Author: angela
Date: Thu Jan 28 09:43:12 2016
New Revision: 1727293
URL: http://svn.apache.org/viewvc?rev=1727293&view=rev
Log:
OAK-3901 : SecurityProviderRegistration must respect service ranking of
aggregated configurations
OAK-3902 : SecurityProviderRegistration doesn't fill the composite context
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/CompositeTokenConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/package-info.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java
jackrabbit/oak/trunk/oak-pojosr/src/test/groovy/org/apache/jackrabbit/oak/run/osgi/SecurityProviderRegistrationTest.groovy
jackrabbit/oak/trunk/oak-pojosr/src/test/java/org/apache/jackrabbit/oak/run/osgi/OakOSGiRepositoryFactoryTest.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
Thu Jan 28 09:43:12 2016
@@ -103,6 +103,7 @@ import org.apache.jackrabbit.oak.spi.xml
intValue = 100)
})
public class AuthorizationConfigurationImpl extends ConfigurationBase
implements AuthorizationConfiguration {
+
public AuthorizationConfigurationImpl() {
super();
}
@@ -113,7 +114,6 @@ public class AuthorizationConfigurationI
setParameters(ConfigurationParameters.of(properties));
}
-
public AuthorizationConfigurationImpl(SecurityProvider securityProvider) {
super(securityProvider, securityProvider.getParameters(NAME));
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java
Thu Jan 28 09:43:12 2016
@@ -29,6 +29,7 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.CompositeConfiguration;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import
org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration;
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider;
@@ -44,6 +45,10 @@ import org.apache.jackrabbit.oak.spi.sec
*/
public class CompositeAuthorizationConfiguration extends
CompositeConfiguration<AuthorizationConfiguration> implements
AuthorizationConfiguration {
+ public CompositeAuthorizationConfiguration() {
+ super(AuthorizationConfiguration.NAME);
+ }
+
public CompositeAuthorizationConfiguration(@Nonnull SecurityProvider
securityProvider) {
super(AuthorizationConfiguration.NAME, securityProvider);
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java
Thu Jan 28 09:43:12 2016
@@ -29,7 +29,9 @@ import org.apache.felix.scr.annotations.
import org.apache.felix.scr.annotations.References;
import org.apache.jackrabbit.oak.commons.PropertiesUtil;
import org.apache.jackrabbit.oak.osgi.OsgiWhiteboard;
+import
org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
import org.apache.jackrabbit.oak.security.user.UserConfigurationImpl;
+import org.apache.jackrabbit.oak.spi.security.CompositeConfiguration;
import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
@@ -58,12 +60,13 @@ import org.osgi.framework.ServiceRegistr
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.util.ArrayList;
import java.util.Dictionary;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
+import javax.annotation.Nonnull;
+
import static com.google.common.collect.Lists.newArrayList;
import static com.google.common.collect.Lists.newCopyOnWriteArrayList;
@@ -81,10 +84,11 @@ import static com.google.common.collect.
"unless the services identified by these PIDs are " +
"registered first. Only the PIDs of implementations of
" +
"the following interfaces are checked: " +
- "PrincipalConfiguration, TokenConfiguration, " +
- "AuthorizableActionProvider, " +
+ "AuthorizationConfiguration, PrincipalConfiguration, "
+
+ "TokenConfiguration, AuthorizableActionProvider, " +
"RestrictionProvider and UserAuthenticationFactory.",
value = {
+
"org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl",
"org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl",
"org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl",
"org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider",
@@ -96,6 +100,12 @@ import static com.google.common.collect.
