Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/QueryEngineSettingsService.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/QueryEngineSettingsService.java?rev=1810002&r1=1810001&r2=1810002&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/QueryEngineSettingsService.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/QueryEngineSettingsService.java Thu Sep 28 14:09:26 2017 @@ -19,60 +19,66 @@ package org.apache.jackrabbit.oak.query; -import java.util.Map; - -import org.apache.felix.scr.annotations.Activate; -import org.apache.felix.scr.annotations.Component; -import org.apache.felix.scr.annotations.ConfigurationPolicy; -import org.apache.felix.scr.annotations.Property; -import org.apache.felix.scr.annotations.Reference; import org.apache.jackrabbit.oak.api.jmx.QueryEngineSettingsMBean; -import org.apache.jackrabbit.oak.commons.PropertiesUtil; import org.osgi.framework.BundleContext; +import org.osgi.service.component.annotations.Activate; +import org.osgi.service.component.annotations.Component; +import org.osgi.service.component.annotations.ConfigurationPolicy; +import org.osgi.service.component.annotations.Reference; +import org.osgi.service.metatype.annotations.AttributeDefinition; +import org.osgi.service.metatype.annotations.Designate; +import org.osgi.service.metatype.annotations.ObjectClassDefinition; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -@Component( - policy = ConfigurationPolicy.REQUIRE, - metatype = true, - label = "Apache Jackrabbit Query Engine Settings Service", - description = "Various settings exposed by Oak QueryEngine. Note that settings done by system property " + - "supersedes the one defined via OSGi config" -) +@Component(configurationPolicy = ConfigurationPolicy.REQUIRE) +@Designate(ocd = QueryEngineSettingsService.Configuration.class) public class QueryEngineSettingsService { + @ObjectClassDefinition( + name = "Apache Jackrabbit Query Engine Settings Service", + description = "Various settings exposed by Oak QueryEngine. Note that settings done by system property " + + "supersedes the one defined via OSGi config" + ) + @interface Configuration { + + @AttributeDefinition( + name = "In memory limit", + description = "Maximum number of entries that can be held in memory while evaluating any query" + ) + int queryLimitInMemory() default DEFAULT_QUERY_LIMIT_IN_MEMORY; + + @AttributeDefinition( + name = "In memory read limit", + description = "Maximum number of results which can be read by any query" + ) + int queryLimitReads() default DEFAULT_QUERY_LIMIT_READS; + + @AttributeDefinition( + name = "Fail traversal", + description = "If enabled any query execution which results in traversal would fail." + ) + boolean queryFailTraversal() default DEFAULT_QUERY_FAIL_TRAVERSAL; + + @AttributeDefinition( + name = "Fast result size", + description = "Whether the query result size should return an estimation (or -1 if disabled) " + + "for large queries" + ) + boolean fastQuerySize() default false; + } + // should be the same as QueryEngineSettings.DEFAULT_QUERY_LIMIT_IN_MEMORY private static final int DEFAULT_QUERY_LIMIT_IN_MEMORY = 500000; - @Property( - intValue = DEFAULT_QUERY_LIMIT_IN_MEMORY, - label = "In memory limit", - description = "Maximum number of entries that can be held in memory while evaluating any query" - ) static final String QUERY_LIMIT_IN_MEMORY = "queryLimitInMemory"; // should be the same as QueryEngineSettings.DEFAULT_QUERY_LIMIT_READS private static final int DEFAULT_QUERY_LIMIT_READS = 100000; - @Property( - intValue = DEFAULT_QUERY_LIMIT_READS, - label = "In memory read limit", - description = "Maximum number of results which can be read by any query" - ) static final String QUERY_LIMIT_READS = "queryLimitReads"; private static final boolean DEFAULT_QUERY_FAIL_TRAVERSAL = false; - @Property( - boolValue = DEFAULT_QUERY_FAIL_TRAVERSAL, - label = "Fail traversal", - description = "If enabled any query execution which results in traversal would fail." - ) static final String QUERY_FAIL_TRAVERSAL = "queryFailTraversal"; - - @Property( - boolValue = false, - label = "Fast result size", - description = "Whether the query result size should return an estimation (or -1 if disabled) " + - "for large queries" - ) + static final String QUERY_FAST_QUERY_SIZE = "fastQuerySize"; private final Logger log = LoggerFactory.getLogger(getClass()); @@ -81,33 +87,30 @@ public class QueryEngineSettingsService private QueryEngineSettingsMBean queryEngineSettings; @Activate - private void activate(BundleContext context, Map<String, Object> config) { + private void activate(BundleContext context, Configuration config) { if (System.getProperty(QueryEngineSettings.OAK_QUERY_LIMIT_IN_MEMORY) == null) { - int queryLimitInMemory = PropertiesUtil.toInteger(config.get(QUERY_LIMIT_IN_MEMORY), - DEFAULT_QUERY_LIMIT_IN_MEMORY); + int queryLimitInMemory = config.queryLimitInMemory(); queryEngineSettings.setLimitInMemory(queryLimitInMemory); } else { logMsg(QUERY_LIMIT_IN_MEMORY, QueryEngineSettings.OAK_QUERY_LIMIT_IN_MEMORY); } if (System.getProperty(QueryEngineSettings.OAK_QUERY_LIMIT_READS) == null) { - int queryLimitReads = PropertiesUtil.toInteger(config.get(QUERY_LIMIT_READS), - DEFAULT_QUERY_LIMIT_READS); + int queryLimitReads = config.queryLimitReads(); queryEngineSettings.setLimitReads(queryLimitReads); } else { logMsg(QUERY_LIMIT_IN_MEMORY, QueryEngineSettings.OAK_QUERY_LIMIT_READS); } if (System.getProperty(QueryEngineSettings.OAK_QUERY_FAIL_TRAVERSAL) == null) { - boolean failTraversal = PropertiesUtil.toBoolean(config.get(QUERY_FAIL_TRAVERSAL), - DEFAULT_QUERY_FAIL_TRAVERSAL); + boolean failTraversal = config.queryFailTraversal(); queryEngineSettings.setFailTraversal(failTraversal); } else { logMsg(QUERY_FAIL_TRAVERSAL, QueryEngineSettings.OAK_QUERY_FAIL_TRAVERSAL); } boolean fastQuerySizeSysProp = QueryEngineSettings.DEFAULT_FAST_QUERY_SIZE; - boolean fastQuerySizeFromConfig = PropertiesUtil.toBoolean(config.get(QUERY_FAST_QUERY_SIZE), false); + boolean fastQuerySizeFromConfig = config.fastQuerySize(); queryEngineSettings.setFastQuerySize(fastQuerySizeFromConfig || fastQuerySizeSysProp); log.info("Initialize QueryEngine settings {}", queryEngineSettings);
Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java?rev=1810002&r1=1810001&r2=1810002&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationConfigurationImpl.java Thu Sep 28 14:09:26 2017 @@ -19,11 +19,6 @@ package org.apache.jackrabbit.oak.securi import java.util.Map; import javax.annotation.Nonnull; -import org.apache.felix.scr.annotations.Activate; -import org.apache.felix.scr.annotations.Component; -import org.apache.felix.scr.annotations.Properties; -import org.apache.felix.scr.annotations.Property; -import org.apache.felix.scr.annotations.Service; import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.spi.security.ConfigurationBase; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; @@ -33,6 +28,11 @@ import org.apache.jackrabbit.oak.spi.sec import org.apache.jackrabbit.oak.spi.security.authentication.LoginContextProvider; import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard; import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardAware; +import org.osgi.service.component.annotations.Activate; +import org.osgi.service.component.annotations.Component; +import org.osgi.service.metatype.annotations.AttributeDefinition; +import org.osgi.service.metatype.annotations.Designate; +import org.osgi.service.metatype.annotations.ObjectClassDefinition; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -48,21 +48,28 @@ import org.slf4j.LoggerFactory; * </ul> * */ -@Component(metatype = true, label = "Apache Jackrabbit Oak AuthenticationConfiguration") -@Service({AuthenticationConfiguration.class, SecurityConfiguration.class}) -@Properties({ - @Property(name = AuthenticationConfiguration.PARAM_APP_NAME, - label = "Application Name", - value = AuthenticationConfiguration.DEFAULT_APP_NAME, - description = "Application named used for JAAS authentication"), - @Property(name = AuthenticationConfiguration.PARAM_CONFIG_SPI_NAME, - label = "JAAS Config SPI Name", - description = "Name of JAAS Configuration Spi. This needs to be set to JAAS config provider " + - "name if JAAS authentication " + - "is managed by Felix JAAS Support with its Global Configuration Policy set to 'default'.") -}) +@Component(service = {AuthenticationConfiguration.class, SecurityConfiguration.class}) +@Designate(ocd = AuthenticationConfigurationImpl.Configuration.class) public class AuthenticationConfigurationImpl extends ConfigurationBase implements AuthenticationConfiguration { + @ObjectClassDefinition(name = "Apache Jackrabbit Oak AuthenticationConfiguration") + @interface Configuration { + + @AttributeDefinition( + name = "Application Name", + description = "Application named used for JAAS authentication", + defaultValue = AuthenticationConfiguration.DEFAULT_APP_NAME + ) + String org_apache_jackrabbit_oak_authentication_appName() default AuthenticationConfiguration.DEFAULT_APP_NAME; + + @AttributeDefinition( + name = "JAAS Config SPI Name", + description = "Name of JAAS Configuration Spi. This needs to be set to JAAS config provider " + + "name if JAAS authentication is managed by Felix JAAS Support with its Global " + + "Configuration Policy set to 'default'.") + String org_apache_jackrabbit_oak_authentication_configSpiName(); + } + private static final Logger log = LoggerFactory.getLogger(AuthenticationConfigurationImpl.class); /** Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java?rev=1810002&r1=1810001&r2=1810002&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java Thu Sep 28 14:09:26 2017 @@ -16,8 +16,6 @@ */ package org.apache.jackrabbit.oak.security.authentication.token; -import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME; - import java.security.Principal; import java.util.List; import java.util.Map; @@ -30,15 +28,6 @@ import com.google.common.collect.Immutab import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; -import org.apache.felix.scr.annotations.Activate; -import org.apache.felix.scr.annotations.Component; -import org.apache.felix.scr.annotations.Properties; -import org.apache.felix.scr.annotations.Property; -import org.apache.felix.scr.annotations.Reference; -import org.apache.felix.scr.annotations.ReferenceCardinality; -import org.apache.felix.scr.annotations.ReferencePolicy; -import org.apache.felix.scr.annotations.References; -import org.apache.felix.scr.annotations.Service; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.spi.commit.MoveTracker; import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; @@ -52,50 +41,62 @@ import org.apache.jackrabbit.oak.spi.sec import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration; import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider; import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration; -import org.apache.jackrabbit.oak.spi.security.user.UserConstants; import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtil; +import org.osgi.service.component.annotations.Activate; +import org.osgi.service.component.annotations.Component; +import org.osgi.service.component.annotations.Reference; +import org.osgi.service.component.annotations.ReferenceCardinality; +import org.osgi.service.component.annotations.ReferencePolicy; +import org.osgi.service.metatype.annotations.AttributeDefinition; +import org.osgi.service.metatype.annotations.Designate; +import org.osgi.service.metatype.annotations.ObjectClassDefinition; + +import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME; /** * Default implementation for the {@code TokenConfiguration} interface. */ -@Component(metatype = true, label = "Apache Jackrabbit Oak TokenConfiguration") -@Service({TokenConfiguration.class, SecurityConfiguration.class}) -@Properties({ - @Property(name = TokenProvider.PARAM_TOKEN_EXPIRATION, - label = "Token Expiration", - description = "Expiration time of login tokens in ms."), - @Property(name = TokenProvider.PARAM_TOKEN_LENGTH, - label = "Token Length", - description = "Length of the generated token."), - @Property(name = TokenProvider.PARAM_TOKEN_REFRESH, - label = "Token Refresh", - description = "Enable/disable refresh of login tokens (i.e. resetting the expiration time).", - boolValue = true), - @Property(name = UserConstants.PARAM_PASSWORD_HASH_ALGORITHM, - label = "Hash Algorithm", - description = "Name of the algorithm to hash the token.", - value = PasswordUtil.DEFAULT_ALGORITHM), - @Property(name = UserConstants.PARAM_PASSWORD_HASH_ITERATIONS, - label = "Hash Iterations", - description = "Number of iterations used to hash the token.", - intValue = PasswordUtil.DEFAULT_ITERATIONS), - @Property(name = UserConstants.PARAM_PASSWORD_SALT_SIZE, - label = "Hash Salt Size", - description = "Size of the salt used to generate the hash.", - intValue = PasswordUtil.DEFAULT_SALT_SIZE), - @Property(name = OAK_SECURITY_NAME, - propertyPrivate = true, - value = "org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl") -}) -@References({ - @Reference( - name = "credentialsSupport", - referenceInterface = CredentialsSupport.class, - cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, - policy = ReferencePolicy.DYNAMIC) -}) +@Component( + service = {TokenConfiguration.class, SecurityConfiguration.class}, + property = OAK_SECURITY_NAME + "=org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl") +@Designate(ocd = TokenConfigurationImpl.Configuration.class) public class TokenConfigurationImpl extends ConfigurationBase implements TokenConfiguration { + @ObjectClassDefinition( + name = "Apache Jackrabbit Oak TokenConfiguration" + ) + @interface Configuration { + @AttributeDefinition( + name = "Token Expiration", + description = "Expiration time of login tokens in ms.") + String tokenExpiration(); + + @AttributeDefinition( + name = "Token Length", + description = "Length of the generated token.") + String tokenLength(); + + @AttributeDefinition( + name = "Token Refresh", + description = "Enable/disable refresh of login tokens (i.e. resetting the expiration time).") + boolean tokenRefresh() default true; + + @AttributeDefinition( + name = "Hash Algorithm", + description = "Name of the algorithm to hash the token.") + String passwordHashAlgorithm() default PasswordUtil.DEFAULT_ALGORITHM; + + @AttributeDefinition( + name = "Hash Iterations", + description = "Number of iterations used to hash the token.") + int passwordHashIterations() default PasswordUtil.DEFAULT_ITERATIONS; + + @AttributeDefinition( + name = "Hash Salt Size", + description = "Size of the salt used to generate the hash.") + int passwordSaltSize() default PasswordUtil.DEFAULT_SALT_SIZE; + } + private final Map<String, CredentialsSupport> credentialsSupport = new ConcurrentHashMap<>( ImmutableMap.of(SimpleCredentialsSupport.class.getName(), SimpleCredentialsSupport.getInstance())); @@ -115,12 +116,17 @@ public class TokenConfigurationImpl exte setParameters(ConfigurationParameters.of(properties)); } + @Reference(name = "credentialsSupport", + cardinality = ReferenceCardinality.OPTIONAL, + policy = ReferencePolicy.DYNAMIC) + @SuppressWarnings("UnusedDeclaration") public void bindCredentialsSupport(CredentialsSupport credentialsSupport) { this.credentialsSupport.put(credentialsSupport.getClass().getName(), credentialsSupport); } + @SuppressWarnings("UnusedDeclaration") public void unbindCredentialsSupport(CredentialsSupport credentialsSupport) { - this.credentialsSupport.remove(credentialsSupport.getClass().getName()); + this.credentialsSupport.remove(credentialsSupport.getClass().getName()); } //----------------------------------------------< SecurityConfiguration >--- Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java?rev=1810002&r1=1810001&r2=1810002&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java Thu Sep 28 14:09:26 2017 @@ -26,13 +26,6 @@ import java.util.Set; import javax.annotation.Nonnull; import javax.jcr.security.AccessControlManager; -import org.apache.felix.scr.annotations.Activate; -import org.apache.felix.scr.annotations.Component; -import org.apache.felix.scr.annotations.Properties; -import org.apache.felix.scr.annotations.Property; -import org.apache.felix.scr.annotations.PropertyOption; -import org.apache.felix.scr.annotations.Reference; -import org.apache.felix.scr.annotations.Service; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.namespace.NamespaceConstants; @@ -53,7 +46,6 @@ import org.apache.jackrabbit.oak.spi.com import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer; import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider; import org.apache.jackrabbit.oak.spi.mount.Mounts; -import org.apache.jackrabbit.oak.spi.security.CompositeConfiguration; import org.apache.jackrabbit.oak.spi.security.ConfigurationBase; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.Context; @@ -61,7 +53,6 @@ import org.apache.jackrabbit.oak.spi.sec import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration; import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants; -import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants; import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants; @@ -69,50 +60,61 @@ import org.apache.jackrabbit.oak.spi.xml import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter; import com.google.common.collect.ImmutableList; +import org.osgi.service.component.annotations.Activate; +import org.osgi.service.component.annotations.Component; +import org.osgi.service.component.annotations.Reference; +import org.osgi.service.metatype.annotations.AttributeDefinition; +import org.osgi.service.metatype.annotations.ObjectClassDefinition; +import org.osgi.service.metatype.annotations.Option; /** * Default implementation of the {@code AccessControlConfiguration}. */ -@Component(metatype = true, label = "Apache Jackrabbit Oak AuthorizationConfiguration") -@Service({AuthorizationConfiguration.class, SecurityConfiguration.class}) -@Properties({ - @Property(name = PermissionConstants.PARAM_PERMISSIONS_JR2, - label = "Jackrabbit 2.x Permissions", +@Component( + service = {AuthorizationConfiguration.class, SecurityConfiguration.class}, + property = OAK_SECURITY_NAME + "=org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl") +public class AuthorizationConfigurationImpl extends ConfigurationBase implements AuthorizationConfiguration { + + @ObjectClassDefinition(name = "Apache Jackrabbit Oak AuthorizationConfiguration") + @interface Configuration { + @AttributeDefinition( + name = "Jackrabbit 2.x Permissions", description = "Enforce backwards compatible permission validation with respect to the configurable options.", cardinality = 2, options = { - @PropertyOption(name = "USER_MANAGEMENT", value = "USER_MANAGEMENT"), - @PropertyOption(name = "REMOVE_NODE", value = "REMOVE_NODE") - }), - @Property(name = ProtectedItemImporter.PARAM_IMPORT_BEHAVIOR, - label = "Import Behavior", + @Option(label = "USER_MANAGEMENT", value = "USER_MANAGEMENT"), + @Option(label = "REMOVE_NODE", value = "REMOVE_NODE") + }) + String permissionsJr2(); + @AttributeDefinition( + name = "Import Behavior", description = "Behavior for access control related items upon XML import.", options = { - @PropertyOption(name = ImportBehavior.NAME_ABORT, value = ImportBehavior.NAME_ABORT), - @PropertyOption(name = ImportBehavior.NAME_BESTEFFORT, value = ImportBehavior.NAME_BESTEFFORT), - @PropertyOption(name = ImportBehavior.NAME_IGNORE, value = ImportBehavior.NAME_IGNORE) - }, - value = ImportBehavior.NAME_ABORT), - @Property(name = PermissionConstants.PARAM_READ_PATHS, - label = "Readable Paths", - description = "Enable full read access to regular nodes and properties at the specified paths irrespective of other policies that may take effective.", - value = { + @Option(label = ImportBehavior.NAME_ABORT, value = ImportBehavior.NAME_ABORT), + @Option(label = ImportBehavior.NAME_BESTEFFORT, value = ImportBehavior.NAME_BESTEFFORT), + @Option(label = ImportBehavior.NAME_IGNORE, value = ImportBehavior.NAME_IGNORE) + }) + String importBehaviour() default ImportBehavior.NAME_ABORT; + + @AttributeDefinition( + name = "Readable Paths", + description = "Enable full read access to regular nodes and properties at the specified paths irrespective of other policies that may take effective.") + String[] readPaths() default { NamespaceConstants.NAMESPACES_PATH, NodeTypeConstants.NODE_TYPES_PATH, - PrivilegeConstants.PRIVILEGES_PATH }), - @Property(name = PermissionConstants.PARAM_ADMINISTRATIVE_PRINCIPALS, - label = "Administrative Principals", + PrivilegeConstants.PRIVILEGES_PATH }; + + @AttributeDefinition( + name = "Administrative Principals", description = "Allows to specify principals that should be granted full permissions on the complete repository content.", - cardinality = 10), - @Property(name = CompositeConfiguration.PARAM_RANKING, - label = "Ranking", - description = "Ranking of this configuration in a setup with multiple authorization configurations.", - intValue = 100), - @Property(name = OAK_SECURITY_NAME, - propertyPrivate = true, - value = "org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl") -}) -public class AuthorizationConfigurationImpl extends ConfigurationBase implements AuthorizationConfiguration { + cardinality = 10) + String[] administrativePrincipals(); + + @AttributeDefinition( + name = "Ranking", + description = "Ranking of this configuration in a setup with multiple authorization configurations.") + int configurationRanking() default 100; + } @Reference private MountInfoProvider mountInfoProvider = Mounts.defaultMountInfoProvider(); Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java?rev=1810002&r1=1810001&r2=1810002&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImpl.java Thu Sep 28 14:09:26 2017 @@ -27,9 +27,6 @@ import javax.annotation.Nullable; import javax.jcr.security.AccessControlException; import com.google.common.collect.ImmutableMap; -import org.apache.felix.scr.annotations.Component; -import org.apache.felix.scr.annotations.Property; -import org.apache.felix.scr.annotations.Service; import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; @@ -40,6 +37,7 @@ import org.apache.jackrabbit.oak.spi.sec import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinitionImpl; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionPattern; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider; +import org.osgi.service.component.annotations.Component; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -59,10 +57,9 @@ import org.slf4j.LoggerFactory; * is {@link org.apache.jackrabbit.oak.api.Type#STRINGS}.</li> * </ul> */ -@Component -@Service(RestrictionProvider.class) -@Property(name = OAK_SECURITY_NAME, - value = "org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionProviderImpl") +@Component( + service = RestrictionProvider.class, + property = OAK_SECURITY_NAME + "=org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionProviderImpl") public class RestrictionProviderImpl extends AbstractRestrictionProvider { private static final Logger log = LoggerFactory.getLogger(RestrictionProviderImpl.class); Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java?rev=1810002&r1=1810001&r2=1810002&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistration.java Thu Sep 28 14:09:26 2017 @@ -22,25 +22,12 @@ import java.util.List; import java.util.Map; import javax.annotation.Nonnull; -import org.apache.felix.scr.annotations.Activate; -import org.apache.felix.scr.annotations.Component; -import org.apache.felix.scr.annotations.Deactivate; -import org.apache.felix.scr.annotations.Modified; -import org.apache.felix.scr.annotations.Properties; -import org.apache.felix.scr.annotations.Property; -import org.apache.felix.scr.annotations.PropertyOption; -import org.apache.felix.scr.annotations.PropertyUnbounded; -import org.apache.felix.scr.annotations.Reference; -import org.apache.felix.scr.annotations.ReferenceCardinality; -import org.apache.felix.scr.annotations.ReferencePolicy; -import org.apache.felix.scr.annotations.References; import org.apache.jackrabbit.oak.commons.PropertiesUtil; import org.apache.jackrabbit.oak.osgi.OsgiWhiteboard; import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration; import org.apache.jackrabbit.oak.security.user.UserConfigurationImpl; import org.apache.jackrabbit.oak.spi.security.CompositeConfiguration; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; -import org.apache.jackrabbit.oak.spi.security.RegistrationConstants; import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration; @@ -64,24 +51,36 @@ import org.apache.jackrabbit.oak.securit import org.osgi.framework.BundleContext; import org.osgi.framework.Constants; import org.osgi.framework.ServiceRegistration; +import org.osgi.service.component.annotations.Activate; +import org.osgi.service.component.annotations.Component; +import org.osgi.service.component.annotations.Deactivate; +import org.osgi.service.component.annotations.Modified; +import org.osgi.service.component.annotations.Reference; +import org.osgi.service.component.annotations.ReferenceCardinality; +import org.osgi.service.component.annotations.ReferencePolicy; +import org.osgi.service.metatype.annotations.AttributeDefinition; +import org.osgi.service.metatype.annotations.Designate; +import org.osgi.service.metatype.annotations.ObjectClassDefinition; +import org.osgi.service.metatype.annotations.Option; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import static com.google.common.collect.Lists.newArrayList; import static com.google.common.collect.Lists.newCopyOnWriteArrayList; import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME; -import static org.osgi.framework.Constants.OBJECTCLASS; -@Component( - immediate = true, - metatype = true, - label = "Apache Jackrabbit Oak SecurityProvider", - description = "The default SecurityProvider embedded in Apache Jackrabbit Oak" -) -@Properties({ - @Property( - name = "requiredServicePids", - label = "Required Services", +@Component(immediate=true) +@Designate(ocd = SecurityProviderRegistration.Configuration.class) +@SuppressWarnings("unused") +public class SecurityProviderRegistration { + + @ObjectClassDefinition( + name = "Apache Jackrabbit Oak SecurityProvider", + description = "The default SecurityProvider embedded in Apache Jackrabbit Oak" + ) + @interface Configuration { + @AttributeDefinition( + name = "Required Services", description = "The SecurityProvider will not register itself " + "unless the services identified by the following service pids " + "or the oak.security.name properties are registered first. The class name is " + @@ -90,85 +89,36 @@ import static org.osgi.framework.Constan "Only implementations of the following interfaces