cug...

rombert Wed, 02 Aug 2017 06:57:28 -0700

Author: rombert
Date: Wed Aug  2 13:57:06 2017
New Revision: 1803820

URL: http://svn.apache.org/viewvc?rev=1803820&view=rev
Log:
OAK-6450 - Stop relying on the service.pid property in
SecurityProviderRegistration


Use the oak.component.name component property if the service.pid
is not available. The SecurityProviderRegistration property name is
unchanged, for backwards compatibility reasons.

The objectClass property may not be used as it points to the service
name(s) under which the component is registered. The component.name
property was considered and discarded as it is specific to DS.

Added:
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/RegistrationConstants.java
Modified:
    
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java
    
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImpl.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/RandomAuthorizableNodeName.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationFactoryImpl.java
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java
    
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java
    jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md

Modified: 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java
 Wed Aug  2 13:57:06 2017
@@ -16,6 +16,8 @@
  */
 package 
org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal;
 
+import static 
org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+
 import java.security.Principal;
 import java.security.acl.Group;
 import java.util.Arrays;
@@ -85,7 +87,10 @@ import org.slf4j.LoggerFactory;
         @Property(name = ExternalIdentityConstants.PARAM_PROTECT_EXTERNAL_IDS,
                 label = "External Identity Protection",
                 description = "If disabled rep:externalId properties won't be 
properly protected (backwards compatible behavior). NOTE: for security reasons 
it is strongly recommend to keep the protection enabled!",
-                boolValue = 
ExternalIdentityConstants.DEFAULT_PROTECT_EXTERNAL_IDS)
+                boolValue = 
ExternalIdentityConstants.DEFAULT_PROTECT_EXTERNAL_IDS),
+        @Property(name = OAK_SECURITY_NAME,
+                propertyPrivate= true, 
+                value = 
"org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.ExternalPrincipalConfiguration")
 })
 public class ExternalPrincipalConfiguration extends ConfigurationBase 
implements PrincipalConfiguration {
 

Modified: 
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
 Wed Aug  2 13:57:06 2017
@@ -16,6 +16,8 @@
  */
 package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;
 
+import static 
org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+
 import java.io.IOException;
 import java.io.InputStream;
 import java.security.Principal;
@@ -89,7 +91,10 @@ import org.apache.jackrabbit.oak.spi.xml
         @Property(name = CompositeConfiguration.PARAM_RANKING,
                 label = "Ranking",
                 description = "Ranking of this configuration in a setup with 
multiple authorization configurations.",
-                intValue = 200)
+                intValue = 200),
+        @Property(name = OAK_SECURITY_NAME,
+                propertyPrivate = true,
+                value = 
"org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugConfiguration")
        
 })
 public class CugConfiguration extends ConfigurationBase implements 
AuthorizationConfiguration, CugConstants {
 

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java
 Wed Aug  2 13:57:06 2017
@@ -16,6 +16,8 @@
  */
 package org.apache.jackrabbit.oak.security.authentication.token;
 
+import static 
org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+
 import java.security.Principal;
 import java.util.List;
 import java.util.Map;
@@ -73,7 +75,10 @@ import org.apache.jackrabbit.oak.spi.sec
         @Property(name = UserConstants.PARAM_PASSWORD_SALT_SIZE,
                 label = "Hash Salt Size",
                 description = "Size of the salt used to generate the hash.",
-                intValue = PasswordUtil.DEFAULT_SALT_SIZE)
+                intValue = PasswordUtil.DEFAULT_SALT_SIZE),
+        @Property(name = OAK_SECURITY_NAME,
+                propertyPrivate = true,
+                value = 
"org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl")
 })
 public class TokenConfigurationImpl extends ConfigurationBase implements 
TokenConfiguration {
 

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
 Wed Aug  2 13:57:06 2017
@@ -16,6 +16,8 @@
  */
 package org.apache.jackrabbit.oak.security.authorization;
 
+import static 
org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.List;
@@ -108,7 +110,10 @@ import com.google.common.collect.Immutab
         @Property(name = CompositeConfiguration.PARAM_RANKING,
                 label = "Ranking",
                 description = "Ranking of this configuration in a setup with 
multiple authorization configurations.",
-                intValue = 100)
+                intValue = 100),
+        @Property(name = OAK_SECURITY_NAME,
+                propertyPrivate = true,
+                value = 
"org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl")
 })
 public class AuthorizationConfigurationImpl extends ConfigurationBase 
implements AuthorizationConfiguration {
 

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java
 Wed Aug  2 13:57:06 2017
@@ -16,6 +16,8 @@
  */
 package org.apache.jackrabbit.oak.security.authorization.restriction;
 
