Author: dj
Date: Tue Apr 19 12:32:27 2016
New Revision: 1739921
URL: http://svn.apache.org/viewvc?rev=1739921&view=rev
Log:
OAK-4235 - Backport OAK-4003 to 1.4 branch
Added:
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractGroupAction.java
- copied unchanged from r1735564,
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/AbstractGroupAction.java
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/GroupAction.java
- copied, changed from r1735564,
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/GroupAction.java
jackrabbit/oak/branches/1.4/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/GroupActionBestEffortTest.java
- copied unchanged from r1735564,
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/GroupActionBestEffortTest.java
jackrabbit/oak/branches/1.4/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/GroupActionTest.java
- copied unchanged from r1735564,
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/spi/security/user/action/GroupActionTest.java
jackrabbit/oak/branches/1.4/oak-doc/src/site/markdown/security/user/groupaction.md
- copied, changed from r1735564,
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/groupaction.md
jackrabbit/oak/branches/1.4/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImportWithActionsBestEffortTest.java
- copied unchanged from r1735564,
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImportWithActionsBestEffortTest.java
jackrabbit/oak/branches/1.4/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImportWithActionsTest.java
- copied unchanged from r1735564,
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupImportWithActionsTest.java
Modified:
jackrabbit/oak/branches/1.4/ (props changed)
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/package-info.java
jackrabbit/oak/branches/1.4/oak-doc/src/site/markdown/security/user.md
Propchange: jackrabbit/oak/branches/1.4/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Apr 19 12:32:27 2016
@@ -1,3 +1,3 @@
/jackrabbit/oak/branches/1.0:1665962
-/jackrabbit/oak/trunk:1733615,1733875,1733913,1734230,1734254,1735052,1735405,1735484,1735549,1735622,1735638,1735919,1735983,1736176,1738775
+/jackrabbit/oak/trunk:1733615,1733875,1733913,1734230,1734254,1735052,1735405,1735484,1735549,1735564,1735622,1735638,1735919,1735983,1736176,1738775
/jackrabbit/trunk:1345480
Modified:
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java?rev=1739921&r1=1739920&r2=1739921&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java
(original)
+++
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/GroupImpl.java
Tue Apr 19 12:32:27 2016
@@ -19,6 +19,7 @@ package org.apache.jackrabbit.oak.securi
import java.security.Principal;
import java.util.Iterator;
import java.util.Set;
+
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.RepositoryException;
@@ -116,7 +117,13 @@ class GroupImpl extends AuthorizableImpl
}
}
- return getMembershipProvider().addMember(getTree(),
authorizableImpl.getTree());
+ boolean success = getMembershipProvider().addMember(getTree(),
authorizableImpl.getTree());
+
+ if (success) {
+ getUserManager().onGroupUpdate(this, false, authorizable);
+ }
+
+ return success;
}
@Override
@@ -154,7 +161,14 @@ class GroupImpl extends AuthorizableImpl
return false;
} else {
Tree memberTree = ((AuthorizableImpl) authorizable).getTree();
- return getMembershipProvider().removeMember(getTree(), memberTree);
+
+ boolean success = getMembershipProvider().removeMember(getTree(),
memberTree);
+
+ if (success) {
+ getUserManager().onGroupUpdate(this, true, authorizable);
+ }
+
+ return success;
}
}
@@ -246,6 +260,7 @@ class GroupImpl extends AuthorizableImpl
*/
private final Set<String> updateMembers(boolean isRemove, @Nonnull
String... memberIds) throws RepositoryException {
Set<String> idSet =
Sets.newLinkedHashSet(Lists.newArrayList(memberIds));
+ Set<String> processedIds = Sets.newLinkedHashSet();
int importBehavior =
UserUtil.getImportBehavior(getUserManager().getConfig());
Iterator<String> idIterator = idSet.iterator();
@@ -282,8 +297,12 @@ class GroupImpl extends AuthorizableImpl
}
if (success) {
idIterator.remove();
+ processedIds.add(memberId);
}
}
+
+ getUserManager().onGroupUpdate(this, isRemove, false, processedIds,
idSet);
+
return idSet;
}
Modified:
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java?rev=1739921&r1=1739920&r2=1739921&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java
(original)
+++
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java
