svn commit: r1658412 - in /jackrabbit/oak/branches/1.0: ./ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ oak-core/src/test/java/org/apache/jackrabbit/...

angela Mon, 09 Feb 2015 06:44:09 -0800

Author: angela
Date: Mon Feb  9 14:42:53 2015
New Revision: 1658412

URL: http://svn.apache.org/r1658412
Log:
OAK-2484 : Backport OAK-2319 to 1.0 (-> merging r1644588 which fixes OAK-2344 
and OAK-2319)


Added:
    
jackrabbit/oak/branches/1.0/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorTest.java
      - copied unchanged from r1644588, 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorTest.java
Modified:
    jackrabbit/oak/branches/1.0/   (props changed)
    
jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
    
jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java
    
jackrabbit/oak/branches/1.0/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderTest.java

Propchange: jackrabbit/oak/branches/1.0/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Feb  9 14:42:53 2015
@@ -1,2 +1,2 @@
-/jackrabbit/oak/trunk:1584578,1584602,1584614,1584616,1584709,1584781,1584937,1585297,1585304-1585305,1585420,1585424,1585427,1585448,1585465,1585468,1585486,1585497,1585509,1585647,1585655-1585656,1585661,1585665-1585666,1585669-1585670,1585673,1585680,1585719,1585763,1585770,1585896,1585904,1585907,1585940,1585949,1585951,1585956,1585962-1585963,1586287,1586320,1586364,1586372,1586655,1586836,1587130,1587224,1587399,1587408,1587472,1587485,1587488,1587538,1587580,1587807,1588033,1588042,1588046,1588066,1588201,1589025,1589101,1589137,1589141,1589263,1589440,1589442,1589484,1589488,1589661,1589664,1589682,1589708,1589741,1589748,1589789,1589794,1589850,1589864,1590628,1590660,1590684,1590697,1590701,1590980,1590988,1591101,1591226,1591229,1591293,1591314,1591317,1591362,1591374,1591381,1591438,1591467,1591552,1591704,1591713,1591715,1591723,1591874,1592487,1592512,1592658,1592665,1592677,1592742,1592744,1592787,1592809,1592955,1593036,1593048,1593061,1593133,1593210-1593211,1593231
 
,1593245,1593250,1593294,1593304,1593317,1593342,1593554,1594158-1594164,1594166-1594167,1594169,1594237,1594800,1594808,1594835,1594888,1595147,1595457,1595856,1596241,1596474,1596534,1596844,1597569,1597795,1597854,1597860,1598292,1598302,1598352,1598369,1598595,1598631,1598696,1598732,1598797-1598798,1599299,1599332,1599416,1599434,1599671,1600088,1600935,1601309,1601388,1601578,1601676,1601757,1601768,1601814,1601833,1601838,1601853,1601878,1601888,1601922,1602156,1602174,1602179,1602183,1602207,1602227,1602256,1602261,1602796-1602797,1602800,1602809,1602853,1602872,1602914,1603155,1603307,1603401,1603441,1603748,1604166,1605030,1605036,1605038,1605292,1605447,1605526,1605670,1605725,1605831,1605852,1606077,1606079,1606087,1606638,1606641,1606644,1606708,1606711,1607031-1607032,1607077,1607127,1607141,1607152,1607185,1607196,1607331,1607362,1607366,1607392,1607526,1607557,1607664,1607737,1608560,1608731,1608783,1609064,1609081,1609165,1609488,1610489,1610592,1610603,1610634,1610
 
