Author: angela
Date: Mon Nov 30 17:17:13 2015
New Revision: 1717297

URL: http://svn.apache.org/viewvc?rev=1717297&view=rev
Log:
OAK-3700 : authorization setup for closed user groups (follow up)

Modified:
    
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugPolicy.java
    
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
    
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/package-info.java
    
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java

Modified: 
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugPolicy.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugPolicy.java?rev=1717297&r1=1717296&r2=1717297&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugPolicy.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/CugPolicy.java
 Mon Nov 30 17:17:13 2015
@@ -16,11 +16,6 @@
  */
 package org.apache.jackrabbit.oak.spi.security.authorization.cug;
 
-import java.security.Principal;
-import java.util.Set;
-import javax.annotation.Nonnull;
-import javax.jcr.security.AccessControlException;
-
 import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
 import org.apache.jackrabbit.api.security.authorization.PrincipalSetPolicy;
 
@@ -29,35 +24,4 @@ import org.apache.jackrabbit.api.securit
  */
 public interface CugPolicy extends PrincipalSetPolicy, 
JackrabbitAccessControlPolicy {
 
-    /**
-     * Returns the set of {@code Principal}s that are allowed to access the 
items
-     * in the restricted area defined by this policy.
-     *
-     * @return The set of {@code Principal}s that are allowed to access the
-     * restricted area.
-     */
-    @Nonnull
-    Set<Principal> getPrincipals();
-
-    /**
-     * Add {@code Principal}s that are allowed to access the restricted area.
-     *
-     * @param principals The {@code Principal}s that are granted read access.
-     * @return {@code true} if this policy was modified; {@code false} 
otherwise.
-     * @throws AccessControlException If any of the specified principals is
-     * invalid.
-     */
-    boolean addPrincipals(@Nonnull Principal... principals) throws 
AccessControlException;
-
-    /**
-     * Remove the specified {@code Principal}s for the set of allowed 
principals
-     * thus revoking their ability to read items in the restricted area defined
-     * by this policy.
-     *
-     * @param principals The {@code Principal}s for which access should be 
revoked.
-     * @return {@code true} if this policy was modified; {@code false} 
otherwise.
-     * @throws  AccessControlException If an error occurs.
-     */
-    boolean removePrincipals(@Nonnull Principal... principals) throws 
AccessControlException;
-
 }

Modified: 
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java?rev=1717297&r1=1717296&r2=1717297&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
 Mon Nov 30 17:17:13 2015
@@ -19,27 +19,23 @@ package org.apache.jackrabbit.oak.spi.se
 import java.io.IOException;
 import java.security.Principal;
 import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
 import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 import javax.annotation.Nonnull;
 import javax.jcr.RepositoryException;
 import javax.jcr.security.AccessControlManager;
-import javax.security.auth.Subject;
-import javax.security.auth.login.LoginException;
 
 import com.google.common.collect.ImmutableList;
 import org.apache.felix.scr.annotations.Activate;
 import org.apache.felix.scr.annotations.Component;
-import org.apache.felix.scr.annotations.ConfigurationPolicy;
 import org.apache.felix.scr.annotations.Properties;
 import org.apache.felix.scr.annotations.Property;
 import org.apache.felix.scr.annotations.Reference;
+import org.apache.felix.scr.annotations.ReferenceCardinality;
 import org.apache.felix.scr.annotations.Service;
 import org.apache.jackrabbit.oak.api.CommitFailedException;
-import org.apache.jackrabbit.oak.api.ContentRepository;
-import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
 import org.apache.jackrabbit.oak.plugins.memory.MemoryNodeStore;
@@ -57,7 +53,6 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.Context;
 import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
-import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject;
 import 
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
 import org.apache.jackrabbit.oak.spi.security.authorization.cug.CugExclude;
 import 
org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider;
@@ -71,8 +66,7 @@ import org.apache.jackrabbit.oak.spi.xml
 
 @Component(metatype = true,
         label = "Apache Jackrabbit Oak CUG Configuration",
-        description = "Authorization configuration dedicated to setup and 
evaluate 'Closed User Group' permissions.",
-        policy = ConfigurationPolicy.REQUIRE)
+        description = "Authorization configuration dedicated to setup and 
evaluate 'Closed User Group' permissions.")
 @Service({AuthorizationConfiguration.class, SecurityConfiguration.class})
 @Properties({
         @Property(name = CugConstants.PARAM_CUG_SUPPORTED_PATHS,
@@ -80,7 +74,7 @@ import org.apache.jackrabbit.oak.spi.xml
                 description = "Paths under which CUGs can be created and will 
be evaluated.",
                 cardinality = Integer.MAX_VALUE),
         @Property(name = CugConstants.PARAM_CUG_ENABLED,
-                label = "CUG Enabled",
+                label = "CUG Evaluation Enabled",
                 description = "Flag to enable the evaluation of the configured 
CUG policies.",
                 boolValue = false),
         @Property(name = CompositeConfiguration.PARAM_RANKING,
@@ -90,14 +84,11 @@ import org.apache.jackrabbit.oak.spi.xml
 })
 public class CugConfiguration extends ConfigurationBase implements 
AuthorizationConfiguration, CugConstants {
 