Tue Apr 19 12:32:27 2016
@@ -35,6 +35,7 @@ import javax.jcr.Session;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.jcr.nodetype.PropertyDefinition;
+import com.google.common.collect.Sets;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
@@ -639,9 +640,17 @@ class UserImporter implements ProtectedP
Tree groupTree = root.getTree(gr.getPath());
MembershipProvider membershipProvider =
userManager.getMembershipProvider();
+ Set<String> memberContentIds = Sets.newLinkedHashSet();
+ Set<String> failedContentIds = Sets.newLinkedHashSet();
for (String member : nonExisting) {
- membershipProvider.addMember(groupTree, member);
+ boolean success = membershipProvider.addMember(groupTree,
member);
+ if (success) {
+ memberContentIds.add(member);
+ } else {
+ failedContentIds.add(member);
+ }
}
+ userManager.onGroupUpdate(gr, false, true, memberContentIds,
failedContentIds);
}
}
}
Modified:
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java?rev=1739921&r1=1739920&r2=1739921&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
(original)
+++
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java
Tue Apr 19 12:32:27 2016
@@ -20,6 +20,8 @@ import java.io.UnsupportedEncodingExcept
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
@@ -28,6 +30,7 @@ import javax.jcr.RepositoryException;
import javax.jcr.UnsupportedRepositoryOperationException;
import com.google.common.base.Strings;
+import com.google.common.collect.Lists;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
@@ -52,6 +55,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableAction;
import
org.apache.jackrabbit.oak.spi.security.user.action.AuthorizableActionProvider;
import
org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider;
+import org.apache.jackrabbit.oak.spi.security.user.action.GroupAction;
import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtil;
import org.apache.jackrabbit.oak.spi.security.user.util.UserUtil;
import org.apache.jackrabbit.oak.util.NodeUtil;
@@ -309,6 +313,52 @@ public class UserManagerImpl implements
}
}
+ /**
+ * Upon a group being updated (single {@code Authorizable} successfully
added or removed),
+ * call available {@code GroupAction}s and execute the method specific to
removal or addition.
+ * {@code GroupAction}s may then validate or modify the changes.
+ *
+ * @param group The target group.
+ * @param isRemove Indicates whether the member is removed or added.
+ * @param member The member successfully removed or added.
+ * @throws RepositoryException If an error occurs.
+ */
+ void onGroupUpdate(@Nonnull Group group, boolean isRemove, @Nonnull
Authorizable member) throws RepositoryException {
+ for (GroupAction action : selectGroupActions()) {
+ if (isRemove) {
+ action.onMemberRemoved(group, member, root, namePathMapper);
+ } else {
+ action.onMemberAdded(group, member, root, namePathMapper);
+ }
+ }
+ }
+
+ /**
+ * Upon a group being updated (multiple {@code memberIds} added or
removed),
+ * call available {@code GroupAction}s and execute the method specific to
removal or addition.
+ * {@code GroupAction}s may then validate or modify the changes.
+ *
+ * @param group The target group.
+ * @param isRemove Indicates whether the member is removed or added.
+ * @param isContentId Indicates whether member ids are expressed as
content-ids (UUID) or member-ids.
+ * @param memberIds The IDs of all members successfully removed or added.
+ * @param failedIds The IDs of all members whose addition or removal
failed.
+ * @throws RepositoryException If an error occurs.
+ */
+ void onGroupUpdate(@Nonnull Group group, boolean isRemove, boolean
isContentId, @Nonnull Set<String> memberIds, @Nonnull Set<String> failedIds)
throws RepositoryException {
+ for (GroupAction action : selectGroupActions()) {
+ if (isRemove) {
+ action.onMembersRemoved(group, memberIds, failedIds, root,
namePathMapper);
+ } else {
+ if (isContentId) {
+ action.onMembersAddedContentId(group, memberIds,
failedIds, root, namePathMapper);
+ } else {
+ action.onMembersAdded(group, memberIds, failedIds, root,
namePathMapper);
+ }
+ }
+ }
+ }
+
//--------------------------------------------------------------------------
@CheckForNull
Authorizable getAuthorizable(@CheckForNull Tree tree) throws
RepositoryException {
@@ -439,4 +489,20 @@ public class UserManagerImpl implements
}
return queryManager;
}
+
+ /**
+ * Select only {@code GroupAction}s from the available {@code
AuthorizableAction}s.