658,1610664,1611021,1611041,1611275,1611277,1611313,1611332,1611584,1612560,1612825,1612993,1613018,1613041,1614265,1614272,1614344-1614345,1614384-1614385,1614397,1614405-1614406,1614574,1614591,1614593,1614596,1614604,1614689,1614807,1614835,1614891,1615417-1615418,1616182,1616236,1616463,1616719,1617417,1617451,1617463,1617711,1618158,1618613,1618624,1618709,1619222,1619411,1619695,1619800,1619808,1619815,1619823-1619824,1620512,1620581,1620585,1620634,1620898,1620905,1621115,1621123-1621124,1621168,1621192,1621201,1621706,1621962,1622197,1622201,1622207,1622250,1622479,1623364,1623766,1623827,1623949,1623969,1623973,1624216,1624317,1624551,1624559,1624973,1624993-1624994,1625025,1625036,1625158,1625224,1625237,1625299,1625348,1625620,1625916,1625962-1625963,1626021,1626053,1626163,1626168,1626175,1626191,1626265,1626770,1627047,1627052,1627228,1627346,1627470,1627473,1627479,1627503,1627586,1627590,1627715,1627731,1628180,1628198,1628262,1628447,1628608,1629688,1629840,1629917,1
 
630055-1630057,1630156,1630299,1630338,1630773,1631283-1631284,1631333-1631334,1631617-1631619,1631630,1631699,1631704,1631711,1631967-1631969,1631986,1631990,1631999,1632002-1632003,1632017,1632258,1632264,1632270,1632293,1632303,1632592,1632605,1633315,1633559-1633560,1633562,1633567,1633571,1633598,1633608,1633641,1633687,1633697,1633768,1633783,1634505,1634513,1634774,1634779,1634781,1634792,1634803,1634814,1634816,1634838,1634841,1634852,1634864,1634896,1634898,1635044-1635045,1635060,1635077,1635089,1635102,1635108,1635218,1635387,1635435,1635518,1635563,1635586,1636336,1636348,1636505,1636585,1636799,1637368,1637382,1637413,1637651,1637815,1638779-1638783,1639260,1639577,1639622,1639963,1639966,1639973,1640134,1640143,1640555-1640556,1640694-1640695,1640715,1640722-1640723,1640728,1640863-1640872,1641340,1641350,1641352,1641541,1641596-1641599,1641601,1641662,1641671,1641695,1641771,1641802,1641811,1641950,1642031,1642056,1642119,1642285,1642648,1642667,1642954,1642959,164311
 
1,1643178,1643186,1643204,1643287,1643767,1643774,1643982,1644016,1644106,1644366,1644383,1644397-1644398,1644407,1644479,1644547,1644552,1644554,1644650,1644654,1644689,1644750,1645421,1645424,1645459,1645585,1645611,1645637,1645646,1645660-1645663,1645888,1645901,1645948,1645966,1645970-1645971,1646014,1646164,1646174,1646684,1649743,1649803,1650015,1650239,1650529,1650797,1651323,1651382,1651643,1651652,1651730,1651988-1651989,1651996,1652024,1652035,1652058-1652059,1652075,1652127,1652158,1652467,1652965,1652971,1653207,1653446,1653463,1653572,1653579,1653591,1653804,1653809,1653849-1653850,1653882,1654116,1654743,1654756,1654778,1655049,1655054-1655055,1655996,1656027,1656394,1656400,1656425,1656427,1656628
+/jackrabbit/oak/trunk:1584578,1584602,1584614,1584616,1584709,1584781,1584937,1585297,1585304-1585305,1585420,1585424,1585427,1585448,1585465,1585468,1585486,1585497,1585509,1585647,1585655-1585656,1585661,1585665-1585666,1585669-1585670,1585673,1585680,1585719,1585763,1585770,1585896,1585904,1585907,1585940,1585949,1585951,1585956,1585962-1585963,1586287,1586320,1586364,1586372,1586655,1586836,1587130,1587224,1587399,1587408,1587472,1587485,1587488,1587538,1587580,1587807,1588033,1588042,1588046,1588066,1588201,1589025,1589101,1589137,1589141,1589263,1589440,1589442,1589484,1589488,1589661,1589664,1589682,1589708,1589741,1589748,1589789,1589794,1589850,1589864,1590628,1590660,1590684,1590697,1590701,1590980,1590988,1591101,1591226,1591229,1591293,1591314,1591317,1591362,1591374,1591381,1591438,1591467,1591552,1591704,1591713,1591715,1591723,1591874,1592487,1592512,1592658,1592665,1592677,1592742,1592744,1592787,1592809,1592955,1593036,1593048,1593061,1593133,1593210-1593211,1593231
 
