiguration);
+ scs.add(compositePrincipalConfiguration);
scs.add(privilegeConfiguration);
- scs.add(tokenConfiguration);
+ scs.add(compositeTokenConfiguration);
return scs;
}
@@ -186,21 +178,23 @@ public class SecurityProviderImpl implem
} else if (UserConfiguration.class == configClass) {
return (T) userConfiguration;
} else if (PrincipalConfiguration.class == configClass) {
- return (T) principalConfiguration;
+ return (T) compositePrincipalConfiguration;
} else if (PrivilegeConfiguration.class == configClass) {
return (T) privilegeConfiguration;
} else if (TokenConfiguration.class == configClass) {
- return (T) tokenConfiguration;
+ return (T) compositeTokenConfiguration;
} else {
throw new IllegalArgumentException("Unsupported security
configuration class " + configClass);
}
}
@Activate
- protected void activate(ComponentContext context) throws Exception {
- whiteboard = new OsgiWhiteboard(context.getBundleContext());
+ protected void activate(BundleContext context) throws Exception {
+ whiteboard = new OsgiWhiteboard(context);
authorizableActionProvider.start(whiteboard);
restrictionProvider.start(whiteboard);
+
+ initializeConfigurations();
}
@Deactivate
@@ -209,90 +203,58 @@ public class SecurityProviderImpl implem
restrictionProvider.stop();
}
- protected void bindAuthorizationConfiguration(@Nonnull ServiceReference
reference) {
- // also add authorization config specific default parameters for OSGi
environments
- // todo: the config class should track the 'restrictionProvider'
itself.
+ private void initializeConfigurations() {
Map<String, WhiteboardRestrictionProvider> authorizMap =
ImmutableMap.of(
AccessControlConstants.PARAM_RESTRICTION_PROVIDER,
restrictionProvider
);
- authorizationConfiguration =
- (AuthorizationConfiguration) initConfiguration(reference,
ConfigurationParameters.of(authorizMap));
- }
+ // also add authorization config specific default parameters for OSGi
environments
+ // todo: the config class should track the 'restrictionProvider'
itself.
+ initConfiguration(authorizationConfiguration,
ConfigurationParameters.of(authorizMap));
- protected void bindAuthenticationConfiguration(@Nonnull ServiceReference
reference) {
- authenticationConfiguration =
- (AuthenticationConfiguration) initConfiguration(reference,
ConfigurationParameters.EMPTY);
- }
+ initConfiguration(authenticationConfiguration,
ConfigurationParameters.EMPTY);
- protected void bindUserConfiguration(@Nonnull ServiceReference reference) {
// also initialize user config specific default parameters for OSGi
environments
// todo: the config class should track the 'providers' itself.
Map<String, Object> userMap = ImmutableMap.of(
UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER,
authorizableActionProvider,
- UserConstants.PARAM_AUTHORIZABLE_NODE_NAME,
authorizableNodeName);
- userConfiguration = (UserConfiguration) initConfiguration(reference,
ConfigurationParameters.of(userMap));
- }
+ UserConstants.PARAM_AUTHORIZABLE_NODE_NAME, nameGenerator);
+ initConfiguration(userConfiguration,
ConfigurationParameters.of(userMap));
- protected void bindPrivilegeConfiguration(@Nonnull ServiceReference
reference) {
- privilegeConfiguration = (PrivilegeConfiguration)
initConfiguration(reference, ConfigurationParameters.EMPTY);
+ initConfiguration(privilegeConfiguration,
ConfigurationParameters.EMPTY);
}
- protected void bindPrincipalConfiguration(@Nonnull ServiceReference
reference) {
- // replace composite configuration if needed
- if (!(principalConfiguration instanceof
CompositePrincipalConfiguration)) {
- principalConfiguration = new CompositePrincipalConfiguration(this);
- }
- ((CompositePrincipalConfiguration)
principalConfiguration).addConfiguration(
- (PrincipalConfiguration) initConfiguration(reference,
ConfigurationParameters.EMPTY));
+ protected void bindPrincipalConfiguration(@Nonnull PrincipalConfiguration
reference) {
+