are checked :" + "AuthorizationConfiguration, PrincipalConfiguration, " + "TokenConfiguration, AuthorizableActionProvider, " + - "RestrictionProvider and UserAuthenticationFactory.", - value = { - "org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl", - "org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl", - "org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl", - "org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider", - "org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionProviderImpl", - "org.apache.jackrabbit.oak.security.user.UserAuthenticationFactoryImpl" - }, - unbounded = PropertyUnbounded.ARRAY - ), - @Property( - name = "authorizationCompositionType", - label = "Authorization Composition Type", + "RestrictionProvider and UserAuthenticationFactory." + ) + String[] requiredServicePids() default { + "org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl", + "org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl", + "org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl", + "org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider", + "org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionProviderImpl", + "org.apache.jackrabbit.oak.security.user.UserAuthenticationFactoryImpl" + }; + + @AttributeDefinition( + name = "Authorization Composition Type", description = "The Composite Authorization model uses this flag to determine what type of logic " + "to apply to the existing providers (default value is AND).", - value = "AND", options = { - @PropertyOption(name = "AND", value = "AND"), - @PropertyOption(name = "OR", value = "OR") + @Option(label = "AND", value = "AND"), + @Option(label = "OR", value = "OR") } ) -}) -@References({ - @Reference( - name = "authorizationConfiguration", - referenceInterface = AuthorizationConfiguration.class, - cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, - policy = ReferencePolicy.DYNAMIC - ), - @Reference( - name = "principalConfiguration", - referenceInterface = PrincipalConfiguration.class, - cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, - policy = ReferencePolicy.DYNAMIC - ), - @Reference( - name = "tokenConfiguration", - referenceInterface = TokenConfiguration.class, - cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, - policy = ReferencePolicy.DYNAMIC - ), - @Reference( - name = "authorizableNodeName", - referenceInterface = AuthorizableNodeName.class, - cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, - policy = ReferencePolicy.DYNAMIC - ), - @Reference( - name = "authorizableActionProvider", - referenceInterface = AuthorizableActionProvider.class, - cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, - policy = ReferencePolicy.DYNAMIC - ), - @Reference( - name = "restrictionProvider", - referenceInterface = RestrictionProvider.class, - cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, - policy = ReferencePolicy.DYNAMIC - ), - @Reference( - name = "userAuthenticationFactory", - referenceInterface = UserAuthenticationFactory.class, - cardinality = ReferenceCardinality.OPTIONAL_MULTIPLE, - policy = ReferencePolicy.DYNAMIC - ) -}) -@SuppressWarnings("unused") -public class SecurityProviderRegistration { + String authorizationCompositionType() default "AND"; + + } private static final Logger log = LoggerFactory.getLogger(SecurityProviderRegistration.class); - @Reference private AuthenticationConfiguration authenticationConfiguration; - @Reference private PrivilegeConfiguration privilegeConfiguration; - @Reference private UserConfiguration userConfiguration; private BundleContext context; @@ -191,8 +141,8 @@ public class SecurityProviderRegistratio //----------------------------------------------------< SCR integration >--- @Activate - public void activate(BundleContext context, Map<String, Object> configuration) { - String[] requiredServicePids = getRequiredServicePids(configuration); + public void activate(BundleContext context, Configuration configuration) { + String[] requiredServicePids = configuration.requiredServicePids(); synchronized (this) { for (String pid : requiredServicePids) { @@ -201,14 +151,14 @@ public class SecurityProviderRegistratio this.context = context; } - this.authorizationConfiguration.withCompositionType(getAuthorizationCompositionType(configuration)); + this.authorizationConfiguration.withCompositionType(configuration.authorizationCompositionType()); maybeRegister(); } @Modified - public void modified(Map<String, Object> configuration) { - String[] requiredServicePids = getRequiredServicePids(configuration); + public void modified(Configuration configuration) { + String[] requiredServicePids = configuration.requiredServicePids(); synchronized (this) { preconditions.clearPreconditions(); @@ -217,7 +167,7 @@ public class SecurityProviderRegistratio preconditions.addPrecondition(pid); } } - this.authorizationConfiguration.withCompositionType(getAuthorizationCompositionType(configuration)); + this.authorizationConfiguration.withCompositionType(configuration.authorizationCompositionType()); maybeUnregister(); maybeRegister(); @@ -244,6 +194,7 @@ public class SecurityProviderRegistratio //--------------------------------------< unary security configurations >--- + @Reference(name = "authenticationConfiguration") public void bindAuthenticationConfiguration(AuthenticationConfiguration authenticationConfiguration) { this.authenticationConfiguration = authenticationConfiguration; } @@ -252,6 +203,7 @@ public class SecurityProviderRegistratio this.authenticationConfiguration = null; } + @Reference(name = "privilegeConfiguration") public void bindPrivilegeConfiguration(PrivilegeConfiguration privilegeConfiguration) { this.privilegeConfiguration = privilegeConfiguration; } @@ -260,6 +212,7 @@ public class SecurityProviderRegistratio this.privilegeConfiguration = null; } + @Reference(name = "userConfiguration") public void bindUserConfiguration(UserConfiguration userConfiguration) { this.userConfiguration = userConfiguration; } @@ -270,6 +223,12 @@ public class SecurityProviderRegistratio //-----------------------------------< multiple security configurations >--- + @Reference( + name = "authorizationConfiguration", + service = AuthorizationConfiguration.class, + cardinality = ReferenceCardinality.MULTIPLE, + policy = ReferencePolicy.DYNAMIC + ) public void bindAuthorizationConfiguration(AuthorizationConfiguration configuration, Map<String, Object> properties) { bindConfiguration(authorizationConfiguration, configuration, properties); } @@ -278,6 +237,12 @@ public class SecurityProviderRegistratio unbindConfiguration(authorizationConfiguration, configuration, properties); } + @Reference( + name = "principalConfiguration", + service = PrincipalConfiguration.class, + cardinality = ReferenceCardinality.MULTIPLE, + policy = ReferencePolicy.DYNAMIC + ) public void bindPrincipalConfiguration(PrincipalConfiguration configuration, Map<String, Object> properties) { bindConfiguration(principalConfiguration, configuration, properties); } @@ -286,6 +251,12 @@ public class SecurityProviderRegistratio unbindConfiguration(principalConfiguration, configuration, properties); } + @Reference( + name = "tokenConfiguration", + service = TokenConfiguration.class, + cardinality = ReferenceCardinality.MULTIPLE, + policy = ReferencePolicy.DYNAMIC + ) public void bindTokenConfiguration(TokenConfiguration configuration, Map<String, Object> properties) { bindConfiguration(tokenConfiguration, configuration, properties); } @@ -311,7 +282,12 @@ public class SecurityProviderRegistratio } //------------------------------------------------------------< add ons >--- - + @Reference( + name = "authorizableNodeName", + service = AuthorizableNodeName.class, + cardinality = ReferenceCardinality.MULTIPLE, + policy = ReferencePolicy.DYNAMIC + ) public void bindAuthorizableNodeName(AuthorizableNodeName authorizableNodeName, Map<String, Object> properties) { synchronized (this) { authorizableNodeNames.add(authorizableNodeName); @@ -330,6 +306,12 @@ public class SecurityProviderRegistratio maybeUnregister(); } + @Reference( + name = "authorizableActionProvider", + service = AuthorizableActionProvider.class, + cardinality = ReferenceCardinality.MULTIPLE, + policy = ReferencePolicy.DYNAMIC + ) public void bindAuthorizableActionProvider(AuthorizableActionProvider authorizableActionProvider, Map<String, Object> properties) { synchronized (this) { authorizableActionProviders.add(authorizableActionProvider); @@ -348,6 +330,12 @@ public class SecurityProviderRegistratio maybeUnregister(); } + @Reference( + name = "restrictionProvider", + service = RestrictionProvider.class, + cardinality = ReferenceCardinality.MULTIPLE, + policy = ReferencePolicy.DYNAMIC + ) public void bindRestrictionProvider(RestrictionProvider restrictionProvider, Map<String, Object> properties) { synchronized (this) { restrictionProviders.add(restrictionProvider); @@ -366,6 +354,12 @@ public class