Author: angela
Date: Tue Jul 14 13:58:59 2015
New Revision: 1690937
URL: http://svn.apache.org/r1690937
Log:
OAK-2008 : authorization setup for closed user groups (WIP)
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImpl.java
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImpl.java?rev=1690937&r1=1690936&r2=1690937&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPolicyImpl.java
Tue Jul 14 13:58:59 2015
@@ -20,10 +20,12 @@ import java.security.Principal;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
+import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.jcr.security.AccessControlException;
import com.google.common.base.Function;
+import com.google.common.base.Strings;
import com.google.common.collect.Iterables;
import com.google.common.collect.Sets;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
@@ -73,37 +75,8 @@ class CugPolicyImpl implements CugPolicy
public boolean addPrincipals(@Nonnull Principal... principals) throws
AccessControlException {
boolean modified = false;
for (Principal principal : principals) {
- if (principal != null) {
- String name = principal.getName();
- if (name == null || name.isEmpty()) {
- throw new AccessControlException("Invalid principal " +
name);
- }
-
- Principal p = principal;
- switch (importBehavior) {
- case ImportBehavior.ABORT:
- if (!principalManager.hasPrincipal(name)) {
- throw new AccessControlException("Unknown
principal " + name);
- }
- break;
- case ImportBehavior.IGNORE:
- if (!principalManager.hasPrincipal(name)) {
- log.debug("Ignoring unknown principal " + name);
- p = null;
- }
- break;
- case ImportBehavior.BESTEFFORT:
- log.debug("Best effort: don't verify existence of
principals.");
- break;
- default:
- throw new IllegalArgumentException("Unsupported import
behavior " + importBehavior);
- }
-
- if (p != null) {
- modified |= this.principals.add(p);
- }
- } else {
- log.debug("Ignoring null principal.");
+ if (isValidPrincipal(principal)) {
+ modified |= this.principals.add(principal);
}
}
return modified;
@@ -135,4 +108,50 @@ class CugPolicyImpl implements CugPolicy
}
});
}
+
+
//--------------------------------------------------------------------------
+
+ /**
+ * Validate the specified {@code principal} taking the configured
+ * {@link org.apache.jackrabbit.oak.spi.xml.ImportBehavior} into account.
+ *
+ *
+ * @param principal The principal to validate.
+ * @return if the principal is considered valid and can be added to the
list.
+ * @throws AccessControlException If the principal has an invalid name or
+ * if {@link org.apache.jackrabbit.oak.spi.xml.ImportBehavior#ABORT} is
+ * configured and this principal is not known to the repository.
+ */
+ private boolean isValidPrincipal(@CheckForNull Principal principal) throws
AccessControlException {
+ if (principal == null) {
+ log.debug("Ignoring null principal.");
+ return false;
+ }
+
+ String name = principal.getName();
+ if (Strings.isNullOrEmpty(name)) {
+ throw new AccessControlException("Invalid principal " + name);
+ }
+
+ boolean isValid = true;
+ switch (importBehavior) {
+ case ImportBehavior.ABORT:
+ if (!principalManager.hasPrincipal(name)) {
+ throw new AccessControlException("Unknown principal " +
name);
+ }
+ break;
+ case ImportBehavior.IGNORE:
+ if (!principalManager.hasPrincipal(name)) {
+ log.debug("Ignoring unknown principal " + name);
+ isValid = false;
+ }
+ break;
+ case ImportBehavior.BESTEFFORT:
+ log.debug("Best effort: don't verify existence of
principals.");
+ break;
+ default:
+ throw new IllegalArgumentException("Unsupported import
behavior " + importBehavior);
+ }
+ return isValid;
+ }
}
\ No newline at end of file
