Author: angela
Date: Tue Oct 27 17:58:21 2015
New Revision: 1710857
URL: http://svn.apache.org/viewvc?rev=1710857&view=rev
Log:
OAK-2674 : Fix FindBug Issues
- remove public modified where not needed
- remove unused methods
- consistenly add notnull/checkfornull annotations
- avoid null-dereference even if properties are expected to be present by
nt-definition
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissions.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissions.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/EntryPredicate.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/NoPermissions.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStore.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditor.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PrincipalPermissionEntries.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionTreePermission.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissions.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissions.java?rev=1710857&r1=1710856&r2=1710857&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissions.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/AllPermissions.java
Tue Oct 27 17:58:21 2015
@@ -32,14 +32,14 @@ import org.apache.jackrabbit.oak.spi.sec
* Implementation of the {@code CompiledPermissions} interface that grants full
* permission everywhere.
*/
-public final class AllPermissions implements CompiledPermissions {
+final class AllPermissions implements CompiledPermissions {
private static final CompiledPermissions INSTANCE = new AllPermissions();
private AllPermissions() {
}
- public static CompiledPermissions getInstance() {
+ static CompiledPermissions getInstance() {
return INSTANCE;
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java?rev=1710857&r1=1710856&r2=1710857&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
Tue Oct 27 17:58:21 2015
@@ -441,7 +441,7 @@ final class CompiledPermissionImpl imple
private final TreePermissionImpl parent;
private final TreeType type;
- private final boolean readableTree;
+ private final boolean isReadableTree;
private Collection<PermissionEntry> userEntries;
private Collection<PermissionEntry> groupEntries;
@@ -457,7 +457,7 @@ final class CompiledPermissionImpl imple
} else {
parent = null;
}
- readableTree = readPolicy.isReadableTree(tree, parent);
+ isReadableTree = readPolicy.isReadableTree(tree, parent);
}
//-------------------------------------------------< TreePermission
>---
@@ -471,7 +471,7 @@ final class CompiledPermissionImpl imple
@Override
public boolean canRead() {
boolean isAcTree = isAcTree();
- if (!isAcTree && readableTree) {
+ if (!isAcTree && isReadableTree) {
return true;
}
if (readStatus == null) {
@@ -498,7 +498,7 @@ final class CompiledPermissionImpl imple
@Override
public boolean canRead(@Nonnull PropertyState property) {
boolean isAcTree = isAcTree();
- if (!isAcTree && readableTree) {
+ if (!isAcTree && isReadableTree) {
return true;
}
if (readStatus != null && readStatus.allowsProperties()) {
@@ -626,6 +626,7 @@ final class CompiledPermissionImpl imple
return false;
}
+ @Override
public boolean isReadableTree(@Nonnull Tree tree, boolean exactMatch) {
return false;
}
@@ -654,9 +655,10 @@ final class CompiledPermissionImpl imple
isDefaultPaths = (readPaths.size() == DEFAULT_READ_PATHS.size())
&& readPaths.containsAll(DEFAULT_READ_PATHS);
}
+ @Override
public boolean isReadableTree(@Nonnull Tree tree, @Nullable
TreePermissionImpl parent) {
if (parent != null) {
- if (parent.readableTree) {
+ if (parent.isReadableTree) {
return true;
} else if (!isDefaultPaths ||
parent.tree.getName().equals(JcrConstants.JCR_SYSTEM)) {
return isReadableTree(tree, true);
@@ -668,6 +670,7 @@ final class CompiledPermissionImpl imple
}
}
+ @Override
public boolean isReadableTree(@Nonnull Tree tree, boolean exactMatch) {
String targetPath = tree.getPath();
for (String path : readPaths) {
@@ -685,6 +688,7 @@ final class CompiledPermissionImpl imple
return false;
}
+ @Override
public boolean isReadablePath(@Nullable String treePath, boolean
exactMatch) {
if (treePath != null) {
for (String path : readPaths) {
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissions.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissions.java?rev=1710857&r1=1710856&r2=1710857&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissions.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissions.java
Tue Oct 27 17:58:21 2015
@@ -33,7 +33,7 @@ import org.apache.jackrabbit.oak.spi.sec
* be may able to simplify the evaluation. See e.g. {@link
org.apache.jackrabbit.oak.security.authorization.permission.AllPermissions}
* and {@link
org.apache.jackrabbit.oak.security.authorization.permission.NoPermissions}
*/
-public interface CompiledPermissions {
+interface CompiledPermissions {
/**
* Refresh this instance to reflect the permissions as present with the
@@ -104,7 +104,7 @@ public interface CompiledPermissions {
Set<String> getPrivileges(@Nullable Tree tree);
/**
- * Retruns true if all privileges identified by the given {@code
privilegeNames}
+ * Returns {@code true} if all privileges identified by the given {@code
privilegeNames}
* are granted at the given {@code tree}.
