Author: angela
Date: Wed May 9 15:38:38 2018
New Revision: 1831261
URL: http://svn.apache.org/viewvc?rev=1831261&view=rev
Log:
OAK-7470 : Remove Usage of ImmutableTree and AbstractTree in Security Code
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ProviderCtx.java
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugTreePermissionTest.java
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugUtilTest.java
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/EmptyCugTreePermissionTest.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/tree/impl/TreeProviderService.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidatorProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermission.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionUtil.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionTreePermission.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidatorTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/AbstractCompositeProviderTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderCoverageTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderCustomMixTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderNoScopeTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermissionTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/FullScopeProvider.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionTreePermissionTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorTest.java
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/plugins/tree/TreeProvider.java
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/plugins/tree/package-info.java
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugTreePermissionTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugTreePermissionTest.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugTreePermissionTest.java
(original)
+++
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugTreePermissionTest.java
Wed May 9 15:38:38 2018
@@ -24,6 +24,7 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
+import org.apache.jackrabbit.oak.plugins.tree.TreeProvider;
import org.apache.jackrabbit.oak.plugins.tree.impl.AbstractTree;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
@@ -65,14 +66,15 @@ public class CugTreePermissionTest exten
@Test
public void testGetChildPermission() throws Exception {
- NodeState ns = ((AbstractTree) root.getTree(SUPPORTED_PATH +
"/subtree")).getNodeState();
+ TreeProvider treeProvider = getTreeProvider();
+ NodeState ns = treeProvider.asNodeState(root.getTree(SUPPORTED_PATH +
"/subtree"));
TreePermission child = allowedTp.getChildPermission("subtree", ns);
assertTrue(child instanceof CugTreePermission);
child = deniedTp.getChildPermission("subtree", ns);
assertTrue(child instanceof CugTreePermission);
- NodeState cugNs = ((AbstractTree)
root.getTree(PathUtils.concat(SUPPORTED_PATH, REP_CUG_POLICY))).getNodeState();
+ NodeState cugNs =
treeProvider.asNodeState(root.getTree(PathUtils.concat(SUPPORTED_PATH,
REP_CUG_POLICY)));
TreePermission cugChild = allowedTp.getChildPermission(REP_CUG_POLICY,
cugNs);
assertSame(TreePermission.NO_RECOURSE, cugChild);
}
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugUtilTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugUtilTest.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugUtilTest.java
(original)
+++
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugUtilTest.java
Wed May 9 15:38:38 2018
@@ -22,6 +22,7 @@ import javax.annotation.Nonnull;
import com.google.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.apache.jackrabbit.oak.plugins.tree.TreeProvider;
import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
import org.apache.jackrabbit.oak.plugins.tree.impl.AbstractTree;
import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider;
@@ -61,8 +62,8 @@ public class CugUtilTest extends Abstrac
}
@Nonnull
- private static NodeState getNodeState(@Nonnull Tree tree) {
- return ((AbstractTree) tree).getNodeState();
+ private NodeState getNodeState(@Nonnull Tree tree) {
+ return getTreeProvider().asNodeState(tree);
}
@Test
Modified:
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/EmptyCugTreePermissionTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/EmptyCugTreePermissionTest.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/EmptyCugTreePermissionTest.java
(original)
+++
jackrabbit/oak/trunk/oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/EmptyCugTreePermissionTest.java
Wed May 9 15:38:38 2018
@@ -56,7 +56,7 @@ public class EmptyCugTreePermissionTest
Root readOnlyRoot = getRootProvider().createReadOnlyRoot(root);
Tree t = readOnlyRoot.getTree("/");
tp = new EmptyCugTreePermission(t, TreeType.DEFAULT, pp);
- rootState = ((AbstractTree) t).getNodeState();
+ rootState = getTreeProvider().asNodeState(t);
}
@Test
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/tree/impl/TreeProviderService.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/tree/impl/TreeProviderService.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/tree/impl/TreeProviderService.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/plugins/tree/impl/TreeProviderService.java
Wed May 9 15:38:38 2018
@@ -24,6 +24,8 @@ import org.apache.jackrabbit.oak.plugins
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.osgi.service.component.annotations.Component;
+import static com.google.common.base.Preconditions.checkArgument;
+
@Component(service = {TreeProvider.class})
public class TreeProviderService implements TreeProvider {
@@ -38,4 +40,11 @@ public class TreeProviderService impleme
public Tree createReadOnlyTree(@Nonnull Tree readOnlyParent, @Nonnull
String childName, @Nonnull NodeState childState) {
return TreeFactory.createReadOnlyTree(readOnlyParent, childName,
childState);
}
+
+ @Nonnull
+ @Override
+ public NodeState asNodeState(@Nonnull Tree readOnlyTree) {
+ checkArgument(readOnlyTree instanceof AbstractTree);
+ return ((AbstractTree) readOnlyTree).getNodeState();
+ }
}
\ No newline at end of file
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java
Wed May 9 15:38:38 2018
@@ -59,6 +59,7 @@ import org.apache.jackrabbit.oak.spi.xml
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
+import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.Designate;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;
@@ -73,8 +74,8 @@ import static org.apache.jackrabbit.oak.
