Author: angela
Date: Fri Jun 2 08:50:31 2017
New Revision: 1797331
URL: http://svn.apache.org/viewvc?rev=1797331&view=rev
Log:
OAK-4612 : Multiplexing support for CugPermissionProvider
Added:
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationWithMountsTest.java
(with props)
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConstants.java
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugImporter.java
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugUtil.java
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManagerTest.java
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugImporterTest.java
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugUtilTest.java
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java?rev=1797331&r1=1797330&r2=1797331&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java
(original)
+++
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManager.java
Fri Jun 2 08:50:31 2017
@@ -44,6 +44,7 @@ import org.apache.jackrabbit.oak.api.Typ
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.PolicyOwner;
import org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
@@ -54,7 +55,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
-import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -69,12 +69,18 @@ class CugAccessControlManager extends Ab
private static final Logger log =
LoggerFactory.getLogger(CugAccessControlManager.class);
+ private final Set<String> supportedPaths;
private final ConfigurationParameters config;
private final PrincipalManager principalManager;
- public CugAccessControlManager(@Nonnull Root root, @Nonnull NamePathMapper
namePathMapper, @Nonnull SecurityProvider securityProvider) {
+ public CugAccessControlManager(@Nonnull Root root,
+ @Nonnull NamePathMapper namePathMapper,
+ @Nonnull SecurityProvider securityProvider,
+ @Nonnull Set<String> supportedPaths) {
super(root, namePathMapper, securityProvider);
+ this.supportedPaths = supportedPaths;
+
config =
securityProvider.getConfiguration(AuthorizationConfiguration.class).getParameters();
principalManager =
securityProvider.getConfiguration(PrincipalConfiguration.class).getPrincipalManager(root,
namePathMapper);
}
@@ -224,7 +230,7 @@ class CugAccessControlManager extends Ab
private boolean isSupportedPath(@Nullable String oakPath) throws
RepositoryException {
checkValidPath(oakPath);
- return CugUtil.isSupportedPath(oakPath, config);
+ return CugUtil.isSupportedPath(oakPath, supportedPaths);
}
private void checkValidPath(@Nullable String oakPath) throws
RepositoryException {
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java?rev=1797331&r1=1797330&r2=1797331&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
(original)
+++
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
Fri Jun 2 08:50:31 2017
@@ -19,7 +19,6 @@ package org.apache.jackrabbit.oak.spi.se
import java.io.IOException;
import java.io.InputStream;
import java.security.Principal;
-import java.security.PrivilegedActionException;
import java.util.Collections;
import java.util.List;
import java.util.Map;
@@ -29,15 +28,16 @@ import javax.jcr.RepositoryException;
import javax.jcr.security.AccessControlManager;
import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableSet;
import org.apache.felix.scr.annotations.Activate;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.ConfigurationPolicy;
+import org.apache.felix.scr.annotations.Modified;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.ReferenceCardinality;
import org.apache.felix.scr.annotations.Service;
-import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
@@ -54,6 +54,8 @@ import org.apache.jackrabbit.oak.spi.com
import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
+import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider;
+import org.apache.jackrabbit.oak.spi.mount.Mounts;
import org.apache.jackrabbit.oak.spi.security.CompositeConfiguration;
import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
@@ -97,6 +99,15 @@ public class CugConfiguration extends Co
@Reference(cardinality = ReferenceCardinality.OPTIONAL_UNARY)
private CugExclude exclude;
+ /**
+ * Reference to service implementing {@link MountInfoProvider} to make the
+ * CUG authorization model multiplexing aware.
