Author: mreutegg
Date: Wed Jun 24 15:25:01 2015
New Revision: 1687306
URL: http://svn.apache.org/r1687306
Log:
OAK-3021: UserValidator and AccessControlValidator must not process hidden nodes
Merged revision 1687301 from trunk
Modified:
jackrabbit/oak/branches/1.2/ (props changed)
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidatorTest.java
jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java
Propchange: jackrabbit/oak/branches/1.2/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Jun 24 15:25:01 2015
@@ -1,3 +1,3 @@
/jackrabbit/oak/branches/1.0:1665962
-/jackrabbit/oak/trunk:1672350,1672468,1672537,1672603,1672642,1672644,1672834-1672835,1673351,1673410,1673414-1673415,1673436,1673644,1673662-1673664,1673669,1673695,1673738,1673787,1673791,1674046,1674065,1674075,1674107,1674228,1674780,1674880,1675054-1675055,1675319,1675332,1675354,1675357,1675382,1675555,1675566,1675593,1676198,1676237,1676407,1676458,1676539,1676670,1676693,1676703,1676725,1677579,1677581,1677609,1677611,1677774,1677788,1677797,1677804,1677806,1677939,1677991,1678173,1678323,1678758,1678938,1678954,1679144,1679165,1679191,1679232,1679235,1679958,1679961,1680182,1680222,1680232,1680236,1680461,1680633,1680643,1680805-1680806,1680903,1681282,1681767,1681918,1682218,1682235,1682437,1682494,1682555,1682855,1682904,1683089,1683213,1683249,1683259,1683278,1683323,1683687,1684174-1684175,1684186,1684376,1684442,1684561,1684570,1684601,1684618,1684868,1685023,1685370,1685552,1685589,1685840,1685999,1686097,1686229,1686234,1686253,1686414,1686780,1686854,1686857,1686971
,1687053-1687055,1687198,1687220,1687239-1687240
+/jackrabbit/oak/trunk:1672350,1672468,1672537,1672603,1672642,1672644,1672834-1672835,1673351,1673410,1673414-1673415,1673436,1673644,1673662-1673664,1673669,1673695,1673738,1673787,1673791,1674046,1674065,1674075,1674107,1674228,1674780,1674880,1675054-1675055,1675319,1675332,1675354,1675357,1675382,1675555,1675566,1675593,1676198,1676237,1676407,1676458,1676539,1676670,1676693,1676703,1676725,1677579,1677581,1677609,1677611,1677774,1677788,1677797,1677804,1677806,1677939,1677991,1678173,1678323,1678758,1678938,1678954,1679144,1679165,1679191,1679232,1679235,1679958,1679961,1680182,1680222,1680232,1680236,1680461,1680633,1680643,1680805-1680806,1680903,1681282,1681767,1681918,1682218,1682235,1682437,1682494,1682555,1682855,1682904,1683089,1683213,1683249,1683259,1683278,1683323,1683687,1684174-1684175,1684186,1684376,1684442,1684561,1684570,1684601,1684618,1684868,1685023,1685370,1685552,1685589,1685840,1685999,1686097,1686229,1686234,1686253,1686414,1686780,1686854,1686857,1686971
,1687053-1687055,1687198,1687220,1687239-1687240,1687301
/jackrabbit/trunk:1345480
Modified:
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java?rev=1687306&r1=1687305&r2=1687306&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java
(original)
+++
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java
Wed Jun 24 15:25:01 2015
@@ -42,6 +42,7 @@ import org.apache.jackrabbit.oak.plugins
import org.apache.jackrabbit.oak.plugins.tree.impl.TreeConstants;
import org.apache.jackrabbit.oak.spi.commit.DefaultValidator;
import org.apache.jackrabbit.oak.spi.commit.Validator;
+import org.apache.jackrabbit.oak.spi.commit.VisibleValidator;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import
org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
import
org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
@@ -122,7 +123,7 @@ class AccessControlValidator extends Def
Tree treeAfter = checkNotNull(parentAfter.getChild(name));
checkValidTree(parentAfter, treeAfter, after);
- return new AccessControlValidator(this, treeAfter);
+ return newValidator(this, treeAfter);
}
@Override
@@ -130,7 +131,7 @@ class AccessControlValidator extends Def
Tree treeAfter = checkNotNull(parentAfter.getChild(name));
checkValidTree(parentAfter, treeAfter, after);
- return new AccessControlValidator(this, treeAfter);
+ return newValidator(this, treeAfter);
}
@Override
@@ -141,6 +142,14 @@ class AccessControlValidator extends Def
//------------------------------------------------------------< private
>---
+ private static Validator newValidator(AccessControlValidator parent,
+ Tree parentAfter) {
+ return new VisibleValidator(
+ new AccessControlValidator(parent, parentAfter),
+ true,
+ true);
+ }
+