SecurityProviderRegistratio maybeUnregister(); } + @Reference( + name = "userAuthenticationFactory", + service = UserAuthenticationFactory.class, + cardinality = ReferenceCardinality.MULTIPLE, + policy = ReferencePolicy.DYNAMIC + ) public void bindUserAuthenticationFactory(UserAuthenticationFactory userAuthenticationFactory, Map<String, Object> properties) { synchronized (this) { userAuthenticationFactories.add(userAuthenticationFactory); @@ -598,13 +592,4 @@ public class SecurityProviderRegistratio } return PropertiesUtil.toString(properties.get(OAK_SECURITY_NAME), null); } - - private static String[] getRequiredServicePids(Map<String, Object> configuration) { - return PropertiesUtil.toStringArray(configuration.get("requiredServicePids"), new String[]{}); - } - - @Nonnull - private static String getAuthorizationCompositionType(Map<String, Object> properties) { - return PropertiesUtil.toString(properties.get("authorizationCompositionType"), "AND"); - } } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImpl.java?rev=1810002&r1=1810001&r2=1810002&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImpl.java Thu Sep 28 14:09:26 2017 @@ -22,10 +22,6 @@ import java.util.Map; import javax.annotation.Nonnull; -import org.apache.felix.scr.annotations.Activate; -import org.apache.felix.scr.annotations.Component; -import org.apache.felix.scr.annotations.Property; -import org.apache.felix.scr.annotations.Service; import org.apache.jackrabbit.api.security.principal.PrincipalManager; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.namepath.NamePathMapper; @@ -37,14 +33,15 @@ import org.apache.jackrabbit.oak.spi.sec import org.apache.jackrabbit.oak.spi.security.principal.PrincipalManagerImpl; import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider; import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration; +import org.osgi.service.component.annotations.Activate; +import org.osgi.service.component.annotations.Component; /** * Default implementation of the {@code PrincipalConfiguration} */ -@Component() -@Service({PrincipalConfiguration.class, SecurityConfiguration.class}) -@Property(name = OAK_SECURITY_NAME, - value = "org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl" ) +@Component( + service = {PrincipalConfiguration.class, SecurityConfiguration.class}, + property = OAK_SECURITY_NAME + "=org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl") public class PrincipalConfigurationImpl extends ConfigurationBase implements PrincipalConfiguration { @SuppressWarnings("UnusedDeclaration") Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java?rev=1810002&r1=1810001&r2=1810002&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java Thu Sep 28 14:09:26 2017 @@ -24,9 +24,6 @@ import java.util.Set; import javax.annotation.Nonnull; -import org.apache.felix.scr.annotations.Activate; -import org.apache.felix.scr.annotations.Component; -import org.apache.felix.scr.annotations.Service; import org.apache.jackrabbit.api.security.authorization.PrivilegeManager; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.namepath.NamePathMapper; @@ -39,12 +36,13 @@ import org.apache.jackrabbit.oak.spi.sec import org.apache.jackrabbit.oak.spi.security.Context; import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration; +import org.osgi.service.component.annotations.Activate; +import org.osgi.service.component.annotations.Component; /** * Configuration for the privilege management component. */ -@Component() -@Service({PrivilegeConfiguration.class, SecurityConfiguration.class}) +@Component(service = {PrivilegeConfiguration.class, SecurityConfiguration.class}) public class PrivilegeConfigurationImpl extends ConfigurationBase implements PrivilegeConfiguration { //---------------------------------------------< PrivilegeConfiguration >--- Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/RandomAuthorizableNodeName.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/RandomAuthorizableNodeName.java?rev=1810002&r1=1810001&r2=1810002&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/RandomAuthorizableNodeName.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/RandomAuthorizableNodeName.java Thu Sep 28 14:09:26 2017 @@ -19,29 +19,41 @@ package org.apache.jackrabbit.oak.securi import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME; import java.security.SecureRandom; -import java.util.Map; import java.util.Random; import javax.annotation.Nonnull; -import org.apache.felix.scr.annotations.Activate; -import org.apache.felix.scr.annotations.Component; -import org.apache.felix.scr.annotations.ConfigurationPolicy; -import org.apache.felix.scr.annotations.Property; -import org.apache.felix.scr.annotations.Service; -import org.apache.jackrabbit.oak.commons.PropertiesUtil; import org.apache.jackrabbit.oak.spi.security.user.AuthorizableNodeName; +import org.osgi.service.component.annotations.Activate; +import org.osgi.service.component.annotations.Component; +import org.osgi.service.component.annotations.ConfigurationPolicy; +import org.osgi.service.metatype.annotations.AttributeDefinition; +import org.osgi.service.metatype.annotations.Designate; +import org.osgi.service.metatype.annotations.ObjectClassDefinition; /** * Implementation of the {@code AuthorizableNodeName} that generates a random * node name that doesn't reveal the ID of the authorizable. */ -@Component(metatype = true, label = "Apache Jackrabbit Oak Random Authorizable Node Name", description = "Generates a random name for the authorizable node.", policy = ConfigurationPolicy.REQUIRE) -@Service(AuthorizableNodeName.class) -@Property(name = OAK_SECURITY_NAME, - propertyPrivate = true, - value = "org.apache.jackrabbit.oak.security.user.RandomAuthorizableNodeName") +@Component( + configurationPolicy = ConfigurationPolicy.REQUIRE, + service = AuthorizableNodeName.class, + property = OAK_SECURITY_NAME + "=org.apache.jackrabbit.oak.security.user.RandomAuthorizableNodeName" +) +@Designate(ocd = RandomAuthorizableNodeName.Configuration.class) public class RandomAuthorizableNodeName implements AuthorizableNodeName { + @ObjectClassDefinition( + name = "Apache Jackrabbit Oak Random Authorizable Node Name", + description = "Generates a random name for the authorizable node." + ) + @interface Configuration { + + @AttributeDefinition( + name = "Name Length", + description = "Length of the generated node name.") + int length() default DEFAULT_LENGTH; + } + /** * Characters used to encode the random data. This matches the Base64URL * characters, which is both filename- and URL-safe. @@ -62,8 +74,6 @@ public class RandomAuthorizableNodeName sb.append("-_"); VALID_CHARS = sb.toString().toCharArray(); } - - private static final String PARAM_LENGTH = "length"; /** * 21 characters, each character with 6 bit of entropy (64 possible @@ -73,7 +83,6 @@ public class RandomAuthorizableNodeName */ public static final int DEFAULT_LENGTH = 21; - @Property(name = PARAM_LENGTH, label = "Name Length", description = "Length of the generated node name.", intValue = DEFAULT_LENGTH) private int length = DEFAULT_LENGTH; @Nonnull @@ -88,7 +97,7 @@ public class RandomAuthorizableNodeName } @Activate - private void activate(Map<String, Object> properties) { - length = PropertiesUtil.toInteger(properties.get(PARAM_LENGTH), DEFAULT_LENGTH); + private void activate(Configuration config) { + length = config.length(); } } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationFactoryImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationFactoryImpl.java?rev=1810002&r1=1810001&r2=1810002&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationFactoryImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserAuthenticationFactoryImpl.java Thu Sep 28 14:09:26 2017 @@ -21,18 +21,15 @@ import static org.apache.jackrabbit.oak. import javax.annotation.Nonnull; import javax.annotation.Nullable; -import org.apache.felix.scr.annotations.Component; -import org.apache.felix.scr.annotations.Property; -import org.apache.felix.scr.annotations.Service; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.spi.security.authentication.Authentication; import org.apache.jackrabbit.oak.spi.security.user.UserAuthenticationFactory; import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration; +import org.osgi.service.component.annotations.Component; -@Component -@Service -@Property(name = OAK_SECURITY_NAME, - value = "org.apache.jackrabbit.oak.security.user.UserAuthenticationFactoryImpl") +@Component( + service = UserAuthenticationFactory.class, + property = OAK_SECURITY_NAME + "=org.apache.jackrabbit.oak.security.user.UserAuthenticationFactoryImpl") public class UserAuthenticationFactoryImpl implements UserAuthenticationFactory { @Nonnull Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java?rev=1810002&r1=1810001&r2=1810002&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java Thu Sep 28 14:09:26 2017 @@ -26,12 +26,6 @@ import