})
@References({
@Reference(
+ name = "authorizationConfiguration",
+ referenceInterface = AuthorizationConfiguration.class,
+ cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE,
+ policy = ReferencePolicy.DYNAMIC
+ ),
+ @Reference(
name = "principalConfiguration",
referenceInterface = PrincipalConfiguration.class,
cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE,
@@ -138,9 +148,6 @@ public class SecurityProviderRegistratio
private static final Logger log =
LoggerFactory.getLogger(SecurityProviderRegistration.class);
@Reference
- private AuthorizationConfiguration authorizationConfiguration;
-
- @Reference
private AuthenticationConfiguration authenticationConfiguration;
@Reference
@@ -157,18 +164,17 @@ public class SecurityProviderRegistratio
private final Preconditions preconditions = new Preconditions();
- private final List<PrincipalConfiguration> principalConfigurations =
newCopyOnWriteArrayList();
-
- private final List<TokenConfiguration> tokenConfigurations =
newCopyOnWriteArrayList();
+ private final CompositeAuthorizationConfiguration
authorizationConfiguration = new CompositeAuthorizationConfiguration();
+ private final CompositePrincipalConfiguration principalConfiguration = new
CompositePrincipalConfiguration();
+ private final CompositeTokenConfiguration tokenConfiguration = new
CompositeTokenConfiguration();
private final List<AuthorizableNodeName> authorizableNodeNames =
newCopyOnWriteArrayList();
-
private final List<AuthorizableActionProvider> authorizableActionProviders
= newCopyOnWriteArrayList();
-
private final List<RestrictionProvider> restrictionProviders =
newCopyOnWriteArrayList();
-
private final List<UserAuthenticationFactory> userAuthenticationFactories
= newCopyOnWriteArrayList();
+ //----------------------------------------------------< SCR integration
>---
+
@Activate
public void activate(BundleContext context, Map<String, Object>
configuration) {
String[] requiredServicePids = getRequiredServicePids(configuration);
@@ -219,13 +225,7 @@ public class SecurityProviderRegistratio
}
}
- public void bindAuthorizationConfiguration(AuthorizationConfiguration
authorizationConfiguration) {
- this.authorizationConfiguration = authorizationConfiguration;
- }
-
- public void unbindAuthorizationConfiguration(AuthorizationConfiguration
authorizationConfiguration) {
- this.authorizationConfiguration = null;
- }
+ //--------------------------------------< unary security configurations
>---
public void bindAuthenticationConfiguration(AuthenticationConfiguration
authenticationConfiguration) {
this.authenticationConfiguration = authenticationConfiguration;
@@ -251,42 +251,50 @@ public class SecurityProviderRegistratio
this.userConfiguration = null;
}
- public void bindPrincipalConfiguration(PrincipalConfiguration
principalConfiguration, Map<String, Object> properties) {
- synchronized (this) {
- principalConfigurations.add(principalConfiguration);
- addCandidate(properties);
- }
+ //-----------------------------------< multiple security configurations
>---
- maybeRegister();
+ public void bindAuthorizationConfiguration(AuthorizationConfiguration
configuration, Map<String, Object> properties) {
+ bindConfiguration(authorizationConfiguration, configuration,
properties);
}
- public void unbindPrincipalConfiguration(PrincipalConfiguration
principalConfiguration, Map<String, Object> properties) {
- synchronized (this) {
- principalConfigurations.remove(principalConfiguration);
- removeCandidate(properties);
- }
+ public void unbindAuthorizationConfiguration(AuthorizationConfiguration
configuration, Map<String, Object> properties) {
+ unbindConfiguration(authorizationConfiguration, configuration,
properties);
+ }
- maybeUnregister();
+ public void bindPrincipalConfiguration(PrincipalConfiguration
configuration, Map<String, Object> properties) {
+ bindConfiguration(principalConfiguration, configuration, properties);
}
- public void bindTokenConfiguration(TokenConfiguration tokenConfiguration,
Map<String, Object> properties) {
+ public void unbindPrincipalConfiguration(PrincipalConfiguration
configuration, Map<String, Object> properties) {
+ unbindConfiguration(principalConfiguration, configuration, properties);
+ }
+
+ public void bindTokenConfiguration(TokenConfiguration configuration,
Map<String, Object> properties) {
+ bindConfiguration(tokenConfiguration, configuration, properties);
+ }
+
+ public void unbindTokenConfiguration(TokenConfiguration configuration,
Map<String, Object> properties) {
+ unbindConfiguration(tokenConfiguration, configuration, properties);
+ }
+
+ private void bindConfiguration(@Nonnull CompositeConfiguration composite,