,1593245,1593250,1593294,1593304,1593317,1593342,1593554,1594158-1594164,1594166-1594167,1594169,1594237,1594800,1594808,1594835,1594888,1595147,1595457,1595856,1596241,1596474,1596534,1596844,1597569,1597795,1597854,1597860,1598292,1598302,1598352,1598369,1598595,1598631,1598696,1598732,1598797-1598798,1599299,1599332,1599416,1599434,1599671,1600088,1600935,1601309,1601388,1601578,1601676,1601757,1601768,1601814,1601833,1601838,1601853,1601878,1601888,1601922,1602156,1602174,1602179,1602183,1602207,1602227,1602256,1602261,1602796-1602797,1602800,1602809,1602853,1602872,1602914,1603155,1603307,1603401,1603441,1603748,1604166,1605030,1605036,1605038,1605292,1605447,1605526,1605670,1605725,1605831,1605852,1606077,1606079,1606087,1606638,1606641,1606644,1606708,1606711,1607031-1607032,1607077,1607127,1607141,1607152,1607185,1607196,1607331,1607362,1607366,1607392,1607526,1607557,1607664,1607737,1608560,1608731,1608783,1609064,1609081,1609165,1609488,1610489,1610592,1610603,1610634,1610
 
658,1610664,1611021,1611041,1611275,1611277,1611313,1611332,1611584,1612560,1612825,1612993,1613018,1613041,1614265,1614272,1614344-1614345,1614384-1614385,1614397,1614405-1614406,1614574,1614591,1614593,1614596,1614604,1614689,1614807,1614835,1614891,1615417-1615418,1616182,1616236,1616463,1616719,1617417,1617451,1617463,1617711,1618158,1618613,1618624,1618709,1619222,1619411,1619695,1619800,1619808,1619815,1619823-1619824,1620512,1620581,1620585,1620634,1620898,1620905,1621115,1621123-1621124,1621168,1621192,1621201,1621706,1621962,1622197,1622201,1622207,1622250,1622479,1623364,1623766,1623827,1623949,1623969,1623973,1624216,1624317,1624551,1624559,1624973,1624993-1624994,1625025,1625036,1625158,1625224,1625237,1625299,1625348,1625620,1625916,1625962-1625963,1626021,1626053,1626163,1626168,1626175,1626191,1626265,1626770,1627047,1627052,1627228,1627346,1627470,1627473,1627479,1627503,1627586,1627590,1627715,1627731,1628180,1628198,1628262,1628447,1628608,1629688,1629840,1629917,1
 
630055-1630057,1630156,1630299,1630338,1630773,1631283-1631284,1631333-1631334,1631617-1631619,1631630,1631699,1631704,1631711,1631967-1631969,1631986,1631990,1631999,1632002-1632003,1632017,1632258,1632264,1632270,1632293,1632303,1632592,1632605,1633315,1633559-1633560,1633562,1633567,1633571,1633598,1633608,1633641,1633687,1633697,1633768,1633783,1634505,1634513,1634774,1634779,1634781,1634792,1634803,1634814,1634816,1634838,1634841,1634852,1634864,1634896,1634898,1635044-1635045,1635060,1635077,1635089,1635102,1635108,1635218,1635387,1635435,1635518,1635563,1635586,1636336,1636348,1636505,1636585,1636799,1637368,1637382,1637413,1637651,1637815,1638779-1638783,1639260,1639577,1639622,1639963,1639966,1639973,1640134,1640143,1640555-1640556,1640694-1640695,1640715,1640722-1640723,1640728,1640863-1640872,1641340,1641350,1641352,1641541,1641596-1641599,1641601,1641662,1641671,1641695,1641771,1641802,1641811,1641950,1642031,1642056,1642119,1642285,1642648,1642667,1642954,1642959,164311
 