javax.annotation.Nonnull; import javax.annotation.Nullable; import com.google.common.collect.ImmutableList; -import org.apache.felix.scr.annotations.Activate; -import org.apache.felix.scr.annotations.Component; -import org.apache.felix.scr.annotations.Properties; -import org.apache.felix.scr.annotations.Property; -import org.apache.felix.scr.annotations.PropertyOption; -import org.apache.felix.scr.annotations.Service; import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.namepath.NamePathMapper; @@ -52,82 +46,115 @@ import org.apache.jackrabbit.oak.spi.sec import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtil; import org.apache.jackrabbit.oak.spi.xml.ImportBehavior; import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter; +import org.osgi.service.component.annotations.Activate; +import org.osgi.service.component.annotations.Component; +import org.osgi.service.metatype.annotations.AttributeDefinition; +import org.osgi.service.metatype.annotations.Designate; +import org.osgi.service.metatype.annotations.ObjectClassDefinition; +import org.osgi.service.metatype.annotations.Option; /** * Default implementation of the {@link UserConfiguration}. */ -@Component(metatype = true, label = "Apache Jackrabbit Oak UserConfiguration") -@Service({UserConfiguration.class, SecurityConfiguration.class}) -@Properties({ - @Property(name = UserConstants.PARAM_USER_PATH, - label = "User Path", - description = "Path underneath which user nodes are being created.", - value = UserConstants.DEFAULT_USER_PATH), - @Property(name = UserConstants.PARAM_GROUP_PATH, - label = "Group Path", - description = "Path underneath which group nodes are being created.", - value = UserConstants.DEFAULT_GROUP_PATH), - @Property(name = UserConstants.PARAM_SYSTEM_RELATIVE_PATH, - label = "System User Relative Path", - description = "Path relative to the user root path underneath which system user nodes are being created. The default value is 'system'.", - value = UserConstants.DEFAULT_SYSTEM_RELATIVE_PATH), - @Property(name = UserConstants.PARAM_DEFAULT_DEPTH, - label = "Default Depth", - description = "Number of levels that are used by default to store authorizable nodes", - intValue = UserConstants.DEFAULT_DEPTH), - @Property(name = ProtectedItemImporter.PARAM_IMPORT_BEHAVIOR, - label = "Import Behavior", +@Component(service = {UserConfiguration.class, SecurityConfiguration.class}) +@Designate(ocd = UserConfigurationImpl.Configuration.class) +public class UserConfigurationImpl extends ConfigurationBase implements UserConfiguration, SecurityConfiguration { + + @ObjectClassDefinition(name = "Apache Jackrabbit Oak UserConfiguration") + @interface Configuration { + @AttributeDefinition( + name = "User Path", + description = "Path underneath which user nodes are being created.") + String usersPath() default UserConstants.DEFAULT_USER_PATH; + + @AttributeDefinition( + name = "Group Path", + description = "Path underneath which group nodes are being created.") + String groupsPath() default UserConstants.DEFAULT_GROUP_PATH; + + @AttributeDefinition( + name = "System User Relative Path", + description = "Path relative to the user root path underneath which system user nodes are being " + + "created. The default value is 'system'.") + String systemRelativePath() default UserConstants.DEFAULT_SYSTEM_RELATIVE_PATH; + + @AttributeDefinition( + name = "Default Depth", + description = "Number of levels that are used by default to store authorizable nodes") + int defaultDepth() default UserConstants.DEFAULT_DEPTH; + + @AttributeDefinition( + name = "Import Behavior", description = "Behavior for user/group related items upon XML import.", options = { - @PropertyOption(name = ImportBehavior.NAME_ABORT, value = ImportBehavior.NAME_ABORT), - @PropertyOption(name = ImportBehavior.NAME_BESTEFFORT, value = ImportBehavior.NAME_BESTEFFORT), - @PropertyOption(name = ImportBehavior.NAME_IGNORE, value = ImportBehavior.NAME_IGNORE) - }, - value = ImportBehavior.NAME_IGNORE), - @Property(name = UserConstants.PARAM_PASSWORD_HASH_ALGORITHM, - label = "Hash Algorithm", - description = "Name of the algorithm used to generate the password hash.", - value = PasswordUtil.DEFAULT_ALGORITHM), - @Property(name = UserConstants.PARAM_PASSWORD_HASH_ITERATIONS, - label = "Hash Iterations", - description = "Number of iterations to generate the password hash.", - intValue = PasswordUtil.DEFAULT_ITERATIONS), - @Property(name = UserConstants.PARAM_PASSWORD_SALT_SIZE, - label = "Hash Salt Size", - description = "Salt size to generate the password hash.", - intValue = PasswordUtil.DEFAULT_SALT_SIZE), - @Property(name = UserConstants.PARAM_OMIT_ADMIN_PW, - label = "Omit Admin Password", - description = "Boolean flag to prevent the administrator account to be created with a password upon repository initialization. Please note that changing this option after the initial repository setup will have no effect.", - boolValue = false), - @Property(name = UserConstants.PARAM_SUPPORT_AUTOSAVE, - label = "Autosave Support", - description = "Configuration option to enable autosave behavior. Note: this config option is present for backwards compatibility with Jackrabbit 2.x and should only be used for broken code that doesn't properly verify the autosave behavior (see Jackrabbit API). If this option is turned on autosave will be enabled by default; otherwise autosave is not supported.", - boolValue = false), - @Property(name = UserConstants.PARAM_PASSWORD_MAX_AGE, - label = "Maximum Password Age", - description = "Maximum age in days a password may have. Values greater 0 will implicitly enable password expiry. A value of 0 indicates unlimited password age.", - intValue = UserConstants.DEFAULT_PASSWORD_MAX_AGE), - @Property(name = UserConstants.PARAM_PASSWORD_INITIAL_CHANGE, - label = "Change Password On First Login", - description = "When enabled, forces users to change their password upon first login.", - boolValue = UserConstants.DEFAULT_PASSWORD_INITIAL_CHANGE), - @Property(name = UserConstants.PARAM_PASSWORD_HISTORY_SIZE, - label = "Maximum Password History Size", - description = "Maximum number of passwords recorded for a user after changing her password (NOTE: upper limit is 1000). When changing the password the new password must not be present in the password history. A value of 0 indicates no password history is recorded.", - intValue = UserConstants.PASSWORD_HISTORY_DISABLED_SIZE), - @Property(name = UserPrincipalProvider.PARAM_CACHE_EXPIRATION, - label = "Principal Cache Expiration", + @Option(label = ImportBehavior.NAME_ABORT, value = ImportBehavior.NAME_ABORT), + @Option(label = ImportBehavior.NAME_BESTEFFORT, value = ImportBehavior.NAME_BESTEFFORT), + @Option(label = ImportBehavior.NAME_IGNORE, value = ImportBehavior.NAME_IGNORE) + }) + String importBehavior() default ImportBehavior.NAME_IGNORE; + + @AttributeDefinition( + name = "Hash Algorithm", + description = "Name of the algorithm used to generate the password hash.") + String passwordHashAlgorithm() default PasswordUtil.DEFAULT_ALGORITHM; + + @AttributeDefinition( + name = "Hash Iterations", + description = "Number of iterations to generate the password hash.") + int passwordHashIterations() default PasswordUtil.DEFAULT_ITERATIONS; + + @AttributeDefinition( + name = "Hash Salt Size", + description = "Salt size to generate the password hash.") + int passwordSaltSize() default PasswordUtil.DEFAULT_SALT_SIZE; + + @AttributeDefinition( + name = "Omit Admin Password", + description = "Boolean flag to prevent the administrator account to be created with a password " + + "upon repository initialization. Please note that changing this option after the initial " + + "repository setup will have no effect.") + boolean omitAdminPw() default false; + + @AttributeDefinition( + name = "Autosave Support", + description = "Configuration option to enable autosave behavior. Note: this config option is " + + "present for backwards compatibility with Jackrabbit 2.x and should only be used for " + + "broken code that doesn't properly verify the autosave behavior (see Jackrabbit API). " + + "If this option is turned on autosave will be enabled by default; otherwise autosave is " + + "not supported.") + boolean supportAutoSave() default false; + + @AttributeDefinition( + name = "Maximum Password Age", + description = "Maximum age in days a password may have. Values greater 0 will implicitly enable " + + "password expiry. A value of 0 indicates unlimited password age.") + int passwordMaxAge() default UserConstants.DEFAULT_PASSWORD_MAX_AGE; + + @AttributeDefinition( + name = "Change Password On First Login", + description = "When enabled, forces users to change their password upon first login.") + boolean initialPasswordChange() default UserConstants.DEFAULT_PASSWORD_INITIAL_CHANGE; + + @AttributeDefinition( + name = "Maximum Password History Size", + description = "Maximum number of passwords recorded for a user