+import static 
org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -26,6 +28,7 @@ import javax.jcr.security.AccessControlE
 
 import com.google.common.collect.ImmutableMap;
 import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Property;
 import org.apache.felix.scr.annotations.Service;
 import org.apache.jackrabbit.oak.api.PropertyState;
 import org.apache.jackrabbit.oak.api.Tree;
@@ -58,6 +61,8 @@ import org.slf4j.LoggerFactory;
  */
 @Component
 @Service(RestrictionProvider.class)
+@Property(name = OAK_SECURITY_NAME,
+        value = 
"org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionProviderImpl")
 public class RestrictionProviderImpl extends AbstractRestrictionProvider {
 
     private static final Logger log = 
LoggerFactory.getLogger(RestrictionProviderImpl.class);

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java
 Wed Aug  2 13:57:06 2017
@@ -40,6 +40,7 @@ import org.apache.jackrabbit.oak.securit
 import org.apache.jackrabbit.oak.security.user.UserConfigurationImpl;
 import org.apache.jackrabbit.oak.spi.security.CompositeConfiguration;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.RegistrationConstants;
 import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import 
org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration;
@@ -68,6 +69,8 @@ import org.slf4j.LoggerFactory;
 
 import static com.google.common.collect.Lists.newArrayList;
 import static com.google.common.collect.Lists.newCopyOnWriteArrayList;
+import static 
org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+import static org.osgi.framework.Constants.OBJECTCLASS;
 
 @Component(
         immediate = true,
@@ -78,11 +81,13 @@ import static com.google.common.collect.
 @Properties({
         @Property(
                 name = "requiredServicePids",
-                label = "Required Service PIDs",
+                label = "Required Services",
                 description = "The SecurityProvider will not register itself " 
+
-                        "unless the services identified by these PIDs are " +
-                        "registered first. Only the PIDs of implementations of 
" +
-                        "the following interfaces are checked: " +
+                        "unless the services identified by the following 
service pids " +
+                        "or the oak.security.name properties are registered 
first. The class name is " +
+                        "identified by checking the service.pid property. If 
that property " +
+                        "does not exist, the oak.security.name property is 
used as a fallback." +
+                        "Only implementations of the following interfaces are 
checked :" +
                         "AuthorizationConfiguration, PrincipalConfiguration, " 
+
                         "TokenConfiguration, AuthorizableActionProvider, " +
                         "RestrictionProvider and UserAuthenticationFactory.",
@@ -567,27 +572,31 @@ public class SecurityProviderRegistratio
     }
 
     private void addCandidate(Map<String, Object> properties) {
-        String pid = getServicePid(properties);
+        String pidOrName = getServicePidOrComponentName(properties);
 
-        if (pid == null) {
+        if (pidOrName == null) {
             return;
         }
 
-        preconditions.addCandidate(pid);
+        preconditions.addCandidate(pidOrName);
     }
 
     private void removeCandidate(Map<String, Object> properties) {
-        String pid = getServicePid(properties);
+        String pidOrName = getServicePidOrComponentName(properties);
 
-        if (pid == null) {
+        if (pidOrName == null) {
             return;
         }
 
-        preconditions.removeCandidate(pid);
+        preconditions.removeCandidate(pidOrName);
     }
 
-    private static String getServicePid(Map<String, Object> properties) {
-        return PropertiesUtil.toString(properties.get(Constants.SERVICE_PID), 
null);
+    private static String getServicePidOrComponentName(Map<String, Object> 
properties) {
+        String servicePid = 
PropertiesUtil.toString(properties.get(Constants.SERVICE_PID), null);
+        if ( servicePid != null ) {
+            return servicePid;
+        }
+        return PropertiesUtil.toString(properties.get(OAK_SECURITY_NAME), 
null);
     }
 
     private static String[] getRequiredServicePids(Map<String, Object> 
configuration) {

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImpl.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImpl.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImpl.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImpl.java
 Wed Aug  2 13:57:06 2017
@@ -16,12 +16,15 @@
  */
 package org.apache.jackrabbit.oak.security.principal;
 
+import static 
org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+
 import java.util.Map;
 
 import javax.annotation.Nonnull;
 
 import org.apache.felix.scr.annotations.Activate;
 import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Property;
 import org.apache.felix.scr.annotations.Service;
 import org.apache.jackrabbit.api.security.principal.PrincipalManager;
 import org.apache.jackrabbit.oak.api.Root;
@@ -40,6 +43,8 @@ import org.apache.jackrabbit.oak.spi.sec
  */
 @Component()
 @Service({PrincipalConfiguration.class, SecurityConfiguration.class})
+@Property(name = OAK_SECURITY_NAME,
+        value = 
"org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl" )
 public class PrincipalConfigurationImpl extends ConfigurationBase implements 
PrincipalConfiguration {
 