+ */
+ @Reference
+ private MountInfoProvider mountInfoProvider;
+
+ private Set<String> supportedPaths = ImmutableSet.of();
+
@SuppressWarnings("UnusedDeclaration")
public CugConfiguration() {
super();
@@ -104,12 +115,15 @@ public class CugConfiguration extends Co
public CugConfiguration(@Nonnull SecurityProvider securityProvider) {
super(securityProvider, securityProvider.getParameters(NAME));
+
+ mountInfoProvider =
getParameters().getConfigValue(PARAM_MOUNT_PROVIDER,
Mounts.defaultMountInfoProvider(), MountInfoProvider.class);
+ supportedPaths = CugUtil.getSupportedPaths(getParameters(),
mountInfoProvider);
}
@Nonnull
@Override
public AccessControlManager getAccessControlManager(@Nonnull Root root,
@Nonnull NamePathMapper namePathMapper) {
- return new CugAccessControlManager(root, namePathMapper,
getSecurityProvider());
+ return new CugAccessControlManager(root, namePathMapper,
getSecurityProvider(), supportedPaths);
}
@Nonnull
@@ -124,7 +138,6 @@ public class CugConfiguration extends Co
ConfigurationParameters params = getParameters();
boolean enabled =
params.getConfigValue(CugConstants.PARAM_CUG_ENABLED, false);
- Set<String> supportedPaths =
params.getConfigValue(CugConstants.PARAM_CUG_SUPPORTED_PATHS,
Collections.<String>emptySet());
if (!enabled || supportedPaths.isEmpty() ||
getExclude().isExcluded(principals)) {
return EmptyPermissionProvider.getInstance();
} else {
@@ -170,7 +183,7 @@ public class CugConfiguration extends Co
@Nonnull
@Override
public List<ProtectedItemImporter> getProtectedItemImporters() {
- return Collections.<ProtectedItemImporter>singletonList(new
CugImporter());
+ return Collections.<ProtectedItemImporter>singletonList(new
CugImporter(mountInfoProvider));
}
@Nonnull
@@ -182,8 +195,16 @@ public class CugConfiguration extends Co
//----------------------------------------------------< SCR Integration
>---
@SuppressWarnings("UnusedDeclaration")
@Activate
- protected void activate(Map<String, Object> properties) throws
IOException, CommitFailedException, PrivilegedActionException,
RepositoryException {
- setParameters(ConfigurationParameters.of(properties));
+ protected void activate(Map<String, Object> properties) {
+ ConfigurationParameters params =
ConfigurationParameters.of(properties);
+ setParameters(params);
+ supportedPaths = CugUtil.getSupportedPaths(params, mountInfoProvider);
+ }
+
+ @SuppressWarnings("UnusedDeclaration")
+ @Modified
+ protected void modified(Map<String, Object> properties) {
+ activate(properties);
}
//--------------------------------------------------------------------------
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConstants.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConstants.java?rev=1797331&r1=1797330&r2=1797331&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConstants.java
(original)
+++
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConstants.java
Fri Jun 2 08:50:31 2017
@@ -77,4 +77,13 @@ interface CugConstants {
* </ul>
*/
String PARAM_CUG_ENABLED = "cugEnabled";
+
+ /**
+ * Name of the configuration options specifying the
+ * {@link org.apache.jackrabbit.oak.spi.mount.MountInfoProvider} in
non-OSGi
+ * setup scenarios.
+ *
+ * @since OAK 1.8
+ */
+ String PARAM_MOUNT_PROVIDER = "mountInfoProvider";
}
\ No newline at end of file
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugImporter.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugImporter.java?rev=1797331&r1=1797330&r2=1797331&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugImporter.java
(original)
+++
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugImporter.java
Fri Jun 2 08:50:31 2017
@@ -31,6 +31,7 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
@@ -50,13 +51,19 @@ class CugImporter implements ProtectedPr
private static final Logger log =
LoggerFactory.getLogger(CugImporter.class);
+ private final MountInfoProvider mountInfoProvider;
+
private boolean initialized;
- private ConfigurationParameters config;
+ private Set<String> supportedPaths;
private int importBehavior;
private PrincipalManager principalManager;
+ CugImporter(@Nonnull MountInfoProvider mountInfoProvider) {
+ this.mountInfoProvider = mountInfoProvider;
+ }
+
//----------------------------------------------< ProtectedItemImporter
>---
@Override
public boolean init(@Nonnull Session session, @Nonnull Root root, @Nonnull
NamePathMapper namePathMapper, boolean isWorkspaceImport, int uuidBehavior,
@Nonnull ReferenceChangeTracker referenceTracker, @Nonnull SecurityProvider
securityProvider) {
@@ -64,7 +71,8 @@ class CugImporter implements ProtectedPr
throw new IllegalStateException("Already initialized");
}
try {
- config =
securityProvider.getConfiguration(AuthorizationConfiguration.class).getParameters();
+ ConfigurationParameters config =
securityProvider.getConfiguration(AuthorizationConfiguration.class).getParameters();
+ supportedPaths = CugUtil.getSupportedPaths(config,
mountInfoProvider);
importBehavior = CugUtil.getImportBehavior(config);
if (isWorkspaceImport) {
@@ -89,7 +97,7 @@ class CugImporter implements ProtectedPr
@Override
public boolean handlePropInfo(@Nonnull Tree parent, @Nonnull PropInfo
protectedPropInfo, @Nonnull PropertyDefinition def) throws RepositoryException {
- if (CugUtil.definesCug(parent) && isValid(protectedPropInfo, def) &&
CugUtil.isSupportedPath(parent.getPath(), config)) {
+ if (CugUtil.definesCug(parent) && isValid(protectedPropInfo, def) &&
CugUtil.isSupportedPath(parent.getPath(), supportedPaths)) {
Set<String> principalNames = new HashSet<>();
for (TextValue txtValue : protectedPropInfo.getTextValues()) {
String principalName = txtValue.getString();
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugUtil.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugUtil.java?rev=1797331&r1=1797330&r2=1797331&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugUtil.java
(original)
+++
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugUtil.java
Fri Jun 2 08:50:31 2017
@@ -16,26 +16,34 @@
*/
package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;
+import java.util.Set;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
+import com.google.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
+import org.apache.jackrabbit.oak.spi.mount.Mount;
+import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.spi.state.NodeStateUtils;
import org.apache.jackrabbit.oak.spi.xml.ImportBehavior;
import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter;
-import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.util.Text;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* Utility methods for this CUG implementation package.