@Nonnull SecurityConfiguration configuration, Map<String, Object> properties) {
synchronized (this) {
- tokenConfigurations.add(tokenConfiguration);
+ composite.addConfiguration(configuration,
ConfigurationParameters.of(properties));
addCandidate(properties);
}
-
maybeRegister();
}
- public void unbindTokenConfiguration(TokenConfiguration
tokenConfiguration, Map<String, Object> properties) {
+ private void unbindConfiguration(@Nonnull CompositeConfiguration
composite, @Nonnull SecurityConfiguration configuration, Map<String, Object>
properties) {
synchronized (this) {
- tokenConfigurations.remove(tokenConfiguration);
+ composite.removeConfiguration(configuration);
removeCandidate(properties);
}
-
maybeUnregister();
}
+ //------------------------------------------------------------< add ons
>---
+
public void bindAuthorizableNodeName(AuthorizableNodeName
authorizableNodeName, Map<String, Object> properties) {
synchronized (this) {
authorizableNodeNames.add(authorizableNodeName);
@@ -469,20 +477,31 @@ public class SecurityProviderRegistratio
log.info("SecurityProvider instance unregistered");
}
- private SecurityProvider createSecurityProvider(BundleContext context) {
+ private SecurityProvider createSecurityProvider(@Nonnull BundleContext
context) {
InternalSecurityProvider securityProvider = new
InternalSecurityProvider();
// Static, mandatory references
securityProvider.setAuthenticationConfiguration(initializeConfiguration(securityProvider,
authenticationConfiguration));
-
securityProvider.setAuthorizationConfiguration(initializeConfiguration(securityProvider,
authorizationConfiguration));
-
securityProvider.setUserConfiguration(initializeConfiguration(securityProvider,
userConfiguration));
securityProvider.setPrivilegeConfiguration(initializeConfiguration(securityProvider,
privilegeConfiguration));
+ ConfigurationParameters userParams = ConfigurationParameters.of(
+
ConfigurationParameters.of(UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER,
createWhiteboardAuthorizableActionProvider()),
+
ConfigurationParameters.of(UserConstants.PARAM_AUTHORIZABLE_NODE_NAME,
createWhiteboardAuthorizableNodeName()),
+
ConfigurationParameters.of(UserConstants.PARAM_USER_AUTHENTICATION_FACTORY,
createWhiteboardUserAuthenticationFactory()));
+
securityProvider.setUserConfiguration(initializeConfiguration(securityProvider,
userConfiguration, userParams));
+
// Multiple, dynamic references
-
securityProvider.setPrincipalConfiguration(createCompositePrincipalConfiguration(securityProvider));
-
securityProvider.setTokenConfiguration(createCompositeTokenConfiguration(securityProvider));
+ ConfigurationParameters restrictionParams =
ConfigurationParameters.of(AccessControlConstants.PARAM_RESTRICTION_PROVIDER,
createWhiteboardRestrictionProvider());
+ initializeConfigurations(securityProvider, authorizationConfiguration,
restrictionParams);
+
securityProvider.setAuthorizationConfiguration(authorizationConfiguration);
+
+ initializeConfigurations(securityProvider, principalConfiguration,
ConfigurationParameters.EMPTY);
+ securityProvider.setPrincipalConfiguration(principalConfiguration);
+
+ initializeConfigurations(securityProvider, tokenConfiguration,
ConfigurationParameters.EMPTY);
+ securityProvider.setTokenConfiguration(tokenConfiguration);
// Whiteboard
@@ -491,59 +510,11 @@ public class SecurityProviderRegistratio
return securityProvider;
}
- private PrincipalConfiguration
createCompositePrincipalConfiguration(SecurityProvider securityProvider) {
- return new CompositePrincipalConfiguration(securityProvider) {
-
- @Override
- protected List<PrincipalConfiguration> getConfigurations() {
- ArrayList<PrincipalConfiguration> configurations =
newArrayList(principalConfigurations);
-
- for (PrincipalConfiguration configuration : configurations) {
- initializeConfiguration(getSecurityProvider(),
configuration);
- }
-
- return configurations;
- }
-
- };
- }
-
- private TokenConfiguration
createCompositeTokenConfiguration(SecurityProvider securityProvider) {
- return new CompositeTokenConfiguration(securityProvider) {
-
- @Override
- protected List<TokenConfiguration> getConfigurations() {
- List<TokenConfiguration> configurations =
newArrayList(tokenConfigurations);
-
- for (TokenConfiguration configuration : configurations) {
- initializeConfiguration(getSecurityProvider(),
configuration);
- }
-
- return configurations;
- }
-
- };
- }
-
- private AuthorizationConfiguration
initializeConfiguration(SecurityProvider securityProvider,
AuthorizationConfiguration authorizationConfiguration) {
- return initializeConfiguration(securityProvider,