after changing her password (NOTE: " + + "upper limit is 1000). When changing the password the new password must not be present in the " + + "password history. A value of 0 indicates no password history is recorded.") + int passwordHistorySize() default UserConstants.PASSWORD_HISTORY_DISABLED_SIZE; + + @AttributeDefinition( + name = "Principal Cache Expiration", description = "Optional configuration defining the number of milliseconds " + - "until the principal cache expires (NOTE: currently only respected for principal resolution with the internal system session such as used for login). " + - "If not set or equal/lower than zero no caches are created/evaluated.", - longValue = UserPrincipalProvider.EXPIRATION_NO_CACHE), - @Property(name = UserConstants.PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE, - label = "RFC7613 Username Comparison Profile", - description = "Enable the UsercaseMappedProfile defined in RFC7613 for username comparison.", - boolValue = false) -}) -public class UserConfigurationImpl extends ConfigurationBase implements UserConfiguration, SecurityConfiguration { + "until the principal cache expires (NOTE: currently only respected for principal resolution " + + "with the internal system session such as used for login). If not set or equal/lower than zero " + + "no caches are created/evaluated.") + long cacheExpiration() default UserPrincipalProvider.EXPIRATION_NO_CACHE; + + @AttributeDefinition( + name = "RFC7613 Username Comparison Profile", + description = "Enable the UsercaseMappedProfile defined in RFC7613 for username comparison.") + boolean enableRFC7613UsercaseMappedProfile() default false; + } private static final UserAuthenticationFactory DEFAULT_AUTH_FACTORY = new UserAuthenticationFactoryImpl(); Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java?rev=1810002&r1=1810001&r2=1810002&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/DefaultAuthorizableActionProvider.java Thu Sep 28 14:09:26 2017 @@ -24,14 +24,14 @@ import javax.annotation.Nonnull; import com.google.common.collect.ImmutableMap; import com.google.common.collect.Lists; -import org.apache.felix.scr.annotations.Activate; -import org.apache.felix.scr.annotations.Component; -import org.apache.felix.scr.annotations.Properties; -import org.apache.felix.scr.annotations.Property; -import org.apache.felix.scr.annotations.PropertyOption; -import org.apache.felix.scr.annotations.Service; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; +import org.osgi.service.component.annotations.Activate; +import org.osgi.service.component.annotations.Component; +import org.osgi.service.metatype.annotations.AttributeDefinition; +import org.osgi.service.metatype.annotations.Designate; +import org.osgi.service.metatype.annotations.ObjectClassDefinition; +import org.osgi.service.metatype.annotations.Option; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -39,35 +39,41 @@ import org.slf4j.LoggerFactory; * Default implementation of the {@link AuthorizableActionProvider} interface * that allows to config all actions provided by the OAK. */ -@Component(metatype = true, label = "Apache Jackrabbit Oak AuthorizableActionProvider") -@Service(AuthorizableActionProvider.class) -@Properties({ - @Property(name = DefaultAuthorizableActionProvider.ENABLED_ACTIONS, - label = "Authorizable Actions", +@Component( + service = AuthorizableActionProvider.class, + property = OAK_SECURITY_NAME + "=org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider") +@Designate(ocd = DefaultAuthorizableActionProvider.Configuration.class) +public class DefaultAuthorizableActionProvider implements AuthorizableActionProvider { + + @ObjectClassDefinition(name = "Apache Jackrabbit Oak AuthorizableActionProvider") + @interface Configuration { + @AttributeDefinition( + name = "Authorizable Actions", description = "The set of actions that is supported by this provider implementation.", cardinality = 4, options = { - @PropertyOption(name = "org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction", value = "AccessControlAction"), - @PropertyOption(name = "org.apache.jackrabbit.oak.spi.security.user.action.PasswordValidationAction", value = "PasswordValidationAction"), - @PropertyOption(name = "org.apache.jackrabbit.oak.spi.security.user.action.PasswordChangeAction", value = "PasswordChangeAction"), - @PropertyOption(name = "org.apache.jackrabbit.oak.spi.security.user.action.ClearMembershipAction", value = "ClearMembershipAction") - }), - @Property(name = AccessControlAction.USER_PRIVILEGE_NAMES, - label = "Configure AccessControlAction: User Privileges", - description = "The name of the privileges that should be granted to a given user on it's home.", - cardinality = Integer.MAX_VALUE), - @Property(name = AccessControlAction.GROUP_PRIVILEGE_NAMES, - label = "Configure AccessControlAction: Group Privileges", - description = "The name of the privileges that should be granted to a given group on it's home.", - cardinality = Integer.MAX_VALUE), - @Property(name = PasswordValidationAction.CONSTRAINT, - label = "Configure PasswordValidationAction: Password Constraint", - description = "A regular expression specifying the pattern that must be matched by a user's password."), - @Property(name = OAK_SECURITY_NAME, - propertyPrivate = true, - value = "org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider") -}) -public class DefaultAuthorizableActionProvider implements AuthorizableActionProvider { + @Option(label = "org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction", value = "AccessControlAction"), + @Option(label = "org.apache.jackrabbit.oak.spi.security.user.action.PasswordValidationAction", value = "PasswordValidationAction"), + @Option(label = "org.apache.jackrabbit.oak.spi.security.user.action.PasswordChangeAction", value = "PasswordChangeAction"), + @Option(label = "org.apache.jackrabbit.oak.spi.security.user.action.ClearMembershipAction", value = "ClearMembershipAction") + }) + String[] enabledActions(); + + @AttributeDefinition( + name = "Configure AccessControlAction: User Privileges", + description = "The name of the privileges that should be granted to a given user on it's home.") + String[] userPrivilegeNames(); + + @AttributeDefinition( + name = "Configure AccessControlAction: Group Privileges", + description = "The name of the privileges that should be granted to a given group on it's home.") + String[] groupPrivilegeNames(); + + @AttributeDefinition( + name = "Configure PasswordValidationAction: Password Constraint", + description = "A regular expression specifying the pattern that must be matched by a user's password.") + String constraint(); + } private static final Logger log = LoggerFactory.getLogger(DefaultAuthorizableActionProvider.class); Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/package-info.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/package-info.java?rev=1810002&r1=1810001&r2=1810002&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/package-info.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/action/package-info.java Thu Sep 28 14:09:26 2017 @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -@Version("1.1.0") +@Version("1.1.1") package org.apache.jackrabbit.oak.spi.security.user.action; import org.osgi.annotation.versioning.Version; Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java?rev=1810002&r1=1810001&r2=1810002&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderRegistrationTest.java Thu Sep 28 14:09:26 2017 @@ -16,6 +16,7 @@ */ package org.apache.jackrabbit.oak.security.internal; +import java.lang.annotation.Annotation; import java.lang.reflect.Field; import java.util.List; import java.util.Map; @@ -100,13 +101,22 @@ public class SecurityProviderRegistratio return sc; } - private static Map<String, Object> requiredServiceIdMap(@Nonnull String... ids) { - return ImmutableMap.of("requiredServicePids", ids); + private static SecurityProviderRegistration.Configuration configWithRequiredServiceIds(@Nonnull String... ids) { + return new SecurityProviderRegistration.Configuration() { + @Override + public Class<? extends Annotation> annotationType() { return SecurityProviderRegistration.Configuration.class; } + + @Override + public String[] requiredServicePids() { return ids; } + + @Override + public String authorizationCompositionType() { return "AND"; } + }; } @Test public void testActivateWithRequiredId() { - registration.activate(context.bundleContext(), requiredServiceIdMap("serviceId")); + registration.activate(context.bundleContext(), configWithRequiredServiceIds("serviceId")); SecurityProvider service = context.getService(SecurityProvider.class); assertNull(service); @@ -119,7 +129,7 @@ public class SecurityProviderRegistratio @Test public void testActivate() { - registration.activate(context.bundleContext(), requiredServiceIdMap("serviceA", "serviceB")); + registration.activate(context.bundleContext(), configWithRequiredServiceIds("serviceA", "serviceB")); SecurityProvider