*/
final class CugUtil implements CugConstants {
+ private static final Logger log = LoggerFactory.getLogger(CugUtil.class);
+
private CugUtil(){}
public static boolean hasCug(@Nonnull Tree tree) {
@@ -76,11 +84,11 @@ final class CugUtil implements CugConsta
return cugTree.hasProperty(CugConstants.HIDDEN_NESTED_CUGS);
}
- public static boolean isSupportedPath(@Nullable String oakPath, @Nonnull
ConfigurationParameters config) {
+ public static boolean isSupportedPath(@Nullable String oakPath, @Nonnull
Set<String> supportedPaths) {
if (oakPath == null) {
return false;
} else {
- for (String supportedPath :
config.getConfigValue(CugConfiguration.PARAM_CUG_SUPPORTED_PATHS, new
String[0])) {
+ for (String supportedPath : supportedPaths) {
if (Text.isDescendantOrEqual(supportedPath, oakPath)) {
return true;
}
@@ -89,6 +97,24 @@ final class CugUtil implements CugConsta
return false;
}
+ public static Set<String> getSupportedPaths(@Nonnull
ConfigurationParameters params, @Nonnull MountInfoProvider mountInfoProvider) {
+ Set<String> supportedPaths =
params.getConfigValue(CugConstants.PARAM_CUG_SUPPORTED_PATHS,
ImmutableSet.of());
+ if (!supportedPaths.isEmpty() &&
mountInfoProvider.hasNonDefaultMounts()) {
+ for (Mount mount : mountInfoProvider.getNonDefaultMounts()) {
+ for (String path : supportedPaths) {
+ if (mount.isUnder(path)) {
+ log.error("Configured supported CUG path '{}' includes
node store mount '{}'.", path, mount.getName());
+ throw new IllegalStateException();
+ } else if (mount.isMounted(path)) {
+ log.error("Configured supported CUG path '{}' is part
of node store mount '{}'.", path, mount.getName());
+ throw new IllegalStateException();
+ }
+ }
+ }
+ }
+ return supportedPaths;
+ }
+
public static int getImportBehavior(ConfigurationParameters config) {
String importBehaviorStr =
config.getConfigValue(ProtectedItemImporter.PARAM_IMPORT_BEHAVIOR,
ImportBehavior.NAME_ABORT);
return ImportBehavior.valueFromString(importBehaviorStr);
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManagerTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManagerTest.java?rev=1797331&r1=1797330&r2=1797331&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManagerTest.java
(original)
+++
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugAccessControlManagerTest.java
Fri Jun 2 08:50:31 2017
@@ -40,6 +40,7 @@ import org.apache.jackrabbit.oak.api.Typ
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy;
@@ -47,7 +48,6 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.xml.ImportBehavior;
import org.apache.jackrabbit.oak.util.NodeUtil;
-import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.junit.Test;
import static org.junit.Assert.assertArrayEquals;
@@ -65,7 +65,7 @@ public class CugAccessControlManagerTest
public void before() throws Exception {
super.before();
- cugAccessControlManager = new CugAccessControlManager(root,
NamePathMapper.DEFAULT, getSecurityProvider());
+ cugAccessControlManager = new CugAccessControlManager(root,
NamePathMapper.DEFAULT, getSecurityProvider(),
ImmutableSet.copyOf(SUPPORTED_PATHS));
}
private CugPolicy createCug(@Nonnull String path) {
@@ -224,7 +224,7 @@ public class CugAccessControlManagerTest
ConfigurationParameters config =
ConfigurationParameters.of(AuthorizationConfiguration.NAME,
ConfigurationParameters.of(
CugConstants.PARAM_CUG_SUPPORTED_PATHS, SUPPORTED_PATHS,
CugConstants.PARAM_CUG_ENABLED, false));
- CugAccessControlManager acMgr = new CugAccessControlManager(root,
NamePathMapper.DEFAULT, new CugSecurityProvider(config));
+ CugAccessControlManager acMgr = new CugAccessControlManager(root,
NamePathMapper.DEFAULT, new CugSecurityProvider(config),
ImmutableSet.copyOf(SUPPORTED_PATHS));
AccessControlPolicy[] policies =