1,1643178,1643186,1643204,1643287,1643767,1643774,1643982,1644016,1644106,1644366,1644383,1644397-1644398,1644407,1644479,1644547,1644552,1644554,1644588,1644650,1644654,1644689,1644750,1645421,1645424,1645459,1645585,1645611,1645637,1645646,1645660-1645663,1645888,1645901,1645948,1645966,1645970-1645971,1646014,1646164,1646174,1646684,1649743,1649803,1650015,1650239,1650529,1650797,1651323,1651382,1651643,1651652,1651730,1651988-1651989,1651996,1652024,1652035,1652058-1652059,1652075,1652127,1652158,1652467,1652965,1652971,1653207,1653446,1653463,1653572,1653579,1653591,1653804,1653809,1653849-1653850,1653882,1654116,1654743,1654756,1654778,1655049,1655054-1655055,1655996,1656027,1656394,1656400,1656425,1656427,1656628
 /jackrabbit/trunk:1345480

Modified: 
jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java?rev=1658412&r1=1658411&r2=1658412&view=diff
==============================================================================
--- 
jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
 (original)
+++ 
jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
 Mon Feb  9 14:42:53 2015
@@ -107,7 +107,7 @@ class PermissionValidator extends Defaul
     @Override
     public void propertyAdded(PropertyState after) throws 
CommitFailedException {
         String name = after.getName();
-        if (!TreeConstants.OAK_CHILD_ORDER.equals(name)) {
+        if (!TreeConstants.OAK_CHILD_ORDER.equals(name) && 
!isImmutableProperty(name, parentAfter)) {
             checkPermissions(parentAfter, after, Permissions.ADD_PROPERTY);
         }
     }
@@ -120,7 +120,7 @@ class PermissionValidator extends Defaul
             if (childName != null) {
                 checkPermissions(parentAfter, false, 
Permissions.MODIFY_CHILD_NODE_COLLECTION);
             } // else: no re-order but only internal update
-        } else if (isImmutableProperty(name)) {
+        } else if (isImmutableProperty(name, parentAfter)) {
             // parent node has been removed and and re-added as
             checkPermissions(parentAfter, false, 
Permissions.ADD_NODE|Permissions.REMOVE_NODE);
         } else {
@@ -130,7 +130,8 @@ class PermissionValidator extends Defaul
 
     @Override
     public void propertyDeleted(PropertyState before) throws 
CommitFailedException {
-        if (!TreeConstants.OAK_CHILD_ORDER.equals(before.getName())) {
+        String name = before.getName();
+        if (!TreeConstants.OAK_CHILD_ORDER.equals(name) && 
!isImmutableProperty(name, parentBefore)) {
             checkPermissions(parentBefore, before, 
Permissions.REMOVE_PROPERTY);
         }
     }
@@ -250,10 +251,9 @@ class PermissionValidator extends Defaul
             return permission;
         }
         long perm;
-        if (provider.getAccessControlContext().definesTree(tree)) {
+        if (testAccessControlPermission(tree)) {
             perm = Permissions.MODIFY_ACCESS_CONTROL;
-        } else if (provider.getUserContext().definesTree(tree)
-                && 
!provider.requiresJr2Permissions(Permissions.USER_MANAGEMENT)) {
+        } else if (testUserPermission(tree)) {
             perm = Permissions.USER_MANAGEMENT;
         } else if (isIndexDefinition(tree)) {
             perm = Permissions.INDEX_DEFINITION_MANAGEMENT;
@@ -271,7 +271,7 @@ class PermissionValidator extends Defaul
         long perm;
         if (JcrConstants.JCR_PRIMARYTYPE.equals(name)) {
             if (defaultPermission == Permissions.MODIFY_PROPERTY) {
-                perm = Permissions.NODE_TYPE_MANAGEMENT;
+                perm = getPermission(parent, Permissions.NODE_TYPE_MANAGEMENT);
             } else {
                 // can't determine if this was  a user supplied modification of
                 // the primary type -> omit permission check.
@@ -281,18 +281,6 @@ class PermissionValidator extends Defaul
             }
         } else if (JcrConstants.JCR_MIXINTYPES.equals(name)) {
             perm = Permissions.NODE_TYPE_MANAGEMENT;
-        } else if (JcrConstants.JCR_UUID.equals(name)) {
-            if (isReferenceable.apply(parent.getNodeState())) {
-                // property added or removed: jcr:uuid is autocreated in
-                // JCR, thus can't determine here if this was a user supplied
-                // modification or not.
-                perm = Permissions.NO_PERMISSION;
-            } else {
-                /* the parent is not referenceable -> check regular permissions
-                   as this instance of jcr:uuid is not the mandatory/protected
-                   property defined by mix:referenceable */
-                perm = defaultPermission;
-            }
         } else if (LockConstants.LOCK_PROPERTY_NAMES.contains(name)) {
             perm = Permissions.LOCK_MANAGEMENT;
         } else if (VersionConstants.VERSION_PROPERTY_NAMES.contains(name)) {
@@ -321,20 +309,28 @@ class PermissionValidator extends Defaul
         }
     }
 
