Author: angela
Date: Fri Feb  2 13:29:42 2018
New Revision: 1822955

URL: http://svn.apache.org/viewvc?rev=1822955&view=rev
Log:
OAK-7232 : MountPermissionProvider.load can return null

Added:
    
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionStoreTest.java
   (with props)
    
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountUtils.java
   (with props)
Modified:
    
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProvider.java
    
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProviderRandomTestIT.java
    
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProviderTest.java

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProvider.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProvider.java?rev=1822955&r1=1822954&r2=1822955&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProvider.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProvider.java
 Fri Feb  2 13:29:42 2018
@@ -23,7 +23,9 @@ import java.util.Collection;
 import java.util.List;
 import java.util.Set;
 
+import javax.annotation.CheckForNull;
 import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
 
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.commons.LongUtils;
@@ -34,8 +36,6 @@ import org.apache.jackrabbit.oak.spi.sec
 import org.apache.jackrabbit.oak.spi.security.Context;
 import 
org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
 
-import com.google.common.collect.ImmutableSet;
-
 public class MountPermissionProvider extends PermissionProviderImpl {
 
     @Nonnull
@@ -79,20 +79,22 @@ public class MountPermissionProvider ext
             this.stores = stores;
         }
 
+        @CheckForNull
         @Override
-        public Collection<PermissionEntry> load(Collection<PermissionEntry> 
entries, String principalName,
-                String path) {
+        public Collection<PermissionEntry> load(@Nullable 
Collection<PermissionEntry> entries, @Nonnull String principalName,
+                @Nonnull String path) {
             for (PermissionStoreImpl store : stores) {
                 Collection<PermissionEntry> col = store.load(null, 
principalName, path);
                 if (col != null && !col.isEmpty()) {
                     return col;
                 }
             }
-            return ImmutableSet.of();
+            return null;
         }
 
+        @Nonnull
         @Override
-        public PrincipalPermissionEntries load(String principalName) {
+        public PrincipalPermissionEntries load(@Nonnull String principalName) {
             PrincipalPermissionEntries ppe = new PrincipalPermissionEntries();
             for (PermissionStoreImpl store : stores) {
                 
ppe.getEntries().putAll(store.load(principalName).getEntries());
@@ -102,7 +104,7 @@ public class MountPermissionProvider ext
         }
 
         @Override
-        public long getNumEntries(String principalName, long max) {
+        public long getNumEntries(@Nonnull String principalName, long max) {
             long num = 0;
             for (PermissionStoreImpl store : stores) {
                 num = LongUtils.safeAdd(num, 
store.getNumEntries(principalName, max));
@@ -114,7 +116,7 @@ public class MountPermissionProvider ext
         }
 
         @Override
-        public void flush(Root root) {
+        public void flush(@Nonnull Root root) {
             for (PermissionStoreImpl store : stores) {
                 store.flush(root);
             }

Modified: 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProviderRandomTestIT.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProviderRandomTestIT.java?rev=1822955&r1=1822954&r2=1822955&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProviderRandomTestIT.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProviderRandomTestIT.java
 Fri Feb  2 13:29:42 2018
@@ -18,12 +18,10 @@ package org.apache.jackrabbit.oak.securi
 
 import java.security.Principal;
 import java.util.Set;
-
 import javax.annotation.Nonnull;
 
+import com.google.common.collect.Iterators;
 import org.apache.jackrabbit.oak.api.Root;
-import 
org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl;
-import 
org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
 import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder;
 import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider;
 import org.apache.jackrabbit.oak.spi.mount.Mounts;
@@ -32,8 +30,6 @@ import org.apache.jackrabbit.oak.spi.sec
 import 
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
 import org.junit.Assert;
 
-import com.google.common.collect.Iterators;
-
 public class MountPermissionProviderRandomTestIT extends 
AbstractPermissionRandomTestIT {
 
     private MountInfoProvider mountInfoProvider;
@@ -56,10 +52,7 @@ public class MountPermissionProviderRand
     protected PermissionProvider candidatePermissionProvider(@Nonnull Root 
root, @Nonnull String workspaceName,
             @Nonnull Set<Principal> principals) {
         SecurityProvider sp = new SecurityProviderBuilder().build();
-        AuthorizationConfiguration acConfig = 
sp.getConfiguration(AuthorizationConfiguration.class);
-        Assert.assertTrue(acConfig instanceof 
CompositeAuthorizationConfiguration);
-        ((AuthorizationConfigurationImpl) 
((CompositeAuthorizationConfiguration) acConfig).getDefaultConfig())
-                .bindMountInfoProvider(mountInfoProvider);
+        AuthorizationConfiguration acConfig = 
MountUtils.bindMountInfoProvider(sp, mountInfoProvider);
         PermissionProvider composite = acConfig.getPermissionProvider(root, 
workspaceName, principals);
         Assert.assertTrue(composite instanceof MountPermissionProvider);
         return composite;