compositePrincipalConfiguration.addConfiguration(initConfiguration(reference,
ConfigurationParameters.EMPTY));
}
- protected void unbindPrincipalConfiguration(@Nonnull ServiceReference
reference) {
- Object pc =
reference.getBundle().getBundleContext().getService(reference);
- if (pc instanceof PrincipalConfiguration) {
- if (principalConfiguration instanceof
CompositePrincipalConfiguration) {
- ((CompositePrincipalConfiguration)
principalConfiguration).removeConfiguration((PrincipalConfiguration) pc);
- }
- }
+ protected void unbindPrincipalConfiguration(@Nonnull
PrincipalConfiguration reference) {
+ compositePrincipalConfiguration.removeConfiguration(reference);
}
- protected void bindTokenConfiguration(@Nonnull ServiceReference reference)
{
- // replace composite configuration if needed
- if (!(tokenConfiguration instanceof CompositeTokenConfiguration)) {
- tokenConfiguration = new CompositeTokenConfiguration(this);
- }
- ((CompositeTokenConfiguration) tokenConfiguration).addConfiguration(
- (TokenConfiguration) initConfiguration(reference,
ConfigurationParameters.EMPTY));
+ protected void bindTokenConfiguration(@Nonnull TokenConfiguration
reference) {
+
compositeTokenConfiguration.addConfiguration(initConfiguration(reference,
ConfigurationParameters.EMPTY));
}
- protected void unbindTokenConfiguration(@Nonnull ServiceReference
reference) {
- Object tc =
reference.getBundle().getBundleContext().getService(reference);
- if (tc instanceof TokenConfiguration) {
- if (tokenConfiguration instanceof CompositeTokenConfiguration) {
- ((CompositeTokenConfiguration)
tokenConfiguration).removeConfiguration((TokenConfiguration) tc);
- }
- }
+ protected void unbindTokenConfiguration(@Nonnull TokenConfiguration
reference) {
+ compositeTokenConfiguration.removeConfiguration(reference);
}
- protected void bindAuthorizableNodeName(@Nonnull ServiceReference
reference) {
- Object ann =
reference.getBundle().getBundleContext().getService(reference);
- if (ann instanceof AuthorizableNodeName) {
- authorizableNodeName.dlg = (AuthorizableNodeName) ann;
- }
+ protected void bindAuthorizableNodeName(@Nonnull AuthorizableNodeName
reference) {
+ nameGenerator.dlg = reference;
}
- private Object initConfiguration(@Nonnull ServiceReference reference,
@Nonnull ConfigurationParameters params) {
- Object service =
reference.getBundle().getBundleContext().getService(reference);
- if (service instanceof ConfigurationBase) {
- ConfigurationBase cfg = (ConfigurationBase) service;
+ private <T extends SecurityConfiguration> T initConfiguration(@Nonnull T
config, @Nonnull ConfigurationParameters params) {
+ if (config instanceof ConfigurationBase) {
+ ConfigurationBase cfg = (ConfigurationBase) config;
cfg.setSecurityProvider(this);
cfg.setParameters(ConfigurationParameters.of(params,
cfg.getParameters()));
}
- return service;
+ return config;
}
private final class NameGenerator implements AuthorizableNodeName {
- private AuthorizableNodeName dlg = AuthorizableNodeName.DEFAULT;
+ private volatile AuthorizableNodeName dlg =
AuthorizableNodeName.DEFAULT;
@Nonnull
@Override
@@ -300,5 +262,4 @@ public class SecurityProviderImpl implem
return dlg.generateNodeName(authorizableId);
}
}
-
}
Modified: jackrabbit/oak/trunk/oak-jcr/pom.xml
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/pom.xml?rev=1576209&r1=1576208&r2=1576209&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-jcr/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-jcr/pom.xml Tue Mar 11 07:42:06 2014
@@ -154,15 +154,16 @@
<plugins>
<plugin>
<groupId>org.apache.felix</groupId>
+ <artifactId>maven-scr-plugin</artifactId>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<configuration>
<instructions>
<Export-Package>
org.apache.jackrabbit.oak.jcr
</Export-Package>
- <Bundle-Activator>
- org.apache.jackrabbit.oak.jcr.osgi.Activator
- </Bundle-Activator>
</instructions>
</configuration>
</plugin>
Added:
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/osgi/RepositoryManager.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/osgi/RepositoryManager.java?rev=1576209&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/osgi/RepositoryManager.java
(added)
+++
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/osgi/RepositoryManager.java
Tue Mar 11 07:42:06 2014
@@ -0,0 +1,115 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.jackrabbit.oak.jcr.osgi;
+
+import java.util.Properties;
+
+import javax.jcr.Repository;
+
+import org.apache.felix.scr.annotations.Activate;
+import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.ConfigurationPolicy;
+import org.apache.felix.scr.annotations.Deactivate;
+import org.apache.felix.scr.annotations.Reference;
+import org.apache.jackrabbit.oak.Oak;
+import org.apache.jackrabbit.oak.api.ContentRepository;
+import org.apache.jackrabbit.oak.osgi.OsgiWhiteboard;
+import org.apache.jackrabbit.oak.plugins.commit.JcrConflictHandler;
+import org.apache.jackrabbit.oak.plugins.nodetype.write.InitialContent;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import org.apache.jackrabbit.oak.spi.state.NodeStore;
+import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
+import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardEditorProvider;
+import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardExecutor;
+import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardIndexEditorProvider;
+import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardIndexProvider;
+import org.osgi.framework.BundleContext;
+import org.osgi.framework.ServiceRegistration;
+
+/**
+ * RepositoryManager constructs the Repository instance and registers it with
OSGi Service Registry.
+ * By default it would not be active and would require explicit configuration
to be registered so as
+ * create repository. This is done to prevent repository creation in scenarios
where repository needs
+ * to be configured in a custom way
+ */
+@Component(policy = ConfigurationPolicy.REQUIRE)
+public class RepositoryManager {
+
+ private final WhiteboardEditorProvider editorProvider =
+ new WhiteboardEditorProvider();
+
+ private final WhiteboardIndexEditorProvider indexEditorProvider =
+ new WhiteboardIndexEditorProvider();
+
+ private final WhiteboardIndexProvider indexProvider =
+ new WhiteboardIndexProvider();
+
+ private final WhiteboardExecutor executor = new WhiteboardExecutor();
+
+ private Whiteboard whiteboard;
+
+ private ServiceRegistration registration;
+
+ @Reference
+ private SecurityProvider securityProvider;
+
+ @Reference
+ private NodeStore store;
+
+ @Activate
+ public void activate(BundleContext bundleContext) {
+ whiteboard = new OsgiWhiteboard(bundleContext);
+ editorProvider.start(whiteboard);
+ indexEditorProvider.start(whiteboard);
+ indexProvider.start(whiteboard);
+ executor.start(whiteboard);
+ registration = registerRepository(bundleContext);
+ }
+
+ @Deactivate
+ public void deactivate() {
+ if (registration != null) {
+ registration.unregister();
+ }
+
+ executor.stop();
+ indexProvider.stop();
+ indexEditorProvider.stop();
+ editorProvider.stop();
+ }
+
+ private ServiceRegistration registerRepository(BundleContext
bundleContext) {
+ ContentRepository cr = new Oak(store)
+ .with(new InitialContent())
+ .with(JcrConflictHandler.JCR_CONFLICT_HANDLER)
+ .with(whiteboard)
+ .with(securityProvider)
+ .with(editorProvider)
+ .with(indexEditorProvider)
+ .with(indexProvider)
+ .withAsyncIndexing()
+ .with(executor)
+ .createContentRepository();
+
+ return bundleContext.registerService(
+ Repository.class.getName(),
+ new OsgiRepository(cr, whiteboard, securityProvider),
+ new Properties());
+ }
+}
Propchange:
jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/osgi/RepositoryManager.java
------------------------------------------------------------------------------
svn:eol-style = native