service = context.getService(SecurityProvider.class); assertNull(service); @@ -142,14 +152,14 @@ public class SecurityProviderRegistratio assertTrue(((Preconditions) f.get(registration)).areSatisfied()); - registration.activate(context.bundleContext(), requiredServiceIdMap("requiredService")); + registration.activate(context.bundleContext(), configWithRequiredServiceIds("requiredService")); assertFalse(((Preconditions) f.get(registration)).areSatisfied()); } @Test public void testActivateWithoutPreconditions() { - registration.activate(context.bundleContext(), requiredServiceIdMap()); + registration.activate(context.bundleContext(), configWithRequiredServiceIds()); SecurityProvider service = context.getService(SecurityProvider.class); assertNotNull(service); @@ -158,7 +168,7 @@ public class SecurityProviderRegistratio @Test public void testModified() { - registration.activate(context.bundleContext(), requiredServiceIdMap("rpId", "authorizationId")); + registration.activate(context.bundleContext(), configWithRequiredServiceIds("rpId", "authorizationId")); registration.bindAuthorizationConfiguration(new AuthorizationConfigurationImpl(), ImmutableMap.of(Constants.SERVICE_PID, "authorizationId")); @@ -166,7 +176,7 @@ public class SecurityProviderRegistratio // modify requiredServiceIds by removing the rpId from the mandatory services // => should re-register the security provider - registration.modified(requiredServiceIdMap("authorizationId")); + registration.modified(configWithRequiredServiceIds("authorizationId")); SecurityProvider service = context.getService(SecurityProvider.class); assertNotNull(service); @@ -177,7 +187,7 @@ public class SecurityProviderRegistratio @Test public void testModifiedPreconditionStillSatisfied() { - registration.activate(context.bundleContext(), requiredServiceIdMap("rpId", "authorizationId")); + registration.activate(context.bundleContext(), configWithRequiredServiceIds("rpId", "authorizationId")); RestrictionProvider mockRp = Mockito.mock(RestrictionProvider.class); registration.bindRestrictionProvider(mockRp, ImmutableMap.of(Constants.SERVICE_PID, "rpId")); @@ -186,7 +196,7 @@ public class SecurityProviderRegistratio SecurityProvider service = context.getService(SecurityProvider.class); assertNotNull(service); - registration.modified(requiredServiceIdMap("authorizationId")); + registration.modified(configWithRequiredServiceIds("authorizationId")); SecurityProvider service2 = context.getService(SecurityProvider.class); assertSame(service, service2); @@ -194,7 +204,7 @@ public class SecurityProviderRegistratio @Test public void testDeactivate() throws Exception { - registration.activate(context.bundleContext(), requiredServiceIdMap("nodeName")); + registration.activate(context.bundleContext(), configWithRequiredServiceIds("nodeName")); AuthorizableNodeName mock = Mockito.mock(AuthorizableNodeName.class); registration.bindAuthorizableNodeName(mock, ImmutableMap.of(Constants.SERVICE_PID, "nodeName")); @@ -209,7 +219,7 @@ public class SecurityProviderRegistratio @Test public void testDeactivateWithoutPreconditions() throws Exception { - registration.activate(context.bundleContext(), requiredServiceIdMap()); + registration.activate(context.bundleContext(), configWithRequiredServiceIds()); UserAuthenticationFactory mock = Mockito.mock(UserAuthenticationFactory.class); registration.bindUserAuthenticationFactory(mock, ImmutableMap.of(Constants.SERVICE_PID, "nodeName")); @@ -226,7 +236,7 @@ public class SecurityProviderRegistratio Field f = registration.getClass().getDeclaredField("preconditions"); f.setAccessible(true); - registration.activate(context.bundleContext(), requiredServiceIdMap("nodeName")); + registration.activate(context.bundleContext(), configWithRequiredServiceIds("nodeName")); assertFalse(((Preconditions) f.get(registration)).areSatisfied()); @@ -242,7 +252,7 @@ public class SecurityProviderRegistratio @Test public void testBindOptionalCandidate() throws Exception { - registration.activate(context.bundleContext(), requiredServiceIdMap("serviceId")); + registration.activate(context.bundleContext(), configWithRequiredServiceIds("serviceId")); Field f = registration.getClass().getDeclaredField("preconditions"); f.setAccessible(true); @@ -258,7 +268,7 @@ public class SecurityProviderRegistratio @Test public void testBindOptionalCandidateAfterRegistration() { - registration.activate(context.bundleContext(), requiredServiceIdMap("serviceId")); + registration.activate(context.bundleContext(), configWithRequiredServiceIds("serviceId")); registration.bindTokenConfiguration(mockConfiguration(TokenConfiguration.class), ImmutableMap.of(Constants.SERVICE_PID, "serviceId")); @@ -274,7 +284,7 @@ public class SecurityProviderRegistratio @Test public void testBindMandatoryCandidate() throws Exception { - registration.activate(context.bundleContext(), requiredServiceIdMap("serviceId")); + registration.activate(context.bundleContext(), configWithRequiredServiceIds("serviceId")); Field f = registration.getClass().getDeclaredField("preconditions"); f.setAccessible(true); @@ -290,7 +300,7 @@ public class SecurityProviderRegistratio @Test public void testUnbindMandatoryCandidate() { - registration.activate(context.bundleContext(), requiredServiceIdMap("actionProvider")); + registration.activate(context.bundleContext(), configWithRequiredServiceIds("actionProvider")); registration.bindUserConfiguration(mockConfiguration(UserConfiguration.class)); @@ -307,7 +317,7 @@ public class SecurityProviderRegistratio @Test public void testUnbindMandatoryCandidateOnPreconditions() throws Exception { - registration.activate(context.bundleContext(), requiredServiceIdMap("nodeName")); + registration.activate(context.bundleContext(), configWithRequiredServiceIds("nodeName")); Field f = registration.getClass().getDeclaredField("preconditions"); f.setAccessible(true); @@ -322,7 +332,7 @@ public class SecurityProviderRegistratio @Test public void testUnbindOptionalCandidateAfterRegistration() { - registration.activate(context.bundleContext(), requiredServiceIdMap("serviceId")); + registration.activate(context.bundleContext(), configWithRequiredServiceIds("serviceId")); UserAuthenticationFactory uaf = Mockito.mock(UserAuthenticationFactory.class); Map<String, Object> properties = ImmutableMap.of(Constants.SERVICE_PID, "notMandatory"); @@ -539,7 +549,7 @@ public class SecurityProviderRegistratio @Test public void testBindRestrictionProviderWithoutAuthorizationConfig() { - registration.activate(context.bundleContext(), requiredServiceIdMap("serviceId")); + registration.activate(context.bundleContext(), configWithRequiredServiceIds("serviceId")); RestrictionProvider mockRp = Mockito.mock(RestrictionProvider.class); registration.bindRestrictionProvider(mockRp, ImmutableMap.of(Constants.SERVICE_PID, "serviceId")); @@ -557,7 +567,7 @@ public class SecurityProviderRegistratio @Test public void testBindRestrictionProviderWithAuthorizationConfig() { - registration.activate(context.bundleContext(), requiredServiceIdMap("rpId", "authorizationId")); + registration.activate(context.bundleContext(), configWithRequiredServiceIds("rpId", "authorizationId")); RestrictionProvider mockRp = Mockito.mock(RestrictionProvider.class); registration.bindRestrictionProvider(mockRp, ImmutableMap.of(Constants.SERVICE_PID, "rpId")); @@ -570,7 +580,7 @@ public class SecurityProviderRegistratio @Test public void testActivateWithRequiredOakSecurityName() { - registration.activate(context.bundleContext(), requiredServiceIdMap("serviceId")); + registration.activate(context.bundleContext(), configWithRequiredServiceIds("serviceId")); SecurityProvider service = context.getService(SecurityProvider.class); assertNull(service); @@ -583,7 +593,7 @@ public class SecurityProviderRegistratio @Test public void testActivateWithMixedServicePiAnddOakServiceName() { - registration.activate(context.bundleContext(), requiredServiceIdMap("rpId", "authorizationId")); + registration.activate(context.bundleContext(), configWithRequiredServiceIds("rpId", "authorizationId")); RestrictionProvider mockRp = Mockito.mock(RestrictionProvider.class); registration.bindRestrictionProvider(mockRp, ImmutableMap.of(Constants.SERVICE_PID, "rpId")); Modified: jackrabbit/oak/trunk/oak-parent/pom.xml URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-parent/pom.xml?rev=1810002&r1=1810001&r2=1810002&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-parent/pom.xml (original) +++ jackrabbit/oak/trunk/oak-parent/pom.xml Thu Sep 28 14:09:26 2017 @@ -523,6 +523,12 @@ <version>1.3.0</version> </dependency> <dependency> + <groupId>org.osgi</groupId> + <artifactId>org.osgi.service.metatype.annotations</artifactId> + <version>1.3.0</version> + </dependency> + + <dependency> <groupId>org.apache.felix</groupId> <artifactId>org.apache.felix.scr.annotations</artifactId> <version>1.9.6</version>