*
*
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/EntryPredicate.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/EntryPredicate.java?rev=1710857&r1=1710856&r2=1710857&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/EntryPredicate.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/EntryPredicate.java
Tue Oct 27 17:58:21 2015
@@ -39,17 +39,16 @@ final class EntryPredicate implements Pr
private final Tree parent;
private final boolean respectParent;
- public EntryPredicate(@Nonnull Tree tree, @Nullable PropertyState property,
- boolean respectParent) {
- this(tree, property, tree.getPath(), respectParent);
+ EntryPredicate() {
+ this(null, null, null, false);
}
- public EntryPredicate(@Nonnull String path, boolean respectParent) {
- this(null, null, path, respectParent);
+ EntryPredicate(@Nonnull Tree tree, @Nullable PropertyState property,
boolean respectParent) {
+ this(tree, property, tree.getPath(), respectParent);
}
- public EntryPredicate() {
- this(null, null, null, false);
+ EntryPredicate(@Nonnull String path, boolean respectParent) {
+ this(null, null, path, respectParent);
}
private EntryPredicate(@Nullable Tree tree, @Nullable PropertyState
property,
@@ -69,10 +68,11 @@ final class EntryPredicate implements Pr
}
@CheckForNull
- public String getPath() {
+ String getPath() {
return path;
}
+ //----------------------------------------------------------< Predicate
>---
@Override
public boolean apply(@Nullable PermissionEntry entry) {
return apply(entry, true);
@@ -92,5 +92,4 @@ final class EntryPredicate implements Pr
return entry.matches();
}
}
-
}
\ No newline at end of file
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java?rev=1710857&r1=1710856&r2=1710857&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
Tue Oct 27 17:58:21 2015
@@ -16,6 +16,7 @@
*/
package org.apache.jackrabbit.oak.security.authorization.permission;
+import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
@@ -88,7 +89,7 @@ public class MoveAwarePermissionValidato
//----------------------------------------------------------< Validator
>---
@Override
public Validator childNodeAdded(String name, NodeState after) throws
CommitFailedException {
- if (moveCtx.processAdd((ImmutableTree)
getParentAfter().getChild(name), this)) {
+ if (moveCtx.processAdd(getParentAfter(), name, this)) {
return null;
} else {
return super.childNodeAdded(name, after);
@@ -97,7 +98,7 @@ public class MoveAwarePermissionValidato
@Override
public Validator childNodeDeleted(String name, NodeState before) throws
CommitFailedException {
- if (moveCtx.processDelete((ImmutableTree)
getParentBefore().getChild(name), this)) {
+ if (moveCtx.processDelete(getParentBefore(), name, this)) {
return null;
} else {
return super.childNodeDeleted(name, before);
@@ -120,11 +121,15 @@ public class MoveAwarePermissionValidato
rootAfter = RootFactory.createReadOnlyRoot(after);
}
- private boolean containsMove(Tree parentBefore, Tree parentAfter) {
+ private boolean containsMove(@Nullable Tree parentBefore, @Nullable
Tree parentAfter) {
return
moveTracker.containsMove(PermissionUtil.getPath(parentBefore, parentAfter));
}
- private boolean processAdd(ImmutableTree child,
MoveAwarePermissionValidator validator) throws CommitFailedException {
+ private boolean processAdd(@CheckForNull Tree parent, @Nonnull String
name , @Nonnull MoveAwarePermissionValidator validator) throws
CommitFailedException {
+ if (parent == null) {
+ return false;
+ }
+ ImmutableTree child = (ImmutableTree) parent.getChild(name);
String sourcePath = moveTracker.getSourcePath(child.getPath());
if (sourcePath != null) {
ImmutableTree source = (ImmutableTree)
rootBefore.getTree(sourcePath);