Modified: 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProviderTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProviderTest.java?rev=1822955&r1=1822954&r2=1822955&view=diff
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProviderTest.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProviderTest.java
 Fri Feb  2 13:29:42 2018
@@ -79,10 +79,7 @@ public class MountPermissionProviderTest
     @Override
     protected SecurityProvider initSecurityProvider() {
         SecurityProvider sp = super.initSecurityProvider();
-        AuthorizationConfiguration acConfig = 
sp.getConfiguration(AuthorizationConfiguration.class);
-        Assert.assertTrue(acConfig instanceof 
CompositeAuthorizationConfiguration);
-        ((AuthorizationConfigurationImpl) 
((CompositeAuthorizationConfiguration) acConfig).getDefaultConfig())
-                .bindMountInfoProvider(mountInfoProvider);
+        MountUtils.bindMountInfoProvider(sp, mountInfoProvider);
         return sp;
     }
 

Added: 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionStoreTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionStoreTest.java?rev=1822955&view=auto
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionStoreTest.java
 (added)
+++ 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionStoreTest.java
 Fri Feb  2 13:29:42 2018
@@ -0,0 +1,182 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.permission;
+
+import java.lang.reflect.Field;
+import java.util.Collection;
+import java.util.List;
+import javax.jcr.security.AccessControlList;
+import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.Privilege;
+
+import com.google.common.collect.ImmutableSet;
+import org.apache.jackrabbit.JcrConstants;
+import 
org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
+import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
+import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider;
+import org.apache.jackrabbit.oak.spi.mount.Mounts;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import 
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import 
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
+import 
org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.when;
+
+public class MountPermissionStoreTest extends AbstractSecurityTest {
+
+    private static final String TEST_NAME = "MultiplexingProviderTest";
+    private static final String TEST_PATH = "/" + TEST_NAME;
+    private static final String CONTENT_NAME = "content";
+    private static final String CONTENT_PATH = TEST_PATH + "/" + CONTENT_NAME;
+
+    private MountInfoProvider mountInfoProvider = 
Mounts.newBuilder().mount("testMount", TEST_PATH).build();
+
+    private AuthorizationConfiguration config;
+    private PermissionStore permissionStore;
+
+    @Override
+    @Before
+    public void before() throws Exception {
+        super.before();
+
+        Tree rootNode = root.getTree("/");
+        Tree test = TreeUtil.addChild(rootNode, TEST_NAME, 
JcrConstants.NT_UNSTRUCTURED);
+        Tree content = TreeUtil.addChild(test, CONTENT_NAME, 
JcrConstants.NT_UNSTRUCTURED);
+        Tree child = TreeUtil.addChild(content, "child", 
JcrConstants.NT_UNSTRUCTURED);
+
+        AccessControlManager acMgr = getAccessControlManager(root);
+        Privilege[] privileges = AccessControlUtils.privilegesFromNames(acMgr, 
PrivilegeConstants.JCR_READ);
+
+        AccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, 
content.getPath());
+        assertNotNull(acl);
+        acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privileges);
+        acMgr.setPolicy(content.getPath(), acl);
+
+        AccessControlList acl2 = 
AccessControlUtils.getAccessControlList(acMgr, child.getPath());
+        assertNotNull(acl2);
+        acl2.addAccessControlEntry(EveryonePrincipal.getInstance(), 
privileges);
+        acMgr.setPolicy(child.getPath(), acl2);
+        root.commit();
+
+        String wspName = adminSession.getWorkspaceName();
+        PermissionProvider pp = config.getPermissionProvider(root, wspName, 
ImmutableSet.of(EveryonePrincipal.getInstance()));
+        assertTrue(pp instanceof MountPermissionProvider);
+        permissionStore = ((MountPermissionProvider) 
pp).getPermissionStore(root, wspName, RestrictionProvider.EMPTY);
+    }
+
+    @Override
+    @After
+    public void after() throws Exception {
+        try {
+            root.refresh();
+            Tree test = root.getTree(TEST_PATH);
+            if (test.exists()) {
+                test.remove();
+            }
+            root.commit();