authorizationConfiguration, ConfigurationParameters.of(
- AccessControlConstants.PARAM_RESTRICTION_PROVIDER,
createCompositeRestrictionProvider()
- ));
- }
-
- private UserConfiguration initializeConfiguration(SecurityProvider
securityProvider, UserConfiguration userConfiguration) {
- return initializeConfiguration(securityProvider, userConfiguration,
ConfigurationParameters.of(
-
ConfigurationParameters.of(UserConstants.PARAM_AUTHORIZABLE_ACTION_PROVIDER,
createCompositeAuthorizableActionProvider()),
-
ConfigurationParameters.of(UserConstants.PARAM_AUTHORIZABLE_NODE_NAME,
createCompositeAuthorizableNodeName()),
-
ConfigurationParameters.of(UserConstants.PARAM_USER_AUTHENTICATION_FACTORY,
createCompositeUserAuthenticationFactory())
- ));
- }
-
- private <T extends SecurityConfiguration> T
initializeConfiguration(SecurityProvider securityProvider, T configuration) {
+ private static <T extends SecurityConfiguration> T
initializeConfiguration(@Nonnull SecurityProvider securityProvider, @Nonnull T
configuration) {
return initializeConfiguration(securityProvider, configuration,
ConfigurationParameters.EMPTY);
}
- private <T extends SecurityConfiguration> T
initializeConfiguration(SecurityProvider securityProvider, T configuration,
ConfigurationParameters parameters) {
+ private static <T extends SecurityConfiguration> T
initializeConfiguration(@Nonnull SecurityProvider securityProvider, @Nonnull T
configuration, @Nonnull ConfigurationParameters parameters) {
if (configuration instanceof ConfigurationBase) {
ConfigurationBase base = (ConfigurationBase) configuration;
base.setSecurityProvider(securityProvider);
@@ -553,7 +524,17 @@ public class SecurityProviderRegistratio
return configuration;
}
- private RestrictionProvider createCompositeRestrictionProvider() {
+ private static void initializeConfigurations(@Nonnull SecurityProvider
securityProvider,
+ @Nonnull
CompositeConfiguration configuration,
+ @Nonnull
ConfigurationParameters parameters) {
+ configuration.setSecurityProvider(securityProvider);
+ List<? extends SecurityConfiguration> configs =
configuration.getConfigurations();
+ for (SecurityConfiguration config : configs) {
+ initializeConfiguration(securityProvider, config, parameters);
+ }
+ }
+
+ private RestrictionProvider createWhiteboardRestrictionProvider() {
return new WhiteboardRestrictionProvider() {
@Override
@@ -564,7 +545,7 @@ public class SecurityProviderRegistratio
};
}
- private AuthorizableActionProvider
createCompositeAuthorizableActionProvider() {
+ private AuthorizableActionProvider
createWhiteboardAuthorizableActionProvider() {
return new WhiteboardAuthorizableActionProvider() {
@Override
@@ -575,7 +556,7 @@ public class SecurityProviderRegistratio
};
}
- private AuthorizableNodeName createCompositeAuthorizableNodeName() {
+ private AuthorizableNodeName createWhiteboardAuthorizableNodeName() {
return new WhiteboardAuthorizableNodeName() {
@Override
@@ -586,7 +567,7 @@ public class SecurityProviderRegistratio
};
}
- private UserAuthenticationFactory
createCompositeUserAuthenticationFactory() {
+ private UserAuthenticationFactory
createWhiteboardUserAuthenticationFactory() {
return new
WhiteboardUserAuthenticationFactory(UserConfigurationImpl.getDefaultAuthenticationFactory())
{
@Override
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/CompositeConfiguration.java
Thu Jan 28 09:43:12 2016
@@ -43,6 +43,7 @@ import org.apache.jackrabbit.oak.spi.lif
import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
+import org.osgi.framework.Constants;
/**
* Abstract base implementation for {@link SecurityConfiguration}s that can
@@ -66,11 +67,16 @@ public abstract class CompositeConfigura
private final List<T> configurations = new CopyOnWriteArrayList<T>();
private final String name;
- private final SecurityProvider securityProvider;
private final CompositeContext ctx = new CompositeContext();
+ private SecurityProvider securityProvider;
+
private T defaultConfig;
+ public CompositeConfiguration(@Nonnull String name) {
+ this.name = name;
+ }
+
public CompositeConfiguration(@Nonnull String name, @Nonnull
SecurityProvider securityProvider) {
this.name = name;
this.securityProvider = securityProvider;
@@ -87,7 +93,14 @@ public abstract class CompositeConfigura
}
public void addConfiguration(@Nonnull T configuration) {
+ addConfiguration(configuration, ConfigurationParameters.EMPTY);
+ }
+
+ public void addConfiguration(@Nonnull T configuration, @Nonnull
ConfigurationParameters params) {
int ranking =
configuration.getParameters().getConfigValue(PARAM_RANKING, NO_RANKING);
+ if (ranking == NO_RANKING) {