     @SuppressWarnings("UnusedDeclaration")

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/RandomAuthorizableNodeName.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/RandomAuthorizableNodeName.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/RandomAuthorizableNodeName.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/RandomAuthorizableNodeName.java
 Wed Aug  2 13:57:06 2017
@@ -16,6 +16,8 @@
  */
 package org.apache.jackrabbit.oak.security.user;
 
+import static 
org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+
 import java.security.SecureRandom;
 import java.util.Map;
 import java.util.Random;
@@ -35,6 +37,9 @@ import org.apache.jackrabbit.oak.spi.sec
  */
 @Component(metatype = true, label = "Apache Jackrabbit Oak Random Authorizable 
Node Name", description = "Generates a random name for the authorizable node.", 
policy = ConfigurationPolicy.REQUIRE)
 @Service(AuthorizableNodeName.class)
+@Property(name = OAK_SECURITY_NAME,
+        propertyPrivate = true,
+        value = 
"org.apache.jackrabbit.oak.security.user.RandomAuthorizableNodeName")
 public class RandomAuthorizableNodeName implements AuthorizableNodeName {
 
     /**

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationFactoryImpl.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationFactoryImpl.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationFactoryImpl.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationFactoryImpl.java
 Wed Aug  2 13:57:06 2017
@@ -16,18 +16,23 @@
  */
 package org.apache.jackrabbit.oak.security.user;
 
+import static 
org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+
 import org.apache.felix.scr.annotations.Component;
+import org.apache.felix.scr.annotations.Property;
 import org.apache.felix.scr.annotations.Service;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
 import org.apache.jackrabbit.oak.spi.security.user.UserAuthenticationFactory;
 import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
 
-import javax.annotation.Nonnull;
-import javax.annotation.Nullable;
-
 @Component
 @Service
+@Property(name = OAK_SECURITY_NAME,
+        value = 
"org.apache.jackrabbit.oak.security.user.UserAuthenticationFactoryImpl")
 public class UserAuthenticationFactoryImpl implements 
UserAuthenticationFactory {
 
     @Nonnull

Added: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/RegistrationConstants.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/RegistrationConstants.java?rev=1803820&view=auto
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/RegistrationConstants.java
 (added)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/RegistrationConstants.java
 Wed Aug  2 13:57:06 2017
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.jackrabbit.oak.spi.security;
+
+import 
org.apache.jackrabbit.oak.security.internal.SecurityProviderRegistration;
+
+/**
+ * Holds the names of well-known registration properties for security-related 
components
+ *
+ */
+public abstract class RegistrationConstants {
+
+    /**
+     * Name to be used when registering components that are required by the 
{@link SecurityProviderRegistration}
+     */
+    public static final String OAK_SECURITY_NAME = "oak.security.name";
+    
+    private RegistrationConstants() {
+        
+    }
+}

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java
 Wed Aug  2 13:57:06 2017
@@ -16,6 +16,8 @@
  */
 package org.apache.jackrabbit.oak.spi.security.user.action;
 
+import static 
org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
+
 import java.util.List;
 import java.util.Map;
 import javax.annotation.Nonnull;
@@ -60,7 +62,10 @@ import org.slf4j.LoggerFactory;
                 cardinality = Integer.MAX_VALUE),
         @Property(name = PasswordValidationAction.CONSTRAINT,
                 label = "Configure PasswordValidationAction: Password 
Constraint",
-                description = "A regular expression specifying the pattern 
that must be matched by a user's password.")
+                description = "A regular expression specifying the pattern 
that must be matched by a user's password."),
+        @Property(name = OAK_SECURITY_NAME,
+                 propertyPrivate = true,
+                 value = 
"org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider")
 })
 public class DefaultAuthorizableActionProvider implements 
AuthorizableActionProvider {
 

Modified: 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java
 Wed Aug  2 13:57:06 2017
@@ -36,6 +36,7 @@ import org.apache.jackrabbit.oak.securit
 import org.apache.jackrabbit.oak.spi.security.CompositeConfiguration;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.Context;
+import org.apache.jackrabbit.oak.spi.security.RegistrationConstants;
 import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
 import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
 import 
org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration;
@@ -92,11 +93,11 @@ public class SecurityProviderRegistratio
         assertEquals(isDefined, 
context.definesLocation(TreeLocation.create(tree)));
     }
 