private void checkValidTree(Tree parentAfter, Tree treeAfter, NodeState
nodeAfter) throws CommitFailedException {
if (isPolicy(treeAfter)) {
checkValidPolicy(parentAfter, treeAfter, nodeAfter);
Modified:
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java?rev=1687306&r1=1687305&r2=1687306&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
(original)
+++
jackrabbit/oak/branches/1.2/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidator.java
Wed Jun 24 15:25:01 2015
@@ -139,12 +139,13 @@ class UserValidator extends DefaultValid
Tree tree = checkNotNull(parentAfter.getChild(name));
validateAuthorizable(tree, UserUtil.getType(tree));
- return new VisibleValidator(new UserValidator(null, tree, provider),
true, true);
+ return newValidator(null, tree, provider);
}
@Override
public Validator childNodeChanged(String name, NodeState before, NodeState
after) throws CommitFailedException {
- return new UserValidator(parentBefore.getChild(name),
parentAfter.getChild(name), provider);
+ return newValidator(parentBefore.getChild(name),
+ parentAfter.getChild(name), provider);
}
@Override
@@ -158,12 +159,21 @@ class UserValidator extends DefaultValid
}
return null;
} else {
- return new VisibleValidator(new UserValidator(tree, null,
provider), true, true);
+ return newValidator(tree, null, provider);
}
}
//------------------------------------------------------------< private
>---
+ private static Validator newValidator(Tree parentBefore,
+ Tree parentAfter,
+ UserValidatorProvider provider) {
+ return new VisibleValidator(
+ new UserValidator(parentBefore, parentAfter, provider),
+ true,
+ true);
+ }
+
private boolean isAdminUser(@Nonnull Tree userTree) {
if (userTree.exists() && isUser(userTree)) {
String id = UserUtil.getAuthorizableId(userTree);
Modified:
jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidatorTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidatorTest.java?rev=1687306&r1=1687305&r2=1687306&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidatorTest.java
(original)
+++
jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidatorTest.java
Wed Jun 24 15:25:01 2015
@@ -25,15 +25,22 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.plugins.memory.MemoryNodeStore;
+import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
+import org.apache.jackrabbit.oak.spi.commit.Validator;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlTest;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
+import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
@@ -351,4 +358,67 @@ public class AccessControlValidatorTest
assertTrue(e.isAccessControlViolation());
}
}
+
+ @Test
+ public void hiddenNodeAdded() throws CommitFailedException {
+ AccessControlValidatorProvider provider = new
AccessControlValidatorProvider(getSecurityProvider());
+ MemoryNodeStore store = new MemoryNodeStore();
+ NodeState root = store.getRoot();
+ NodeBuilder builder = root.builder();
+ NodeBuilder test = builder.child("test");
+ NodeBuilder hidden = test.child(":hidden");
+
+ Validator validator = provider.getRootValidator(
+ root, builder.getNodeState(), CommitInfo.EMPTY);
+ Validator childValidator = validator.childNodeAdded(
+ "test", test.getNodeState());
+ assertNotNull(childValidator);
+
+ Validator hiddenValidator = childValidator.childNodeAdded(":hidden",
hidden.getNodeState());
+ assertNull(hiddenValidator);
+ }
+
+ @Test
+ public void hiddenNodeChanged() throws CommitFailedException {
+ AccessControlValidatorProvider provider = new
AccessControlValidatorProvider(getSecurityProvider());
+ MemoryNodeStore store = new MemoryNodeStore();
+ NodeBuilder builder = store.getRoot().builder();
+ builder.child("test").child(":hidden");
+ NodeState root = builder.getNodeState();
+
+ NodeBuilder test = root.builder().child("test");
+ NodeBuilder hidden = test.child(":hidden");
+ hidden.child("added");
+
+ Validator validator = provider.getRootValidator(
+ root, builder.getNodeState(), CommitInfo.EMPTY);
+ Validator childValidator = validator.childNodeChanged(
+ "test", root.getChildNode("test"), test.getNodeState());
+ assertNotNull(childValidator);
+
+ Validator hiddenValidator = childValidator.childNodeChanged(":hidden",
root.getChildNode("test").getChildNode(":hidden"), hidden.getNodeState());
+ assertNull(hiddenValidator);
+ }
+
+ @Test
+ public void hiddenNodeDeleted() throws CommitFailedException {