@@ -138,7 +143,11 @@ public class MoveAwarePermissionValidato
return false;
}
- private boolean processDelete(ImmutableTree child,
MoveAwarePermissionValidator validator) throws CommitFailedException {
+ private boolean processDelete(@CheckForNull Tree parent, @Nonnull
String name, @Nonnull MoveAwarePermissionValidator validator) throws
CommitFailedException {
+ if (parent == null) {
+ return false;
+ }
+ ImmutableTree child = (ImmutableTree) parent.getChild(name);
String destPath = moveTracker.getDestPath(child.getPath());
if (destPath != null) {
ImmutableTree dest = (ImmutableTree)
rootAfter.getTree(destPath);
@@ -153,8 +162,8 @@ public class MoveAwarePermissionValidato
return false;
}
- private boolean diff(ImmutableTree source, ImmutableTree dest,
- MoveAwarePermissionValidator validator) throws
CommitFailedException {
+ private boolean diff(@Nonnull ImmutableTree source, @Nonnull
ImmutableTree dest,
+ @Nonnull MoveAwarePermissionValidator validator)
throws CommitFailedException {
Validator nextValidator = validator.visibleValidator(source, dest);
CommitFailedException e = EditorDiff.process(nextValidator ,
source.getNodeState(), dest.getNodeState());
if (e != null) {
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/NoPermissions.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/NoPermissions.java?rev=1710857&r1=1710856&r2=1710857&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/NoPermissions.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/NoPermissions.java
Tue Oct 27 17:58:21 2015
@@ -30,14 +30,14 @@ import org.apache.jackrabbit.oak.spi.sec
/**
* Implementation of the {@code CompiledPermission} interface that denies all
permissions.
*/
-public final class NoPermissions implements CompiledPermissions {
+final class NoPermissions implements CompiledPermissions {
private static final CompiledPermissions INSTANCE = new NoPermissions();
private NoPermissions() {
}
- public static CompiledPermissions getInstance() {
+ static CompiledPermissions getInstance() {
return INSTANCE;
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java?rev=1710857&r1=1710856&r2=1710857&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntry.java
Tue Oct 27 17:58:21 2015
@@ -65,19 +65,19 @@ final class PermissionEntry implements C
this.restriction = restriction;
}
- public boolean matches(@Nonnull Tree tree, @Nullable PropertyState
property) {
+ boolean matches(@Nonnull Tree tree, @Nullable PropertyState property) {
return restriction == RestrictionPattern.EMPTY ||
restriction.matches(tree, property);
}
- public boolean matches(@Nonnull String treePath) {
+ boolean matches(@Nonnull String treePath) {
return restriction == RestrictionPattern.EMPTY ||
restriction.matches(treePath);
}
- public boolean matches() {
+ boolean matches() {
return restriction == RestrictionPattern.EMPTY ||
restriction.matches();
}
- public boolean matchesParent(@Nonnull String parentPath) {
+ boolean matchesParent(@Nonnull String parentPath) {
return Text.isDescendantOrEqual(path, parentPath) && (restriction ==
RestrictionPattern.EMPTY || restriction.matches(parentPath));
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java?rev=1710857&r1=1710856&r2=1710857&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryCache.java
Tue Oct 27 17:58:21 2015
@@ -22,7 +22,6 @@ import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
-
import javax.annotation.Nonnull;
/**
@@ -37,12 +36,12 @@ import javax.annotation.Nonnull;
* fallback to the direct store.load() methods when providing the entries.
if those principals with many entries
* are used often, they might get elected to live in the global cache;
memory permitting.