-    private boolean isImmutableProperty(String name) {
+    private boolean isImmutableProperty(@Nonnull String name, @Nonnull 
ImmutableTree parent) {
         // NOTE: we cannot rely on autocreated/protected definition as this
         // doesn't reveal if a given property is expected to be never modified
         // after creation.
-        if (JcrConstants.JCR_UUID.equals(name) && 
isReferenceable.apply(parentAfter.getNodeState())) {
+        if (JcrConstants.JCR_UUID.equals(name) && 
isReferenceable.apply(parent.getNodeState())) {
             return true;
         } else if ((JCR_CREATED.equals(name) || JCR_CREATEDBY.equals(name))
-                && isCreated.apply(parentAfter.getNodeState())) {
+                && isCreated.apply(parent.getNodeState())) {
             return true;
         } else {
             return false;
         }
     }
 
+    private boolean testUserPermission(@Nonnull Tree tree) {
+        return provider.getUserContext().definesTree(tree) && 
!provider.requiresJr2Permissions(Permissions.USER_MANAGEMENT);
+    }
+
+    private boolean testAccessControlPermission(@Nonnull Tree tree) {
+        return provider.getAccessControlContext().definesTree(tree);
+    }
+
     private boolean isVersionstorageTree(Tree tree) {
         return permission == Permissions.VERSION_MANAGEMENT &&
                 
VersionConstants.REP_VERSIONSTORAGE.equals(TreeUtil.getPrimaryTypeName(tree));

Modified: 
jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java?rev=1658412&r1=1658411&r2=1658412&view=diff
==============================================================================
--- 
jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java
 (original)
+++ 
jackrabbit/oak/branches/1.0/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java
 Mon Feb  9 14:42:53 2015
@@ -23,11 +23,13 @@ import java.util.Iterator;
 
 import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 import javax.jcr.AccessDeniedException;
 import javax.jcr.RepositoryException;
 import javax.jcr.nodetype.ConstraintViolationException;
 import javax.jcr.query.Query;
 
+import com.google.common.base.Strings;
 import org.apache.jackrabbit.JcrConstants;
 import org.apache.jackrabbit.oak.api.Result;
 import org.apache.jackrabbit.oak.api.ResultRow;
@@ -47,13 +49,14 @@ import org.slf4j.LoggerFactory;
 
 import static com.google.common.base.Preconditions.checkNotNull;
 import static org.apache.jackrabbit.oak.api.QueryEngine.NO_MAPPINGS;
+import static 
org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants.NODE_TYPES_PATH;
 
 /**
  * User provider implementation and manager for group memberships with the
  * following characteristics:
- * <p/>
+ * <p>
  * <h1>UserProvider</h1>
- * <p/>
+ * <p>
  * <h2>User and Group Creation</h2>
  * This implementation creates the JCR nodes corresponding the a given
  * authorizable ID with the following behavior:
@@ -168,7 +171,7 @@ class UserProvider extends AuthorizableB
     private final String groupPath;
     private final String userPath;
 
-    UserProvider(Root root, ConfigurationParameters config) {
+    UserProvider(@Nonnull Root root, @Nonnull ConfigurationParameters config) {
         super(root, config);
 
         defaultDepth = config.getConfigValue(PARAM_DEFAULT_DEPTH, 
DEFAULT_DEPTH);
@@ -177,27 +180,27 @@ class UserProvider extends AuthorizableB
     }
 