+ ranking = params.getConfigValue(Constants.SERVICE_RANKING,
NO_RANKING);
+ }
if (ranking == NO_RANKING || configurations.isEmpty()) {
configurations.add(configuration);
} else {
@@ -110,7 +123,8 @@ public abstract class CompositeConfigura
ctx.refresh(configurations);
}
- protected List<T> getConfigurations() {
+ @Nonnull
+ public List<T> getConfigurations() {
if (configurations.isEmpty() && defaultConfig != null) {
return ImmutableList.of(defaultConfig);
} else {
@@ -118,7 +132,15 @@ public abstract class CompositeConfigura
}
}
+ public void setSecurityProvider(@Nonnull SecurityProvider
securityProvider) {
+ this.securityProvider = securityProvider;
+ }
+
+ @Nonnull
protected SecurityProvider getSecurityProvider() {
+ if (securityProvider == null) {
+ throw new IllegalStateException("SecurityProvider missing =>
CompositeConfiguration is not ready.");
+ }
return securityProvider;
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/CompositeTokenConfiguration.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/CompositeTokenConfiguration.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/CompositeTokenConfiguration.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/CompositeTokenConfiguration.java
Thu Jan 28 09:43:12 2016
@@ -30,6 +30,10 @@ import org.apache.jackrabbit.oak.spi.sec
*/
public class CompositeTokenConfiguration extends
CompositeConfiguration<TokenConfiguration> implements TokenConfiguration {
+ public CompositeTokenConfiguration() {
+ super(TokenConfiguration.NAME);
+ }
+
public CompositeTokenConfiguration(@Nonnull SecurityProvider
securityProvider) {
super(TokenConfiguration.NAME, securityProvider);
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/token/package-info.java
Thu Jan 28 09:43:12 2016
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("1.3.0")
+@Version("1.4.0")
@Export(optional = "provide:=true")
package org.apache.jackrabbit.oak.spi.security.authentication.token;
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/package-info.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/package-info.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/package-info.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/package-info.java
Thu Jan 28 09:43:12 2016
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("2.0.0")
+@Version("2.1.0")
@Export(optional = "provide:=true")
package org.apache.jackrabbit.oak.spi.security;
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalConfiguration.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalConfiguration.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalConfiguration.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalConfiguration.java
Thu Jan 28 09:43:12 2016
@@ -32,6 +32,10 @@ import org.apache.jackrabbit.oak.spi.sec
*/
public class CompositePrincipalConfiguration extends
CompositeConfiguration<PrincipalConfiguration> implements
PrincipalConfiguration {
+ public CompositePrincipalConfiguration() {
+ super(PrincipalConfiguration.NAME);
+ }
+
public CompositePrincipalConfiguration(@Nonnull SecurityProvider
securityProvider) {
super(PrincipalConfiguration.NAME, securityProvider);
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java
Thu Jan 28 09:43:12 2016
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("1.2.0")
+@Version("1.3.0")
@Export(optional = "provide:=true")
package org.apache.jackrabbit.oak.spi.security.principal;
Added:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java?rev=1727293&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java
(added)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java
Thu Jan 28 09:43:12 2016
@@ -0,0 +1,270 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.internal;
+
+import java.lang.reflect.Field;
+import java.security.Principal;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import javax.annotation.Nonnull;
+import javax.jcr.security.AccessControlManager;
+
+import com.google.common.collect.ImmutableMap;
+import org.apache.jackrabbit.api.security.principal.PrincipalManager;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
+import
org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl;
+import
org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
+import org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl;
+import org.apache.jackrabbit.oak.spi.security.CompositeConfiguration;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.Context;
+import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
+import
org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
+import
org.apache.jackrabbit.oak.spi.security.principal.CompositePrincipalConfiguration;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