acMgr.getEffectivePolicies(SUPPORTED_PATH);
assertEquals(0, policies.length);
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java?rev=1797331&r1=1797330&r2=1797331&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java
(original)
+++
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java
Fri Jun 2 08:50:31 2017
@@ -27,7 +27,6 @@ import com.google.common.collect.Immutab
import com.google.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
import org.apache.jackrabbit.oak.spi.commit.CommitHook;
import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
@@ -50,12 +49,17 @@ import static org.junit.Assert.assertTru
public class CugConfigurationTest extends AbstractSecurityTest {
- private CugConfiguration createConfiguration(ConfigurationParameters
params) {
- SecurityProvider sp = new
SecurityProviderImpl(ConfigurationParameters.of(ImmutableMap.of(AuthorizationConfiguration.NAME,
params)));
+ private static CugConfiguration
createConfiguration(ConfigurationParameters params) {
+ SecurityProvider sp = new
CugSecurityProvider(ConfigurationParameters.of(ImmutableMap.of(AuthorizationConfiguration.NAME,
params)));
return new CugConfiguration(sp);
}
@Test
+ public void testEmptyConstructor() {
+ assertEquals(ConfigurationParameters.EMPTY, new
CugConfiguration().getParameters());
+ }
+
+ @Test
public void testGetName() {
assertEquals(AuthorizationConfiguration.NAME, new
CugConfiguration().getName());
}
@@ -198,11 +202,21 @@ public class CugConfigurationTest extend
public void testActivate() throws Exception {
CugConfiguration cugConfiguration = new
CugConfiguration(getSecurityProvider());
cugConfiguration.activate(ImmutableMap.of(
+ CugConstants.PARAM_CUG_ENABLED, false,
CugConstants.PARAM_CUG_SUPPORTED_PATHS, new String[]
{"/content", "/anotherContent"}
));
assertSupportedPaths(cugConfiguration, "/content", "/anotherContent");
}
+ @Test
+ public void testModified() throws Exception {
+ CugConfiguration cugConfiguration = new
CugConfiguration(getSecurityProvider());
+ cugConfiguration.modified(ImmutableMap.of(
+ CugConstants.PARAM_CUG_SUPPORTED_PATHS, new
String[]{"/changed"}
+ ));
+ assertSupportedPaths(cugConfiguration, "/changed");
+ }
+
private static void assertSupportedPaths(@Nonnull CugConfiguration
configuration, @Nonnull String... paths) throws Exception {
Set<String> expected = ImmutableSet.copyOf(paths);
assertEquals(expected,
configuration.getParameters().getConfigValue(CugConstants.PARAM_CUG_SUPPORTED_PATHS,
ImmutableSet.of()));
Added:
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationWithMountsTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationWithMountsTest.java?rev=1797331&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationWithMountsTest.java
(added)
+++
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationWithMountsTest.java
Fri Jun 2 08:50:31 2017
@@ -0,0 +1,88 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;
+
+import com.google.common.collect.ImmutableMap;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider;
+import org.apache.jackrabbit.oak.spi.mount.Mounts;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import org.junit.Test;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertSame;
+
+public class CugConfigurationWithMountsTest extends AbstractSecurityTest {
+
+ private static CugConfiguration createConfiguration(MountInfoProvider mip)
{
+ ConfigurationParameters params = ConfigurationParameters.of(
+ AbstractCugTest.CUG_CONFIG,
+ ConfigurationParameters.of(CugConstants.PARAM_MOUNT_PROVIDER,
mip));
+
+ SecurityProvider sp = new
CugSecurityProvider(ConfigurationParameters.of(ImmutableMap.of(AuthorizationConfiguration.NAME,
params)));
+ return new CugConfiguration(sp);
+ }
+
+ @Test
+ public void testDefaultMountInfoProvider() {