*/
-public class PermissionEntryCache {
+class PermissionEntryCache {
private final Map<String, PrincipalPermissionEntries> entries = new
HashMap<String, PrincipalPermissionEntries>();
@Nonnull
- public PrincipalPermissionEntries getEntries(@Nonnull PermissionStore
store,
+ PrincipalPermissionEntries getEntries(@Nonnull PermissionStore store,
@Nonnull String
principalName) {
PrincipalPermissionEntries ppe = entries.get(principalName);
if (ppe == null) {
@@ -57,9 +56,9 @@ public class PermissionEntryCache {
return ppe;
}
- public void load(@Nonnull PermissionStore store,
- @Nonnull Map<String, Collection<PermissionEntry>>
pathEntryMap,
- @Nonnull String principalName) {
+ void load(@Nonnull PermissionStore store,
+ @Nonnull Map<String, Collection<PermissionEntry>> pathEntryMap,
+ @Nonnull String principalName) {
// todo: conditionally load entries if too many
PrincipalPermissionEntries ppe = getEntries(store, principalName);
for (Map.Entry<String, Collection<PermissionEntry>> e:
ppe.getEntries().entrySet()) {
@@ -73,13 +72,13 @@ public class PermissionEntryCache {
}
}
- public void load(@Nonnull PermissionStore store,
- @Nonnull Collection<PermissionEntry> ret,
- @Nonnull String principalName,
- @Nonnull String path) {
+ void load(@Nonnull PermissionStore store,
+ @Nonnull Collection<PermissionEntry> ret,
+ @Nonnull String principalName,
+ @Nonnull String path) {
PrincipalPermissionEntries ppe = entries.get(principalName);
if (ppe == null) {
- ppe = new PrincipalPermissionEntries(principalName);
+ ppe = new PrincipalPermissionEntries();
entries.put(principalName, ppe);
}
Collection<PermissionEntry> pes = ppe.getEntries().get(path);
@@ -96,16 +95,16 @@ public class PermissionEntryCache {
}
}
- public long getNumEntries(@Nonnull PermissionStore store,
- @Nonnull String principalName,
- long max) {
+ long getNumEntries(@Nonnull PermissionStore store,
+ @Nonnull String principalName,
+ long max) {
PrincipalPermissionEntries ppe = entries.get(principalName);
return ppe == null
? store.getNumEntries(principalName, max)
: ppe.getEntries().size();
}
- public void flush(@Nonnull Set<String> principalNames) {
+ void flush(@Nonnull Set<String> principalNames) {
entries.keySet().removeAll(principalNames);
}
}
\ No newline at end of file
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProvider.java?rev=1710857&r1=1710856&r2=1710857&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProvider.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProvider.java
Tue Oct 27 17:58:21 2015
@@ -35,8 +35,5 @@ interface PermissionEntryProvider {
@Nonnull
Collection<PermissionEntry> getEntries(@Nonnull Tree accessControlledTree);
- @Nonnull
- Collection<PermissionEntry> getEntries(@Nonnull String
accessControlledPath);
-
void flush();
}
\ No newline at end of file
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java?rev=1710857&r1=1710856&r2=1710857&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImpl.java
Tue Oct 27 17:58:21 2015
@@ -113,11 +113,14 @@ class PermissionEntryProviderImpl implem
}
}
+ //--------------------------------------------< PermissionEntryProvider
>---
+ @Override
public void flush() {
cache.flush(principalNames);
init();
}
+ @Override
@Nonnull
public Iterator<PermissionEntry> getEntryIterator(@Nonnull EntryPredicate
predicate) {
if (existingNames.isEmpty()) {
@@ -127,6 +130,7 @@ class PermissionEntryProviderImpl implem
}
}
+ @Override
@Nonnull
public Collection<PermissionEntry> getEntries(@Nonnull Tree
accessControlledTree) {
if (existingNames.isEmpty()) {
@@ -141,8 +145,9 @@ class PermissionEntryProviderImpl implem
}
}
+ //------------------------------------------------------------< private
>---
@Nonnull
- public Collection<PermissionEntry> getEntries(@Nonnull String path) {
+ private Collection<PermissionEntry> getEntries(@Nonnull String path) {
if (existingNames.isEmpty()) {
return Collections.emptyList();
} else if (pathEntryMap != null) {
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java?rev=1710857&r1=1710856&r2=1710857&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java
Tue Oct 27 17:58:21 2015
@@ -80,6 +80,7 @@ public class PermissionHook implements P