-    private static <T> T mockConfiguration(Class<? extends 
SecurityConfiguration> cl) {
-        SecurityConfiguration sc = Mockito.mock(cl);
+    private static <T extends SecurityConfiguration> T 
mockConfiguration(Class<T> cl) {
+        T sc = Mockito.mock(cl);
         when(sc.getContext()).thenReturn(new ContextImpl());
         when(sc.getParameters()).thenReturn(ConfigurationParameters.EMPTY);
-        return (T) sc;
+        return sc;
     }
 
     private static Map<String, Object> requiredServiceIdMap(@Nonnull String... 
ids) {
@@ -564,6 +565,32 @@ public class SecurityProviderRegistratio
 
         SecurityProvider service = context.getService(SecurityProvider.class);
         RestrictionProvider rp = 
service.getConfiguration(AuthorizationConfiguration.class).getRestrictionProvider();
+        assertTrue(rp instanceof WhiteboardRestrictionProvider);
+    }
+    
+    @Test
+    public void testActivateWithRequiredOakSecurityName() {
+        registration.activate(context.bundleContext(), 
requiredServiceIdMap("serviceId"));
+
+        SecurityProvider service = context.getService(SecurityProvider.class);
+        assertNull(service);
+
+        
registration.bindAuthorizableNodeName(Mockito.mock(AuthorizableNodeName.class), 
ImmutableMap.of(RegistrationConstants.OAK_SECURITY_NAME, "serviceId"));
+
+        service = context.getService(SecurityProvider.class);
+        assertNotNull(service);
+    }
+    
+    @Test
+    public void testActivateWithMixedServicePiAnddOakServiceName() {
+        registration.activate(context.bundleContext(), 
requiredServiceIdMap("rpId", "authorizationId"));
+        
+        RestrictionProvider mockRp = Mockito.mock(RestrictionProvider.class);
+        registration.bindRestrictionProvider(mockRp, 
ImmutableMap.of(Constants.SERVICE_PID, "rpId"));
+        registration.bindAuthorizationConfiguration(new 
AuthorizationConfigurationImpl(), 
ImmutableMap.of(RegistrationConstants.OAK_SECURITY_NAME, "authorizationId"));
+
+        SecurityProvider service = context.getService(SecurityProvider.class);
+        RestrictionProvider rp = 
service.getConfiguration(AuthorizationConfiguration.class).getRestrictionProvider();
         assertTrue(rp instanceof WhiteboardRestrictionProvider);
     }
 

Modified: 
jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md?rev=1803820&r1=1803819&r2=1803820&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md 
(original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/security/introduction.md Wed 
Aug  2 13:57:06 2017
@@ -55,7 +55,8 @@ and base implementations:
     - [ConfigurationBase]: Abstract base implementation of the 
`SecurityConfiguration` interface. 
     - [CompositeConfiguration]: Abstract base implementation for all composite 
configurations that allow for aggregation of multiple modules.
 - [ConfigurationParameters]: Utility used to pass around parameters and 
options.
-- [Context]: Context information that allows to identify items defined and 
maintained by a give security module implementation. 
+- [Context]: Context information that allows to identify items defined and 
maintained by a give security module implementation.
+- [RegistrationConstants]: Utility used to define well-known registration 
properties
     
 #### SecurityProvider
 
@@ -190,7 +191,12 @@ the corresponding sections. The followin
 
 | Parameter                | Type     | Default   | Description            |
 |--------------------------|----------|-----------|------------------------|
-| `Required Service PIDs`  | String[] | see below | Service references 
mandatory for the SecurityProvider registration. |
+| `Required Services`    | String[] | see below | Service references mandatory 
for the SecurityProvider registration. |
+
+The value of the individual configuration entries can be one of:
+
+- the value of the `service.pid` registration property
+- the value of the `oak.security.name` registration property
 
 By default the `SecurityProviderRegistration` defines the following mandatory 
services. 
 As long as these required references are not resolved the 
`SecurityProviderRegistration` 
@@ -315,6 +321,7 @@ the `SecurityProvider` in order to avoid
 [ConfigurationBase]: 
/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/ConfigurationBase.html
 [ConfigurationParameters]: 
/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/ConfigurationParameters.html
 [Context]: 
/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/Context.html
+[RegistrationConstants]: 
/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/RegistrationConstants.html
 [AuthenticationConfiguration]: 
/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/AuthenticationConfiguration.html
 [TokenConfiguration]: 
/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authentication/token/TokenConfiguration.html
 [AuthorizationConfiguration]: 
/oak/docs/apidocs/org/apache/jackrabbit/oak/spi/security/authorization/AuthorizationConfiguration.html

svn commit: r1803820 - in /jackrabbit/oak/trunk: oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug...

Reply via email to