+ CugConfiguration configuration =
createConfiguration(Mounts.defaultMountInfoProvider());
+
+ ConfigurationParameters params = configuration.getParameters();
+ assertSame(Mounts.defaultMountInfoProvider(),
params.get(CugConstants.PARAM_MOUNT_PROVIDER));
+ }
+
+ @Test(expected = IllegalStateException.class)
+ public void testMountAtCugSupportedPath() {
+ MountInfoProvider mip = Mounts.newBuilder().mount("mnt",
AbstractCugTest.SUPPORTED_PATH).build();
+ CugConfiguration configuration = createConfiguration(mip);
+ }
+
+ @Test(expected = IllegalStateException.class)
+ public void testMountBelowCugSupportedPath() {
+ MountInfoProvider mip = Mounts.newBuilder().mount("mnt",
AbstractCugTest.SUPPORTED_PATH + "/mount").build();
+ CugConfiguration configuration = createConfiguration(mip);
+ }
+
+ @Test(expected = IllegalStateException.class)
+ public void testMountAboveCugSupportedPath() {
+ MountInfoProvider mip = Mounts.newBuilder().mount("mnt",
PathUtils.getParentPath(AbstractCugTest.SUPPORTED_PATH3)).build();
+ CugConfiguration configuration = createConfiguration(mip);
+ }
+
+ @Test(expected = IllegalStateException.class)
+ public void testMountAtRootWithSupportedPaths() {
+ MountInfoProvider mip = Mounts.newBuilder().mount("mnt",
PathUtils.ROOT_PATH).build();
+ CugConfiguration configuration = createConfiguration(mip);
+ }
+
+ @Test
+ public void testMountAtUnsupportedPath() {
+ MountInfoProvider mip = Mounts.newBuilder().mount("mnt",
AbstractCugTest.UNSUPPORTED_PATH).build();
+ CugConfiguration configuration = createConfiguration(mip);
+ assertArrayEquals(AbstractCugTest.SUPPORTED_PATHS,
configuration.getParameters().getConfigValue(CugConstants.PARAM_CUG_SUPPORTED_PATHS,
new String[0]));
+ }
+
+ @Test
+ public void testMountBelowUnsupportedPath() {
+ MountInfoProvider mip = Mounts.newBuilder().mount("mnt",
AbstractCugTest.UNSUPPORTED_PATH + "/mount").build();
+ CugConfiguration configuration = createConfiguration(mip);
+ assertArrayEquals(AbstractCugTest.SUPPORTED_PATHS,
configuration.getParameters().getConfigValue(CugConstants.PARAM_CUG_SUPPORTED_PATHS,
new String[0]));
+ }
+}
\ No newline at end of file
Propchange:
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationWithMountsTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugImporterTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugImporterTest.java?rev=1797331&r1=1797330&r2=1797331&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugImporterTest.java
(original)
+++
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugImporterTest.java
Fri Jun 2 08:50:31 2017
@@ -26,6 +26,7 @@ import javax.jcr.nodetype.PropertyDefini
import com.google.common.collect.ImmutableList;
import org.apache.jackrabbit.JcrConstants;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.spi.mount.Mounts;
import org.apache.jackrabbit.oak.spi.xml.PropInfo;
import org.apache.jackrabbit.oak.spi.xml.ReferenceChangeTracker;
import org.apache.jackrabbit.oak.spi.xml.TextValue;
@@ -42,7 +43,7 @@ public class CugImporterTest extends Abs
@Override
public void before() throws Exception {
super.before();
- importer = new CugImporter();
+ importer = new CugImporter(Mounts.defaultMountInfoProvider());
}
@Test(expected = IllegalStateException.class)
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugUtilTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugUtilTest.java?rev=1797331&r1=1797330&r2=1797331&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugUtilTest.java
(original)
+++
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugUtilTest.java
Fri Jun 2 08:50:31 2017
@@ -16,12 +16,16 @@
*/
package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;
+import java.util.Set;
import javax.annotation.Nonnull;