this.restrictionProvider = restrictionProvider;
}
+ //---------------------------------------------------------< CommitHook
>---
@Nonnull
@Override
public NodeState processCommit(
@@ -100,11 +101,14 @@ public class PermissionHook implements P
return rootAfter.getNodeState();
}
+ //-------------------------------------------------------------< Object
>---
@Override
public String toString() {
return "PermissionHook";
}
+ //------------------------------------------------------------< private
>---
+
private void apply() {
for (Map.Entry<String, PermissionStoreEditor> entry :
deleted.entrySet()) {
entry.getValue().removePermissionEntries();
@@ -139,7 +143,7 @@ public class PermissionHook implements P
String path = parentPath + '/' + name;
if (isACL.apply(after)) {
PermissionStoreEditor psEditor =
createPermissionStoreEditor(name, after);
- modified.put(psEditor.accessControlledPath, psEditor);
+ modified.put(psEditor.getPath(), psEditor);
} else {
after.compareAgainstBaseState(EMPTY_NODE, new Diff(path));
}
@@ -156,22 +160,22 @@ public class PermissionHook implements P
if (isACL.apply(before)) {
if (isACL.apply(after)) {
PermissionStoreEditor psEditor =
createPermissionStoreEditor(name, after);
- modified.put(psEditor.accessControlledPath, psEditor);
+ modified.put(psEditor.getPath(), psEditor);
// also consider to remove the ACL from removed entries of
other principals
PermissionStoreEditor beforeEditor =
createPermissionStoreEditor(name, before);
-
beforeEditor.entries.keySet().removeAll(psEditor.entries.keySet());
- if (!beforeEditor.entries.isEmpty()) {
+ beforeEditor.removePermissionEntries(psEditor);
+ if (!beforeEditor.isEmpty()) {
deleted.put(parentPath, beforeEditor);
}
} else {
PermissionStoreEditor psEditor =
createPermissionStoreEditor(name, before);
- deleted.put(psEditor.accessControlledPath, psEditor);
+ deleted.put(psEditor.getPath(), psEditor);
}
} else if (isACL.apply(after)) {
PermissionStoreEditor psEditor =
createPermissionStoreEditor(name, after);
- modified.put(psEditor.accessControlledPath, psEditor);
+ modified.put(psEditor.getPath(), psEditor);
} else {
after.compareAgainstBaseState(before, new Diff(path));
}
@@ -187,7 +191,7 @@ public class PermissionHook implements P
String path = parentPath + '/' + name;
if (isACL.apply(before)) {
PermissionStoreEditor psEditor =
createPermissionStoreEditor(name, before);
- deleted.put(psEditor.accessControlledPath, psEditor);
+ deleted.put(psEditor.getPath(), psEditor);
} else {
EMPTY_NODE.compareAgainstBaseState(before, new Diff(path));
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java?rev=1710857&r1=1710856&r2=1710857&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
Tue Oct 27 17:58:21 2015
@@ -21,7 +21,6 @@ import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
-import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
@@ -145,14 +144,7 @@ public class PermissionProviderImpl impl
//--------------------------------------------------------------------------
private static boolean isVersionStorePath(@Nonnull String oakPath) {
- if (oakPath.indexOf(JcrConstants.JCR_SYSTEM) == 1) {
- for (String p : VersionConstants.SYSTEM_PATHS) {
- if (oakPath.startsWith(p)) {
- return true;
- }
- }
- }
- return false;
+ return oakPath.startsWith(VersionConstants.VERSION_STORE_PATH);
}
private boolean isGranted(@Nonnull TreeLocation location, @Nonnull String
oakPath, long permissions) {
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStore.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStore.java?rev=1710857&r1=1710856&r2=1710857&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStore.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStore.java
Tue Oct 27 17:58:21 2015
@@ -17,7 +17,6 @@
package org.apache.jackrabbit.oak.security.authorization.permission;
import java.util.Collection;
-import java.util.Map;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
@@ -27,7 +26,7 @@ import javax.annotation.Nullable;
* The permission store is used to store and provide access control
permissions for principals. It is responsible to
* load and store the permissions in an optimal form in the repository and
must not cache them.