+ AccessControlValidatorProvider provider = new
AccessControlValidatorProvider(getSecurityProvider());
+ MemoryNodeStore store = new MemoryNodeStore();
+ NodeBuilder builder = store.getRoot().builder();
+ builder.child("test").child(":hidden");
+ NodeState root = builder.getNodeState();
+
+ builder = root.builder();
+ NodeBuilder test = builder.child("test");
+ test.child(":hidden").remove();
+
+ Validator validator = provider.getRootValidator(
+ root, builder.getNodeState(), CommitInfo.EMPTY);
+ Validator childValidator = validator.childNodeChanged("test",
root.getChildNode("test"), test.getNodeState());
+ assertNotNull(childValidator);
+
+ Validator hiddenValidator = childValidator.childNodeDeleted(
+ ":hidden", root.getChildNode("test").getChildNode(":hidden"));
+ assertNull(hiddenValidator);
+ }
}
\ No newline at end of file
Modified:
jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java?rev=1687306&r1=1687305&r2=1687306&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java
(original)
+++
jackrabbit/oak/branches/1.2/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java
Wed Jun 24 15:25:01 2015
@@ -34,9 +34,14 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
+import org.apache.jackrabbit.oak.plugins.memory.MemoryNodeStore;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
+import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
+import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
+import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.util.Text;
import org.junit.Before;
@@ -44,6 +49,8 @@ import org.junit.Test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
import static org.junit.Assert.fail;
/**
@@ -375,6 +382,72 @@ public class UserValidatorTest extends A
}
}
+ @Test
+ public void hiddenNodeAdded() throws CommitFailedException {
+ UserValidatorProvider provider = new
UserValidatorProvider(getConfig());
+ MemoryNodeStore store = new MemoryNodeStore();
+ NodeState root = store.getRoot();
+ NodeBuilder builder = root.builder();
+ NodeBuilder test = builder.child("test");
+ NodeBuilder hidden = test.child(":hidden");
+
+ Validator validator = provider.getRootValidator(
+ root, builder.getNodeState(), CommitInfo.EMPTY);
+ Validator childValidator = validator.childNodeAdded(
+ "test", test.getNodeState());
+ assertNotNull(childValidator);
+
+ Validator hiddenValidator = childValidator.childNodeAdded(
+ ":hidden", hidden.getNodeState());
+ assertNull(hiddenValidator);
+ }
+
+ @Test
+ public void hiddenNodeChanged() throws CommitFailedException {
+ UserValidatorProvider provider = new
UserValidatorProvider(getConfig());
+ MemoryNodeStore store = new MemoryNodeStore();
+ NodeBuilder builder = store.getRoot().builder();
+ builder.child("test").child(":hidden");
+ NodeState root = builder.getNodeState();
+
+ NodeBuilder test = root.builder().child("test");
+ NodeBuilder hidden = test.child(":hidden");
+ hidden.child("added");
+
+ Validator validator = provider.getRootValidator(
+ root, builder.getNodeState(), CommitInfo.EMPTY);
+ Validator childValidator = validator.childNodeChanged(
+ "test", root.getChildNode("test"), test.getNodeState());
+ assertNotNull(childValidator);
+
+ Validator hiddenValidator = childValidator.childNodeChanged(
+ ":hidden", root.getChildNode("test").getChildNode(":hidden"),
hidden.getNodeState());
+ assertNull(hiddenValidator);
+ }
+
+ @Test
+ public void hiddenNodeDeleted() throws CommitFailedException {
+ UserValidatorProvider provider = new
UserValidatorProvider(getConfig());
+ MemoryNodeStore store = new MemoryNodeStore();
+ NodeBuilder builder = store.getRoot().builder();
+ builder.child("test").child(":hidden");
+ NodeState root = builder.getNodeState();
+
+ builder = root.builder();
+ NodeBuilder test = builder.child("test");
+ test.child(":hidden").remove();
+
+ Validator validator = provider.getRootValidator(
+ root, builder.getNodeState(), CommitInfo.EMPTY);
+ Validator childValidator = validator.childNodeChanged(
+ "test", root.getChildNode("test"), test.getNodeState());
+ assertNotNull(childValidator);
+
+ Validator hiddenValidator = childValidator.childNodeDeleted(
+ ":hidden", root.getChildNode("test").getChildNode(":hidden"));
+ assertNull(hiddenValidator);
+ }
+
private ConfigurationParameters getConfig() {
return getUserConfiguration().getParameters();
}