     @Nonnull
-    Tree createUser(String userID, String intermediateJcrPath) throws 
RepositoryException {
-        return createAuthorizableNode(userID, false, intermediateJcrPath);
+    Tree createUser(@Nonnull String userID, @Nullable String 
intermediateJcrPath) throws RepositoryException {
+        return createAuthorizableNode(userID, NT_REP_USER, 
intermediateJcrPath);
     }
 
     @Nonnull
-    Tree createGroup(String groupID, String intermediateJcrPath) throws 
RepositoryException {
-        return createAuthorizableNode(groupID, true, intermediateJcrPath);
+    Tree createGroup(@Nonnull String groupID, @Nullable String 
intermediateJcrPath) throws RepositoryException {
+        return createAuthorizableNode(groupID, NT_REP_GROUP, 
intermediateJcrPath);
     }
 
     @CheckForNull
-    Tree getAuthorizable(String authorizableId) {
+    Tree getAuthorizable(@Nonnull String authorizableId) {
         return getByID(authorizableId, AuthorizableType.AUTHORIZABLE);
     }
 
     @CheckForNull
-    Tree getAuthorizableByPath(String authorizableOakPath) {
+    Tree getAuthorizableByPath(@Nonnull String authorizableOakPath) {
         return getByPath(authorizableOakPath);
     }
 
     @CheckForNull
-    Tree getAuthorizableByPrincipal(Principal principal) {
+    Tree getAuthorizableByPrincipal(@Nonnull Principal principal) {
         if (principal instanceof TreeBasedPrincipal) {
             return root.getTree(((TreeBasedPrincipal) principal).getOakPath());
         }
@@ -229,18 +232,29 @@ class UserProvider extends AuthorizableB
 
     //------------------------------------------------------------< private 
>---
 
-    private Tree createAuthorizableNode(String authorizableId, boolean 
isGroup, String intermediatePath) throws RepositoryException {
+    private Tree createAuthorizableNode(@Nonnull String authorizableId,
+                                        @Nonnull String ntName,
+                                        @Nullable String intermediatePath) 
throws RepositoryException {
         String nodeName = getNodeName(authorizableId);
-        NodeUtil folder = createFolderNodes(authorizableId, nodeName, isGroup, 
intermediatePath);
+        Tree folder = createFolderNodes(nodeName, NT_REP_GROUP.equals(ntName), 
intermediatePath);
 
-        String ntName = (isGroup) ? NT_REP_GROUP : NT_REP_USER;
-        NodeUtil authorizableNode = folder.addChild(nodeName, ntName);
+        if (folder.hasChild(nodeName)) {
+            // collision with another authorizable node or some other node 
type.
+            int i = 1;
+            String tmp = nodeName + i;
+            while (folder.hasChild(tmp)) {
+                tmp = nodeName + ++i;
+            }
+            nodeName = tmp;
+        }
 
-        String nodeID = getContentID(authorizableId);
-        authorizableNode.setString(REP_AUTHORIZABLE_ID, authorizableId);
-        authorizableNode.setString(JcrConstants.JCR_UUID, nodeID);
+        Tree typeRoot = root.getTree(NODE_TYPES_PATH);
+        String userId = 
Strings.nullToEmpty(root.getContentSession().getAuthInfo().getUserID());
+        Tree authorizableNode = TreeUtil.addChild(folder, nodeName, ntName, 
typeRoot, userId);
+        authorizableNode.setProperty(REP_AUTHORIZABLE_ID, authorizableId);
+        authorizableNode.setProperty(JcrConstants.JCR_UUID, 
getContentID(authorizableId));
 
-        return authorizableNode.getTree();
+        return authorizableNode;
     }
 