*/
-public interface PermissionStore {
+interface PermissionStore {
long DYNAMIC_ALL_BITS = -1;
@@ -44,8 +43,6 @@ public interface PermissionStore {
@CheckForNull
Collection<PermissionEntry> load(@Nullable Collection<PermissionEntry>
entries, @Nonnull String principalName, @Nonnull String path);
- void load(@Nonnull Map<String, Collection<PermissionEntry>> entries,
@Nonnull String principalName);
-
@Nonnull
PrincipalPermissionEntries load(@Nonnull String principalName);
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditor.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditor.java?rev=1710857&r1=1710856&r2=1710857&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditor.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditor.java
Tue Oct 27 17:58:21 2015
@@ -53,10 +53,9 @@ final class PermissionStoreEditor implem
private static final Logger log =
LoggerFactory.getLogger(PermissionStoreEditor.class);
- final String accessControlledPath;
- final String nodeName;
- final Map<String, List<AcEntry>> entries = Maps.<String,
List<AcEntry>>newHashMap();
-
+ private final String accessControlledPath;
+ private final String nodeName;
+ private final Map<String, List<AcEntry>> entries = Maps.newHashMap();
private final NodeBuilder permissionRoot;
PermissionStoreEditor(@Nonnull String aclPath, @Nonnull String name,
@@ -101,6 +100,18 @@ final class PermissionStoreEditor implem
}
}
+ String getPath() {
+ return accessControlledPath;
+ }
+
+ boolean isEmpty() {
+ return entries.isEmpty();
+ }
+
+ void removePermissionEntries(PermissionStoreEditor otherEditor) {
+ entries.keySet().removeAll(otherEditor.entries.keySet());
+ }
+
void removePermissionEntries() {
for (String principalName : entries.keySet()) {
if (permissionRoot.hasChildNode(principalName)) {
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreImpl.java?rev=1710857&r1=1710856&r2=1710857&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreImpl.java
Tue Oct 27 17:58:21 2015
@@ -41,7 +41,7 @@ import org.slf4j.LoggerFactory;
/**
* {@code PermissionStoreImpl}...
*/
-public class PermissionStoreImpl implements PermissionStore,
PermissionConstants {
+class PermissionStoreImpl implements PermissionStore, PermissionConstants {
/**
* default logger
@@ -57,13 +57,13 @@ public class PermissionStoreImpl impleme
private Tree permissionsTree;
private PrivilegeBits allBits;
- public PermissionStoreImpl(Root root, String workspaceName,
RestrictionProvider restrictionProvider) {
+ PermissionStoreImpl(Root root, String workspaceName, RestrictionProvider
restrictionProvider) {
this.workspaceName = workspaceName;
this.restrictionProvider = restrictionProvider;
reset(root);
}
- protected void flush(@Nonnull Root root) {
+ void flush(@Nonnull Root root) {
principalTreeMap.clear();
reset(root);
}
@@ -73,20 +73,7 @@ public class PermissionStoreImpl impleme
allBits = new
PrivilegeBitsProvider(root).getBits(PrivilegeConstants.JCR_ALL);
}
- @CheckForNull
- private Tree getPrincipalRoot(@Nonnull String principalName) {
- if (principalTreeMap.containsKey(principalName)) {
- return principalTreeMap.get(principalName);
- } else {
- Tree principalRoot =
PermissionUtil.getPrincipalRoot(permissionsTree, principalName);
- if (!principalRoot.exists()) {
- principalRoot = null;
- }
- principalTreeMap.put(principalName, principalRoot);
- return principalRoot;
- }
- }
-
+ //----------------------------------------------------< PermissionStore
>---
@Override
@CheckForNull
public Collection<PermissionEntry> load(@Nullable
Collection<PermissionEntry> entries, @Nonnull String principalName, @Nonnull
String path) {
@@ -111,16 +98,6 @@ public class PermissionStoreImpl impleme
}
@Override
- public void load(@Nonnull Map<String, Collection<PermissionEntry>>
entries, @Nonnull String principalName) {
- Tree principalRoot = getPrincipalRoot(principalName);
- if (principalRoot != null) {
- for (Tree entryTree : principalRoot.getChildren()) {
- loadPermissionEntries(entryTree, entries);
- }
- }
- }
-
- @Override
public long getNumEntries(@Nonnull String principalName, long max) {
// we ignore the hash-collisions here
Tree tree = getPrincipalRoot(principalName);
@@ -131,7 +108,7 @@ public class PermissionStoreImpl impleme