+import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
+import org.junit.Test;
+import org.osgi.framework.Constants;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertTrue;
+
+public class SecurityProviderRegistrationTest extends AbstractSecurityTest {
+
+ private static final Map<String, Object> PROPS = ImmutableMap.<String,
Object>of("prop", "val");
+
+ private SecurityProviderRegistration registration = new
SecurityProviderRegistration();
+
+ private static void assertContext(@Nonnull Context context, int
expectedSize, @Nonnull Tree tree, boolean isDefined) throws Exception {
+ Class c = context.getClass();
+ assertTrue(c.getName().endsWith("CompositeContext"));
+
+ Field f = c.getDeclaredField("delegatees");
+ f.setAccessible(true);
+
+ if (expectedSize == 0) {
+ assertNull(f.get(context));
+ } else {
+ assertEquals(expectedSize, ((Context[]) f.get(context)).length);
+ }
+
+ assertEquals(isDefined, context.definesContextRoot(tree));
+ assertEquals(isDefined, context.definesTree(tree));
+ assertEquals(isDefined, context.definesProperty(tree,
PropertyStates.createProperty("abc", "abc")));
+ assertEquals(isDefined,
context.definesLocation(TreeLocation.create(tree)));
+ }
+
+ @Test
+ public void testAuthorizationRanking() throws Exception {
+ Field f =
registration.getClass().getDeclaredField("authorizationConfiguration");
+ f.setAccessible(true);
+
+ AuthorizationConfiguration testAc = new
TestAuthorizationConfiguration();
+ registration.bindAuthorizationConfiguration(testAc,
ConfigurationParameters.EMPTY);
+
+ AuthorizationConfigurationImpl ac = new
AuthorizationConfigurationImpl();
+
ac.setParameters(ConfigurationParameters.of(CompositeConfiguration.PARAM_RANKING,
500));
+ registration.bindAuthorizationConfiguration(ac, PROPS);
+
+ AuthorizationConfiguration testAc2 = new
TestAuthorizationConfiguration();
+ Map<String, Object> props = ImmutableMap.<String,
Object>of(Constants.SERVICE_RANKING, new Integer(100));
+ registration.bindAuthorizationConfiguration(testAc2, props);
+
+ CompositeAuthorizationConfiguration cac =
(CompositeAuthorizationConfiguration) f.get(registration);
+
+ List<AuthorizationConfiguration> list = cac.getConfigurations();
+ assertEquals(3, list.size());
+
+ assertSame(ac, list.get(0));
+ assertSame(testAc2, list.get(1));
+ assertSame(testAc, list.get(2));
+ }
+
+ @Test
+ public void testAuthorizationContext() throws Exception {
+ Tree t = root.getTree("/");
+
+ Field f =
registration.getClass().getDeclaredField("authorizationConfiguration");
+ f.setAccessible(true);
+
+ AuthorizationConfiguration ac = new AuthorizationConfigurationImpl();
+ registration.bindAuthorizationConfiguration(ac, PROPS);
+ CompositeAuthorizationConfiguration cac =
(CompositeAuthorizationConfiguration) f.get(registration);
+ Context ctx = cac.getContext();
+ assertContext(ctx, 1, t, false);
+
+ AuthorizationConfiguration ac1 = new TestAuthorizationConfiguration();
+ registration.bindAuthorizationConfiguration(ac1, PROPS);
+ cac = (CompositeAuthorizationConfiguration) f.get(registration);
+ ctx = cac.getContext();
+ assertContext(ctx, 2, t, true);
+
+ AuthorizationConfiguration ac2 = new TestAuthorizationConfiguration();
+ registration.bindAuthorizationConfiguration(ac2, PROPS);
+ cac = (CompositeAuthorizationConfiguration) f.get(registration);
+ ctx = cac.getContext();
+ assertContext(ctx, 3, t, true);
+
+ // unbind again:
+
+ registration.unbindAuthorizationConfiguration(ac1, PROPS);
+ cac = (CompositeAuthorizationConfiguration) f.get(registration);
+ ctx = cac.getContext();
+ assertContext(ctx, 2, t, true);
+
+ registration.unbindAuthorizationConfiguration(ac, PROPS);
+ cac = (CompositeAuthorizationConfiguration) f.get(registration);
+ ctx = cac.getContext();
+ assertContext(ctx, 1, t, true);
+
+ registration.unbindAuthorizationConfiguration(ac2, PROPS);
+ cac = (CompositeAuthorizationConfiguration) f.get(registration);
+ ctx = cac.getContext();
+ assertContext(ctx, 0, t, false);
+ }
+
+ @Test
+ public void testPrincipalContext() throws Exception {
+ Tree t = root.getTree("/");
+
+ Field f =
registration.getClass().getDeclaredField("principalConfiguration");
+ f.setAccessible(true);
+
+ PrincipalConfiguration pc = new PrincipalConfigurationImpl();
+ registration.bindPrincipalConfiguration(pc, PROPS);
+ CompositePrincipalConfiguration cpc =
(CompositePrincipalConfiguration) f.get(registration);
+ Context ctx = cpc.getContext();
+ // expected size = 0 because PrincipalConfigurationImpl comes with the
default ctx
+ assertContext(ctx, 0, t, false);
+