-    @Reference
-    private ContentRepository repository;
-
     /**
      * Reference to services implementing {@link 
org.apache.jackrabbit.oak.spi.security.authorization.cug.CugExclude}.
      */
-    @Reference
-    private CugExclude exclude = new CugExclude.Default();
+    @Reference(cardinality = ReferenceCardinality.OPTIONAL_UNARY)
+    private CugExclude exclude;
 
     @SuppressWarnings("UnusedDeclaration")
     public CugConfiguration() {
@@ -181,24 +172,8 @@ public class CugConfiguration extends Co
     //----------------------------------------------------< SCR Integration 
>---
     @SuppressWarnings("UnusedDeclaration")
     @Activate
-    protected void activate() throws IOException, CommitFailedException, 
PrivilegedActionException, RepositoryException {
-        ContentSession systemSession = null;
-        try {
-            systemSession = Subject.doAs(SystemSubject.INSTANCE, new 
PrivilegedExceptionAction<ContentSession>() {
-                @Override
-                public ContentSession run() throws LoginException, 
RepositoryException {
-                    return repository.login(null, null);
-                }
-            });
-            final Root root = systemSession.getLatestRoot();
-            if (CugUtil.registerCugNodeTypes(root)) {
-                root.commit();
-            }
-        } finally {
-            if (systemSession != null) {
-                systemSession.close();
-            }
-        }
+    protected void activate(Map<String, Object> properties) throws 
IOException, CommitFailedException, PrivilegedActionException, 
RepositoryException {
+        setParameters(ConfigurationParameters.of(properties));
     }
 
     
//--------------------------------------------------------------------------

Modified: 
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/package-info.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/package-info.java?rev=1717297&r1=1717296&r2=1717297&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/package-info.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/package-info.java
 Mon Nov 30 17:17:13 2015
@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-@Version("1.4.0")
+@Version("2.0.0")
 @Export(optional = "provide:=true")
 package org.apache.jackrabbit.oak.spi.security.authorization.cug;
 

Modified: 
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java?rev=1717297&r1=1717296&r2=1717297&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java
 Mon Nov 30 17:17:13 2015
@@ -16,26 +16,18 @@
  */
 package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;
 
-import java.lang.reflect.Field;
 import java.security.Principal;
 import java.util.List;
 import java.util.Set;
-import javax.jcr.GuestCredentials;
 import javax.jcr.security.AccessControlManager;
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 import org.apache.jackrabbit.oak.AbstractSecurityTest;
-import org.apache.jackrabbit.oak.Oak;
-import org.apache.jackrabbit.oak.api.ContentRepository;
-import org.apache.jackrabbit.oak.api.ContentSession;
 import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
-import org.apache.jackrabbit.oak.plugins.nodetype.write.InitialContent;
 import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
-import org.apache.jackrabbit.oak.spi.security.OpenSecurityProvider;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import 
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
 import 
org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider;
@@ -164,28 +156,4 @@ public class CugConfigurationTest extend
             assertSame(EmptyPermissionProvider.getInstance(), pp);
         }
     }
-
-    @Test
-    public void testActivate() throws Exception {
-        SecurityProvider sp = new OpenSecurityProvider();
-        ContentRepository repo = new Oak().with(sp).with(new 
InitialContent()).createContentRepository();
-        ContentSession cs = null;
-        try {
-            Field repoField = 
CugConfiguration.class.getDeclaredField("repository");
-            repoField.setAccessible(true);
-
-            CugConfiguration cc = new CugConfiguration(sp);
-            repoField.set(cc, repo);
-
-            cc.activate();
-
-            cs = repo.login(new GuestCredentials(), null);
-            ReadOnlyNodeTypeManager ntMgr = 
ReadOnlyNodeTypeManager.getInstance(cs.getLatestRoot(), NamePathMapper.DEFAULT);
-            assertTrue(ntMgr.hasNodeType(CugConstants.NT_REP_CUG_POLICY));
-        } finally {
-            if (cs != null) {
-                cs.close();
-            }
-        }
-    }
 }
\ No newline at end of file


Reply via email to