     /**
@@ -249,19 +263,19 @@ class UserProvider extends AuthorizableB
      * configured user or group path. Note that Authorizable nodes are never
      * nested.
      *
-     * @param authorizableId   The desired authorizable ID.
      * @param nodeName         The name of the authorizable node.
      * @param isGroup          Flag indicating whether the new authorizable is 
a group or a user.
      * @param intermediatePath An optional intermediate path.
      * @return The folder node.
      * @throws RepositoryException If an error occurs
      */
-    private NodeUtil createFolderNodes(String authorizableId, String nodeName,
-                                       boolean isGroup, String 
intermediatePath) throws RepositoryException {
+    private Tree createFolderNodes(@Nonnull String nodeName,
+                                       boolean isGroup,
+                                       @Nullable String intermediatePath) 
throws RepositoryException {
         String authRoot = (isGroup) ? groupPath : userPath;
         String folderPath = new StringBuilder()
                 .append(authRoot)
-                .append(getFolderPath(authorizableId, intermediatePath, 
authRoot)).toString();
+                .append(getFolderPath(nodeName, intermediatePath, 
authRoot)).toString();
         NodeUtil folder;
         Tree tree = root.getTree(folderPath);
         while (!tree.isRoot() && !tree.exists()) {
@@ -285,17 +299,15 @@ class UserProvider extends AuthorizableB
                 log.debug("Existing folder node collides with user/group to be 
created. Expanding path by: " + colliding.getName());
                 folder = colliding;
             } else {
-                String msg = "Failed to create authorizable with id '" + 
authorizableId + "' : " +
-                        "Detected conflicting node of unexpected node type '" 
+ primaryType + "'.";
-                log.error(msg);
-                throw new ConstraintViolationException(msg);
+                break;
             }
         }
-
-        return folder;
+        return folder.getTree();
     }
 
-    private String getFolderPath(String authorizableId, String 
intermediatePath, String authRoot) throws ConstraintViolationException {
+    private String getFolderPath(@Nonnull String nodeName,
+                                 @Nullable String intermediatePath,
+                                 @Nonnull String authRoot) throws 
ConstraintViolationException {
         if (intermediatePath != null && intermediatePath.charAt(0) == '/') {
             if (!intermediatePath.startsWith(authRoot)) {
                 throw new ConstraintViolationException("Attempt to create 
authorizable outside of configured tree");
@@ -308,14 +320,15 @@ class UserProvider extends AuthorizableB
         if (intermediatePath != null && !intermediatePath.isEmpty()) {
             sb.append(DELIMITER).append(intermediatePath);
         } else {
-            int idLength = authorizableId.length();
+            String hint = Text.unescapeIllegalJcrChars(nodeName);
+            int idLength = hint.length();
             StringBuilder segment = new StringBuilder();
             for (int i = 0; i < defaultDepth; i++) {
                 if (idLength > i) {
-                    segment.append(authorizableId.charAt(i));
+                    segment.append(hint.charAt(i));
                 } else {
                     // escapedID is too short -> append the last char again
-                    segment.append(authorizableId.charAt(idLength - 1));
+                    segment.append(hint.charAt(idLength - 1));
                 }
                 
sb.append(DELIMITER).append(Text.escapeIllegalJcrChars(segment.toString()));
             }
@@ -323,7 +336,7 @@ class UserProvider extends AuthorizableB
         return sb.toString();
     }
 
-    private String getNodeName(String authorizableId) {
+    private String getNodeName(@Nonnull String authorizableId) {
         AuthorizableNodeName generator = 
checkNotNull(config.getConfigValue(PARAM_AUTHORIZABLE_NODE_NAME, 
AuthorizableNodeName.DEFAULT, AuthorizableNodeName.class));
         return generator.generateNodeName(authorizableId);
     }

Modified: 
jackrabbit/oak/branches/1.0/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.0/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderTest.java?rev=1658412&r1=1658411&r2=1658412&view=diff
==============================================================================
--- 
jackrabbit/oak/branches/1.0/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderTest.java
 (original)
+++ 
jackrabbit/oak/branches/1.0/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderTest.java
 Mon Feb  9 14:42:53 2015
@@ -18,13 +18,19 @@ package org.apache.jackrabbit.oak.securi
 
 import java.util.HashMap;
 import java.util.Map;
+import javax.annotation.Nonnull;
 import javax.jcr.RepositoryException;
+import javax.jcr.nodetype.NodeDefinition;
+import javax.jcr.nodetype.NodeType;
+import javax.jcr.nodetype.PropertyDefinition;
 
 import org.apache.jackrabbit.oak.Oak;
 import org.apache.jackrabbit.oak.api.CommitFailedException;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import 
org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexEditorProvider;
+import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
 import org.apache.jackrabbit.oak.plugins.nodetype.write.InitialContent;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.OpenSecurityProvider;
@@ -74,6 +80,7 @@ public class UserProviderTest {
 