+ PrincipalConfiguration pc1 = new TestPrincipalConfiguration();
+ registration.bindPrincipalConfiguration(pc1, PROPS);
+ cpc = (CompositePrincipalConfiguration) f.get(registration);
+ ctx = cpc.getContext();
+ // expected size 1 because the PrincipalConfigurationImpl comes with
the default ctx
+ assertContext(ctx, 1, t, true);
+
+ PrincipalConfiguration pc2 = new TestPrincipalConfiguration();
+ registration.bindPrincipalConfiguration(pc2, PROPS);
+ cpc = (CompositePrincipalConfiguration) f.get(registration);
+ ctx = cpc.getContext();
+ assertContext(ctx, 2, t, true);
+
+ // unbind again:
+
+ registration.unbindPrincipalConfiguration(pc, PROPS);
+ cpc = (CompositePrincipalConfiguration) f.get(registration);
+ ctx = cpc.getContext();
+ assertContext(ctx, 2, t, true);
+
+ registration.unbindPrincipalConfiguration(pc1, PROPS);
+ cpc = (CompositePrincipalConfiguration) f.get(registration);
+ ctx = cpc.getContext();
+ assertContext(ctx, 1, t, true);
+
+ registration.unbindPrincipalConfiguration(pc2, PROPS);
+ cpc = (CompositePrincipalConfiguration) f.get(registration);
+ ctx = cpc.getContext();
+ assertContext(ctx, 0, t, false);
+ }
+
+ private class TestAuthorizationConfiguration extends ConfigurationBase
implements AuthorizationConfiguration {
+
+ @Nonnull
+ @Override
+ public AccessControlManager getAccessControlManager(@Nonnull Root
root, @Nonnull NamePathMapper namePathMapper) {
+ return null;
+ }
+
+ @Nonnull
+ @Override
+ public RestrictionProvider getRestrictionProvider() {
+ return null;
+ }
+
+ @Nonnull
+ @Override
+ public PermissionProvider getPermissionProvider(@Nonnull Root root,
@Nonnull String workspaceName, @Nonnull Set<Principal> principals) {
+ return null;
+ }
+
+ @Nonnull
+ @Override
+ public Context getContext() {
+ return new ContextImpl();
+ }
+ }
+
+ private class TestPrincipalConfiguration extends ConfigurationBase
implements PrincipalConfiguration {
+ @Nonnull
+ @Override
+ public PrincipalManager getPrincipalManager(Root root, NamePathMapper
namePathMapper) {
+ return null;
+ }
+
+ @Nonnull
+ @Override
+ public PrincipalProvider getPrincipalProvider(Root root,
NamePathMapper namePathMapper) {
+ return null;
+ }
+
+ @Nonnull
+ @Override
+ public Context getContext() {
+ return new ContextImpl();
+ }
+ }
+
+ private static class ContextImpl implements Context {
+
+ @Override
+ public boolean definesProperty(@Nonnull Tree parent, @Nonnull
PropertyState property) {
+ return true;
+ }
+
+ @Override
+ public boolean definesContextRoot(@Nonnull Tree tree) {
+ return true;
+ }
+
+ @Override
+ public boolean definesTree(@Nonnull Tree tree) {
+ return true;
+ }
+
+ @Override
+ public boolean definesLocation(@Nonnull TreeLocation location) {
+ return true;
+ }
+
+ @Override
+ public boolean definesInternal(@Nonnull Tree tree) {
+ return true;
+ }
+ }
+}
\ No newline at end of file
Modified:
jackrabbit/oak/trunk/oak-pojosr/src/test/groovy/org/apache/jackrabbit/oak/run/osgi/SecurityProviderRegistrationTest.groovy
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-pojosr/src/test/groovy/org/apache/jackrabbit/oak/run/osgi/SecurityProviderRegistrationTest.groovy?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-pojosr/src/test/groovy/org/apache/jackrabbit/oak/run/osgi/SecurityProviderRegistrationTest.groovy
(original)
+++
jackrabbit/oak/trunk/oak-pojosr/src/test/groovy/org/apache/jackrabbit/oak/run/osgi/SecurityProviderRegistrationTest.groovy
Thu Jan 28 09:43:12 2016
@@ -17,6 +17,8 @@
package org.apache.jackrabbit.oak.run.osgi
import org.apache.felix.connect.launch.PojoServiceRegistry
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters
+import org.apache.jackrabbit.oak.spi.security.Context
import org.apache.jackrabbit.oak.spi.security.SecurityProvider
import
org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration
@@ -33,6 +35,7 @@ import org.osgi.service.cm.Configuration
import java.util.concurrent.TimeUnit
import static org.mockito.Mockito.mock
+import static org.mockito.Mockito.when
class SecurityProviderRegistrationTest extends AbstractRepositoryFactoryTest {
@@ -54,11 +57,28 @@ class SecurityProviderRegistrationTest e
/**
* A SecurityProvider shouldn't start without a required
+ * AuthorizationConfiguration service.
+ */
+ @Test
+ public void testRequiredAuthorizationConfigurationNotAvailable() {
+ def m = mock(AuthorizationConfiguration)
+ when(m.getParameters()).thenReturn(ConfigurationParameters.EMPTY)
+ when(m.getContext()).thenReturn(Context.DEFAULT)
+
+ testRequiredService(AuthorizationConfiguration, m)
+ }
+
+ /**
+ * A SecurityProvider shouldn't start without a required
* PrincipalConfiguration service.