+ *
+ * @return A {@code List} of {@code GroupAction}s. List may be empty.
+ */
+ @Nonnull
+ private List<GroupAction> selectGroupActions() {
+ List<GroupAction> actions = Lists.newArrayList();
+ for (AuthorizableAction action :
actionProvider.getAuthorizableActions(securityProvider)) {
+ if (action instanceof GroupAction) {
+ actions.add((GroupAction) action);
+ }
+ }
+ return actions;
+ }
}
\ No newline at end of file
Copied:
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/GroupAction.java
(from r1735564,
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/GroupAction.java)
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/GroupAction.java?p2=jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/GroupAction.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/GroupAction.java&r1=1735564&r2=1739921&rev=1739921&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/GroupAction.java
(original)
+++
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/GroupAction.java
Tue Apr 19 12:32:27 2016
@@ -43,7 +43,7 @@ import javax.jcr.RepositoryException;
* <p>
* For convenience, an {@link AbstractGroupAction} is provided.
* </p>
- * @since OAK 1.6
+ * @since OAK 1.6 and 1.4.2 (back port)
*/
public interface GroupAction extends AuthorizableAction {
Modified:
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/package-info.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/package-info.java?rev=1739921&r1=1739920&r2=1739921&view=diff
==============================================================================
---
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/package-info.java
(original)
+++
jackrabbit/oak/branches/1.4/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/package-info.java
Tue Apr 19 12:32:27 2016
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-@Version("1.0.2")
+@Version("1.1.0")
@Export(optional = "provide:=true")
package org.apache.jackrabbit.oak.spi.security.user.action;
Modified: jackrabbit/oak/branches/1.4/oak-doc/src/site/markdown/security/user.md
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.4/oak-doc/src/site/markdown/security/user.md?rev=1739921&r1=1739920&r2=1739921&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.4/oak-doc/src/site/markdown/security/user.md
(original)
+++ jackrabbit/oak/branches/1.4/oak-doc/src/site/markdown/security/user.md Tue
Apr 19 12:32:27 2016
@@ -50,6 +50,7 @@ interfaces and classes:
- `AuthorizableType`: ease handling with the different authorizable types.
- `AuthorizableAction` and `AuthorizableActionProvider`: see [Authorizable
Actions](user/authorizableaction.html) for details.
- `AuthorizableNodeName`: see section [Authorizable Node Name
Generation](user/authorizablenodename.html).
+- `GroupAction` (via `AuthorizableActionProvider`): see [Group
Actions](user/groupaction.html) for details.
- `UserAuthenticationFactory`: see sections
[pluggability](user/default.html#pluggability)
and [user authentication](authentication/default.html#user_authentication) for
additional details.
Copied:
jackrabbit/oak/branches/1.4/oak-doc/src/site/markdown/security/user/groupaction.md
(from r1735564,
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/groupaction.md)
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.4/oak-doc/src/site/markdown/security/user/groupaction.md?p2=jackrabbit/oak/branches/1.4/oak-doc/src/site/markdown/security/user/groupaction.md&p1=jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/groupaction.md&r1=1735564&r2=1739921&rev=1739921&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/user/groupaction.md
(original)
+++
jackrabbit/oak/branches/1.4/oak-doc/src/site/markdown/security/user/groupaction.md
Tue Apr 19 12:32:27 2016
@@ -20,7 +20,7 @@ Group Actions
### Overview
-Oak 1.6 comes with an extension to the Jackrabbit user management API that
allows
+Oak 1.4.2 comes with an extension to the Jackrabbit user management API that
allows
to perform additional actions or validations upon group member management tasks
such as