+import com.google.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
import org.apache.jackrabbit.oak.plugins.tree.impl.AbstractTree;
+import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider;
+import org.apache.jackrabbit.oak.spi.mount.Mounts;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
@@ -30,8 +34,10 @@ import org.apache.jackrabbit.oak.spi.xml
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.junit.Test;
+import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNotSame;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
@@ -121,13 +127,60 @@ public class CugUtilTest extends Abstrac
@Test
public void testIsSupportedPath() {
- assertFalse(CugUtil.isSupportedPath(null, CUG_CONFIG));
- assertFalse(CugUtil.isSupportedPath(UNSUPPORTED_PATH, CUG_CONFIG));
+ Set<String> configuredPaths =
CUG_CONFIG.getConfigValue(PARAM_CUG_SUPPORTED_PATHS, ImmutableSet.<String>of());
+ assertFalse(CugUtil.isSupportedPath(null, configuredPaths));
+ assertFalse(CugUtil.isSupportedPath(UNSUPPORTED_PATH,
configuredPaths));
- assertTrue(CugUtil.isSupportedPath(SUPPORTED_PATH, CUG_CONFIG));
- assertTrue(CugUtil.isSupportedPath(SUPPORTED_PATH2, CUG_CONFIG));
- assertTrue(CugUtil.isSupportedPath(SUPPORTED_PATH + "/child",
CUG_CONFIG));
- assertTrue(CugUtil.isSupportedPath(SUPPORTED_PATH2 + "/child",
CUG_CONFIG));
+ assertTrue(CugUtil.isSupportedPath(SUPPORTED_PATH, configuredPaths));
+ assertTrue(CugUtil.isSupportedPath(SUPPORTED_PATH2, configuredPaths));
+ assertTrue(CugUtil.isSupportedPath(SUPPORTED_PATH + "/child",
configuredPaths));
+ assertTrue(CugUtil.isSupportedPath(SUPPORTED_PATH2 + "/child",
configuredPaths));
+ }
+
+ @Test
+ public void testGetSupportedPathsDefaultMountInfoProvider() {
+ Set<String> expected =
CUG_CONFIG.getConfigValue(PARAM_CUG_SUPPORTED_PATHS, ImmutableSet.<String>of());
+ assertEquals(expected, CugUtil.getSupportedPaths(CUG_CONFIG,
Mounts.defaultMountInfoProvider()));
+ }
+
+ @Test
+ public void testGetSupportedPathsWithDifferentMounts() {
+ Set<String> expected =
CUG_CONFIG.getConfigValue(PARAM_CUG_SUPPORTED_PATHS, ImmutableSet.<String>of());
+ MountInfoProvider mip = Mounts.newBuilder().mount("private", "/libs",
"/apps", "/nonCugPath").build();
+ assertNotSame(expected, CugUtil.getSupportedPaths(CUG_CONFIG, mip));
+ assertEquals(expected, CugUtil.getSupportedPaths(CUG_CONFIG, mip));
+ }
+
+ @Test(expected = IllegalStateException.class)
+ public void testGetSupportedPathsMountsAtSupportedPath() {
+ MountInfoProvider mip = Mounts.newBuilder().mount("private", "/libs",
SUPPORTED_PATH3).build();
+ CugUtil.getSupportedPaths(CUG_CONFIG, mip);
+ }
+
+
+ @Test(expected = IllegalStateException.class)
+ public void testGetSupportedPathsMountsBelowSupportedPath() {
+ MountInfoProvider mip = Mounts.newBuilder().mount("private", "/libs",
"/apps" ).build();
+
CugUtil.getSupportedPaths(ConfigurationParameters.of(PARAM_CUG_SUPPORTED_PATHS,
new String[] {"/"}), mip);
+ }
+
+ @Test(expected = IllegalStateException.class)
+ public void testGetSupportedPathsMountsBelowSupportedPath2() {
+ MountInfoProvider mip = Mounts.newBuilder().mount("private", "/libs",
SUPPORTED_PATH + "/any/path/below").build();
+ CugUtil.getSupportedPaths(CUG_CONFIG, mip);
+ }
+
+
+ @Test(expected = IllegalStateException.class)
+ public void testGetSupportedPathsMountsAboveSupportedPath() {
+ MountInfoProvider mip = Mounts.newBuilder().mount("private",
PathUtils.ROOT_PATH).build();
+ CugUtil.getSupportedPaths(CUG_CONFIG, mip);
+ }
+
+ @Test(expected = IllegalStateException.class)
+ public void testGetSupportedPathsMountsAboveSupportedPath2() {
+ MountInfoProvider mip = Mounts.newBuilder().mount("private",
PathUtils.getAncestorPath(SUPPORTED_PATH3, 2)).build();
+ CugUtil.getSupportedPaths(CUG_CONFIG, mip);
}
@Test