*/
@Test
public void testRequiredPrincipalConfigurationNotAvailable() {
- testRequiredService(PrincipalConfiguration,
mock(PrincipalConfiguration))
+ def m = mock(PrincipalConfiguration)
+ when(m.getParameters()).thenReturn(ConfigurationParameters.EMPTY)
+ when(m.getContext()).thenReturn(Context.DEFAULT)
+
+ testRequiredService(PrincipalConfiguration, m)
}
/**
@@ -67,7 +87,11 @@ class SecurityProviderRegistrationTest e
*/
@Test
public void testRequiredTokenConfigurationNotAvailable() {
- testRequiredService(TokenConfiguration, mock(TokenConfiguration))
+ def m = mock(TokenConfiguration)
+ when(m.getParameters()).thenReturn(ConfigurationParameters.EMPTY)
+ when(m.getContext()).thenReturn(Context.DEFAULT)
+
+ testRequiredService(TokenConfiguration, m)
}
/**
@@ -113,22 +137,40 @@ class SecurityProviderRegistrationTest e
@Test
public void testMultipleRequiredServices() {
- // Set up the SecurityProvider to require three services
+ // Set up the SecurityProvider to require 4 services
- setRequiredServicePids("test.RequiredPrincipalConfiguration",
"test.RequiredTokenConfiguration", "test.AuthorizableNodeName")
+ setRequiredServicePids(
+ "test.RequiredAuthorizationConfiguration",
+ "test.RequiredPrincipalConfiguration",
+ "test.RequiredTokenConfiguration",
+ "test.RestrictionProvider")
TimeUnit.MILLISECONDS.sleep(500)
assert securityProviderServiceReferences == null
// Start the services and verify that only at the end the
// SecurityProvider registers itself
+ def ac = mock(AuthorizationConfiguration)
+ when(ac.getParameters()).thenReturn(ConfigurationParameters.EMPTY)
+ when(ac.getContext()).thenReturn(Context.DEFAULT)
+
+ registry.registerService(AuthorizationConfiguration.class.name, ac,
dict("service.pid": "test.RequiredAuthorizationConfiguration"))
+ assert securityProviderServiceReferences == null
+
+ def pc = mock(PrincipalConfiguration)
+ when(pc.getParameters()).thenReturn(ConfigurationParameters.EMPTY)
+ when(pc.getContext()).thenReturn(Context.DEFAULT)
- registry.registerService(PrincipalConfiguration.class.name,
mock(PrincipalConfiguration), dict("service.pid":
"test.RequiredPrincipalConfiguration"))
+ registry.registerService(PrincipalConfiguration.class.name, pc,
dict("service.pid": "test.RequiredPrincipalConfiguration"))
assert securityProviderServiceReferences == null
- registry.registerService(TokenConfiguration.class.name,
mock(TokenConfiguration), dict("service.pid":
"test.RequiredTokenConfiguration"))
+ def tc = mock(TokenConfiguration)
+ when(tc.getParameters()).thenReturn(ConfigurationParameters.EMPTY)
+ when(tc.getContext()).thenReturn(Context.DEFAULT)
+
+ registry.registerService(TokenConfiguration.class.name, tc,
dict("service.pid": "test.RequiredTokenConfiguration"))
assert securityProviderServiceReferences == null
- registry.registerService(TokenConfiguration.class.name,
mock(TokenConfiguration), dict("service.pid": "test.AuthorizableNodeName"))
+ registry.registerService(RestrictionProvider.class.name,
mock(RestrictionProvider), dict("service.pid": "test.RestrictionProvider"))
assert securityProviderServiceReferences != null
}
Modified:
jackrabbit/oak/trunk/oak-pojosr/src/test/java/org/apache/jackrabbit/oak/run/osgi/OakOSGiRepositoryFactoryTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-pojosr/src/test/java/org/apache/jackrabbit/oak/run/osgi/OakOSGiRepositoryFactoryTest.java?rev=1727293&r1=1727292&r2=1727293&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-pojosr/src/test/java/org/apache/jackrabbit/oak/run/osgi/OakOSGiRepositoryFactoryTest.java
(original)
+++
jackrabbit/oak/trunk/oak-pojosr/src/test/java/org/apache/jackrabbit/oak/run/osgi/OakOSGiRepositoryFactoryTest.java
Thu Jan 28 09:43:12 2016
@@ -49,7 +49,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
import
org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableActionProvider;
import org.junit.Before;
-import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.TemporaryFolder;