@Nonnull
public PrincipalPermissionEntries load(@Nonnull String principalName) {
long t0 = System.nanoTime();
- PrincipalPermissionEntries ret = new
PrincipalPermissionEntries(principalName);
+ PrincipalPermissionEntries ret = new PrincipalPermissionEntries();
Tree principalRoot = getPrincipalRoot(principalName);
if (principalRoot != null) {
for (Tree entryTree : principalRoot.getChildren()) {
@@ -141,25 +118,44 @@ public class PermissionStoreImpl impleme
ret.setFullyLoaded(true);
long t1 = System.nanoTime();
if (log.isDebugEnabled()) {
- log.debug(String.format("loaded %d entries in %.2fus for %s.%n",
ret.getEntries().size(), (t1 - t0) / 1000.0, principalName));
+ log.debug(String.format("loaded %d entries in %.2fus for %s.%n",
ret.getSize(), (t1 - t0) / 1000.0, principalName));
}
return ret;
}
+ //------------------------------------------------------------< private
>---
+ @CheckForNull
+ private Tree getPrincipalRoot(@Nonnull String principalName) {
+ if (principalTreeMap.containsKey(principalName)) {
+ return principalTreeMap.get(principalName);
+ } else {
+ Tree principalRoot =
PermissionUtil.getPrincipalRoot(permissionsTree, principalName);
+ if (!principalRoot.exists()) {
+ principalRoot = null;
+ }
+ principalTreeMap.put(principalName, principalRoot);
+ return principalRoot;
+ }
+ }
+
private void loadPermissionEntries(@Nonnull Tree tree,
@Nonnull Map<String,
Collection<PermissionEntry>> pathEntryMap) {
String path = TreeUtil.getString(tree,
PermissionConstants.REP_ACCESS_CONTROLLED_PATH);
- Collection<PermissionEntry> entries = pathEntryMap.get(path);
- if (entries == null) {
- entries = new TreeSet<PermissionEntry>();
- pathEntryMap.put(path, entries);
- }
- for (Tree child : tree.getChildren()) {
- if (child.getName().charAt(0) == 'c') {
- loadPermissionEntries(child, pathEntryMap);
- } else {
- entries.add(createPermissionEntry(path, child));
+ if (path != null) {
+ Collection<PermissionEntry> entries = pathEntryMap.get(path);
+ if (entries == null) {
+ entries = new TreeSet<PermissionEntry>();
+ pathEntryMap.put(path, entries);
+ }
+ for (Tree child : tree.getChildren()) {
+ if (child.getName().charAt(0) == 'c') {
+ loadPermissionEntries(child, pathEntryMap);
+ } else {
+ entries.add(createPermissionEntry(path, child));
+ }
}
+ } else {
+ log.error("Permission entry at '{}' without
rep:accessControlledPath property.", tree.getPath());
}
}
@@ -178,18 +174,20 @@ public class PermissionStoreImpl impleme
return ret;
}
+ @Nonnull
private PermissionEntry createPermissionEntry(@Nonnull String path,
@Nonnull Tree entryTree) {
PropertyState ps = entryTree.getProperty(REP_PRIVILEGE_BITS);
PrivilegeBits bits = (isJcrAll(ps)) ? allBits :
PrivilegeBits.getInstance(ps);
+ boolean isAllow = TreeUtil.getBoolean(entryTree, REP_IS_ALLOW);
return new PermissionEntry(path,
- entryTree.getProperty(REP_IS_ALLOW).getValue(Type.BOOLEAN),
+ isAllow,
Integer.parseInt(entryTree.getName()),
bits,
restrictionProvider.getPattern(path, entryTree));
}
- private static boolean isJcrAll(PropertyState property) {
- return property.count() == 1 && property.getValue(Type.LONG, 0) ==
DYNAMIC_ALL_BITS;
+ private static boolean isJcrAll(@CheckForNull PropertyState property) {
+ return property != null && property.count() == 1 &&
property.getValue(Type.LONG, 0) == DYNAMIC_ALL_BITS;
}
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PrincipalPermissionEntries.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PrincipalPermissionEntries.java?rev=1710857&r1=1710856&r2=1710857&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PrincipalPermissionEntries.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PrincipalPermissionEntries.java
Tue Oct 27 17:58:21 2015
@@ -17,7 +17,6 @@
package org.apache.jackrabbit.oak.security.authorization.permission;
import java.util.Collection;
-import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.annotation.Nonnull;
@@ -25,12 +24,7 @@ import javax.annotation.Nonnull;
/**
* {@code PermissionEntries} holds the permission entries of one principal
*/
-public class PrincipalPermissionEntries {
-
- /**
- * principal name
- */
- private final String name;
+class PrincipalPermissionEntries {
/**
* indicating if all entries were loaded.