     @After
     public void tearDown() {
+        root.refresh();
         root = null;
     }
 
@@ -163,9 +170,9 @@ public class UserProviderTest {
         assertEquals(customUserPath + "/b/bb/bbb/b", userTree.getPath());
 
         Map<String, String> m = new HashMap<String,String>();
-        m.put("bb",     "/b/bb/bbb/bb");
+        m.put("bb", "/b/bb/bbb/bb");
         m.put("bbb",    "/b/bb/bbb/bbb");
-        m.put("bbbb",   "/b/bb/bbb/bbbb");
+        m.put("bbbb", "/b/bb/bbb/bbbb");
         m.put("bL",     "/b/bL/bLL/bL");
         m.put("bLbh",   "/b/bL/bLb/bLbh");
         m.put("b_Lb",   "/b/b_/b_L/b_Lb");
@@ -218,7 +225,7 @@ public class UserProviderTest {
         m.put("z[x]", "/z/" + Text.escapeIllegalJcrChars("z[") + '/' + 
Text.escapeIllegalJcrChars("z[x]"));
         m.put("z*x", "/z/" + Text.escapeIllegalJcrChars("z*") + '/' + 
Text.escapeIllegalJcrChars("z*x"));
         m.put("z/x", "/z/" + Text.escapeIllegalJcrChars("z/") + '/' + 
Text.escapeIllegalJcrChars("z/x"));
-        m.put("%\r|", '/' +Text.escapeIllegalJcrChars("%")+ '/' + 
Text.escapeIllegalJcrChars("%\r") + '/' + Text.escapeIllegalJcrChars("%\r|"));
+        m.put("%\r|", '/' + Text.escapeIllegalJcrChars("%") + '/' + 
Text.escapeIllegalJcrChars("%\r") + '/' + Text.escapeIllegalJcrChars("%\r|"));
 
         for (String uid : m.keySet()) {
             Tree user = userProvider.createUser(uid, null);
@@ -297,4 +304,31 @@ public class UserProviderTest {
             u2.remove();
         }
     }
+
+    @Test
+    public void testAutoCreatedItemsUponUserCreation() throws Exception {
+        UserProvider up = createUserProvider();
+        assertAutoCreatedItems(up.createUser("c", null), 
UserConstants.NT_REP_USER, root);
+    }
+
+    @Test
+    public void testAutoCreatedItemsUponGroupCreation() throws Exception {
+        UserProvider up = createUserProvider();
+        assertAutoCreatedItems(up.createGroup("g", null), 
UserConstants.NT_REP_GROUP, root);
+    }
+
+    private static void assertAutoCreatedItems(@Nonnull Tree authorizableTree, 
@Nonnull String ntName, @Nonnull Root root) throws Exception {
+        NodeType repUser = ReadOnlyNodeTypeManager.getInstance(root, 
NamePathMapper.DEFAULT).getNodeType(ntName);
+        for (NodeDefinition cnd : repUser.getChildNodeDefinitions()) {
+            if (cnd.isAutoCreated()) {
+                assertTrue(authorizableTree.hasChild(cnd.getName()));
+            }
+        }
+
+        for (PropertyDefinition pd : repUser.getPropertyDefinitions()) {
+            if (pd.isAutoCreated()) {
+                assertTrue(authorizableTree.hasProperty(pd.getName()));
+            }
+        }
+    }
 }

svn commit: r1658412 - in /jackrabbit/oak/branches/1.0: ./ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ oak-core/src/test/java/org/apache/jackrabbit/...

Reply via email to