+        } finally {
+            super.after();
+        }
+    }
+
+    @Override
+    protected SecurityProvider initSecurityProvider() {
+        SecurityProvider sp = super.initSecurityProvider();
+        config = MountUtils.bindMountInfoProvider(sp, mountInfoProvider);
+        return sp;
+    }
+
+    @Test
+    public void testLoadByAccessControlledPath() {
+        Collection<PermissionEntry> entries = permissionStore.load(null, 
EveryonePrincipal.NAME, CONTENT_PATH);
+        assertNotNull(entries);
+        assertEquals(1, entries.size());
+    }
+
+    @Test
+    public void testLoadByNonAccessControlledPath() {
+        Collection<PermissionEntry> entries = permissionStore.load(null, 
EveryonePrincipal.NAME, TEST_PATH);
+        assertNull(entries);
+    }
+
+    @Test
+    public void testLoadByPrincipalNameWithEntries() {
+        PrincipalPermissionEntries ppe = 
permissionStore.load(EveryonePrincipal.NAME);
+        assertNotNull(ppe);
+        assertTrue(ppe.isFullyLoaded());
+        assertEquals(2, ppe.getSize());
+    }
+
+    @Test
+    public void testLoadByUnknownPrincipalName() {
+        PrincipalPermissionEntries ppe = permissionStore.load("unknown");
+        assertNotNull(ppe);
+        assertTrue(ppe.isFullyLoaded());
+        assertEquals(0, ppe.getSize());
+    }
+
+    @Test
+    public void testGetNumEntries() {
+        assertEquals(2, permissionStore.getNumEntries(EveryonePrincipal.NAME, 
10));
+    }
+
+
+    @Test
+    public void testGetNumEntriesMaxReached() throws Exception {
+        PermissionStoreImpl mock = insertMockStore();
+        when(mock.getNumEntries(EveryonePrincipal.NAME, 
Long.valueOf(10))).thenReturn(Long.valueOf(2));
+
+        assertEquals(4, permissionStore.getNumEntries(EveryonePrincipal.NAME, 
10));
+        assertEquals(2, permissionStore.getNumEntries(EveryonePrincipal.NAME, 
2));
+    }
+
+    @Test
+    public void testGetNumEntriesUnknownPrincipalName() {
+        assertEquals(0, permissionStore.getNumEntries("unknown", 10));
+    }
+
+    @Test
+    public void testFlush() throws Exception {
+        PermissionStoreImpl mock = insertMockStore();
+
+        permissionStore.flush(root);
+
+        Mockito.verify(mock, Mockito.times(1)).flush(root);
+    }
+
+    private PermissionStoreImpl insertMockStore() throws Exception {
+        Field f = 
Class.forName("org.apache.jackrabbit.oak.security.authorization.permission.MountPermissionProvider$MountPermissionStore").getDeclaredField("stores");
+        f.setAccessible(true);
+
+        PermissionStoreImpl mock = Mockito.mock(PermissionStoreImpl.class);
+        List<PermissionStoreImpl> stores = (List<PermissionStoreImpl>) 
f.get(permissionStore);
+        stores.add(mock);
+        return mock;
+    }
+}
\ No newline at end of file

Propchange: 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionStoreTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountUtils.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountUtils.java?rev=1822955&view=auto
==============================================================================
--- 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountUtils.java
 (added)
+++ 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountUtils.java
 Fri Feb  2 13:29:42 2018
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization.permission;
+
+import javax.annotation.Nonnull;
+
+import 
org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl;
+import 
org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
+import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+import 
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import org.junit.Assert;
+
+final class MountUtils {
+
+    private MountUtils() {}
+
+    static AuthorizationConfiguration bindMountInfoProvider(@Nonnull 
SecurityProvider securityProvider, @Nonnull MountInfoProvider 
mountInfoProvider) {
+        AuthorizationConfiguration acConfig = 
securityProvider.getConfiguration(AuthorizationConfiguration.class);
+                Assert.assertTrue(acConfig instanceof 
CompositeAuthorizationConfiguration);
+                ((AuthorizationConfigurationImpl) 
((CompositeAuthorizationConfiguration) acConfig).getDefaultConfig())
+                        .bindMountInfoProvider(mountInfoProvider);
+        return acConfig;
+    }
+}
\ No newline at end of file

Propchange: 
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/MountUtils.java
------------------------------------------------------------------------------
    svn:eol-style = native


Reply via email to