@@ -42,32 +36,23 @@ public class PrincipalPermissionEntries
*/
private Map<String, Collection<PermissionEntry>> entries = new
HashMap<String, Collection<PermissionEntry>>();
- public PrincipalPermissionEntries(@Nonnull String name) {
- this.name = name;
+ PrincipalPermissionEntries() {
}
- @Nonnull
- public String getName() {
- return name;
+ long getSize() {
+ return entries.size();
}
- public boolean isFullyLoaded() {
+ boolean isFullyLoaded() {
return fullyLoaded;
}
- public void setFullyLoaded(boolean fullyLoaded) {
+ void setFullyLoaded(boolean fullyLoaded) {
this.fullyLoaded = fullyLoaded;
}
@Nonnull
- public Collection<PermissionEntry> getEntries(@Nonnull String path) {
- Collection<PermissionEntry> ret = entries.get(path);
- return ret == null ? Collections.<PermissionEntry>emptyList() : ret;
- }
-
- @Nonnull
- public Map<String, Collection<PermissionEntry>> getEntries() {
+ Map<String, Collection<PermissionEntry>> getEntries() {
return entries;
}
-
}
\ No newline at end of file
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionTreePermission.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionTreePermission.java?rev=1710857&r1=1710856&r2=1710857&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionTreePermission.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionTreePermission.java
Tue Oct 27 17:58:21 2015
@@ -56,6 +56,8 @@ class VersionTreePermission implements T
return new VersionTreePermission(versionTree, delegatee);
}
+ //-----------------------------------------------------< TreePermission
>---
+
@Nonnull
@Override
public TreePermission getChildPermission(@Nonnull String childName,
@Nonnull NodeState childState) {
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImplTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImplTest.java?rev=1710857&r1=1710856&r2=1710857&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImplTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionEntryProviderImplTest.java
Tue Oct 27 17:58:21 2015
@@ -157,16 +157,10 @@ public class PermissionEntryProviderImpl
return null;
}
- @Override
- public void load(@Nonnull Map<String, Collection<PermissionEntry>>
entries,
- @Nonnull String principalName) {
- // ignore
- }
-
@Nonnull
@Override
public PrincipalPermissionEntries load(@Nonnull String principalName) {
- return new PrincipalPermissionEntries(principalName);
+ return new PrincipalPermissionEntries();
}
@Override
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java?rev=1710857&r1=1710856&r2=1710857&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.java
Tue Oct 27 17:58:21 2015
@@ -31,6 +31,8 @@ import org.apache.jackrabbit.oak.api.Tre
import org.apache.jackrabbit.oak.plugins.name.NamespaceConstants;
import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
import org.apache.jackrabbit.oak.plugins.tree.RootFactory;
+import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
+import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
@@ -223,4 +225,13 @@ public class PermissionProviderImplTest
testSession.close();
}
}
+
+ @Test
+ public void testIsGrantedNonExistingVersionStoreLocation() {
+ TreeLocation location = TreeLocation.create(root,
VersionConstants.VERSION_STORE_PATH + "/non/existing/tree");
+ PermissionProvider pp = createPermissionProvider(adminSession);
+
+ assertTrue(pp instanceof PermissionProviderImpl);
+ assertFalse(((PermissionProviderImpl) pp).isGranted(location,
Permissions.ALL));
+ }
}
\ No newline at end of file