service = {AuthorizationConfiguration.class,
SecurityConfiguration.class},
property = OAK_SECURITY_NAME +
"=org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl")
@Designate(ocd = AuthorizationConfigurationImpl.Configuration.class)
-public class AuthorizationConfigurationImpl extends ConfigurationBase
implements AuthorizationConfiguration {
-
+public class AuthorizationConfigurationImpl extends ConfigurationBase
implements AuthorizationConfiguration, ProviderCtx {
+
@ObjectClassDefinition(name = "Apache Jackrabbit Oak
AuthorizationConfiguration")
@interface Configuration {
@AttributeDefinition(
@@ -116,7 +117,6 @@ public class AuthorizationConfigurationI
int configurationRanking() default 100;
}
- @Reference
private MountInfoProvider mountInfoProvider =
Mounts.defaultMountInfoProvider();
public AuthorizationConfigurationImpl() {
@@ -166,8 +166,8 @@ public class AuthorizationConfigurationI
public List<ValidatorProvider> getValidators(@Nonnull String
workspaceName, @Nonnull Set<Principal> principals, @Nonnull MoveTracker
moveTracker) {
return ImmutableList.of(
new PermissionStoreValidatorProvider(),
- new PermissionValidatorProvider(getSecurityProvider(),
workspaceName, principals, moveTracker, getRootProvider(), getTreeProvider()),
- new AccessControlValidatorProvider(getSecurityProvider(),
getRootProvider(), getTreeProvider()));
+ new PermissionValidatorProvider(workspaceName, principals,
moveTracker, this),
+ new AccessControlValidatorProvider(this));
}
@Nonnull
@@ -202,13 +202,23 @@ public class AuthorizationConfigurationI
if (mountInfoProvider.hasNonDefaultMounts()) {
return new MountPermissionProvider(root, workspaceName,
principals, getRestrictionProvider(),
- getParameters(), ctx, mountInfoProvider,
getRootProvider());
+ getParameters(), ctx, this);
} else {
return new PermissionProviderImpl(root, workspaceName, principals,
getRestrictionProvider(),
- getParameters(), ctx, getRootProvider());
+ getParameters(), ctx, this);
}
}
+ //--------------------------------------------------------< ProviderCtx
>---
+
+ @Nonnull
+ @Override
+ public MountInfoProvider getMountInfoProvider() {
+ return mountInfoProvider;
+ }
+
+
//--------------------------------------------------------------------------
+ @Reference(name = "mountInfoProvider", cardinality =
ReferenceCardinality.MANDATORY)
public void bindMountInfoProvider(MountInfoProvider mountInfoProvider) {
this.mountInfoProvider = mountInfoProvider;
}
Added:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ProviderCtx.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ProviderCtx.java?rev=1831261&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ProviderCtx.java
(added)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ProviderCtx.java
Wed May 9 15:38:38 2018
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.security.authorization;
+
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.oak.plugins.tree.RootProvider;
+import org.apache.jackrabbit.oak.plugins.tree.TreeProvider;
+import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider;
+import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
+
+public interface ProviderCtx {
+
+ @Nonnull
+ SecurityProvider getSecurityProvider();
+
+ @Nonnull
+ TreeProvider getTreeProvider();
+
+ @Nonnull
+ RootProvider getRootProvider();
+
+ @Nonnull
+ MountInfoProvider getMountInfoProvider();
+}
\ No newline at end of file
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java
Wed May 9 15:38:38 2018
@@ -37,7 +37,7 @@ import org.apache.jackrabbit.oak.plugins
import org.apache.jackrabbit.oak.plugins.tree.TreeConstants;
import org.apache.jackrabbit.oak.plugins.tree.TreeProvider;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
-import org.apache.jackrabbit.oak.plugins.tree.impl.AbstractTree;
+import org.apache.jackrabbit.oak.security.authorization.ProviderCtx;
import org.apache.jackrabbit.oak.spi.commit.DefaultValidator;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.commit.VisibleValidator;
@@ -59,6 +59,7 @@ import static org.apache.jackrabbit.oak.
*/
class AccessControlValidator extends DefaultValidator implements
AccessControlConstants {
+ private final TreeProvider treeProvider;
private final Tree parentAfter;
private final PrivilegeBitsProvider privilegeBitsProvider;
@@ -72,7 +73,8 @@ class AccessControlValidator extends Def
@Nonnull PrivilegeManager privilegeManager,
@Nonnull PrivilegeBitsProvider
privilegeBitsProvider,
@Nonnull RestrictionProvider restrictionProvider,
- @Nonnull TreeProvider treeProvider) {
+ @Nonnull ProviderCtx providerCtx) {
+ treeProvider = providerCtx.getTreeProvider();
this.parentAfter = treeProvider.createReadOnlyTree(parentAfter);
this.privilegeBitsProvider = privilegeBitsProvider;
this.privilegeManager = privilegeManager;
@@ -82,6 +84,7 @@ class AccessControlValidator extends Def
}
private AccessControlValidator(AccessControlValidator parent, Tree
parentAfter) {
+ this.treeProvider = parent.treeProvider;
this.parentAfter = parentAfter;
this.privilegeBitsProvider = parent.privilegeBitsProvider;
this.privilegeManager = parent.privilegeManager;
@@ -176,10 +179,10 @@ class AccessControlValidator extends Def
private void checkValidPolicy(Tree parent, Tree policyTree, NodeState
policyNode) throws CommitFailedException {
if (REP_REPO_POLICY.equals(policyTree.getName())) {
- checkValidAccessControlledNode(parent, isRepoAccessControllable);
+ checkValidAccessControlledNode(parent, isRepoAccessControllable,
treeProvider);
checkValidRepoAccessControlled(parent);
} else {
- checkValidAccessControlledNode(parent, isAccessControllable);
+ checkValidAccessControlledNode(parent, isAccessControllable,
treeProvider);
}
Collection<String> validPolicyNames = (parent.isRoot()) ?
@@ -204,13 +207,13 @@ class AccessControlValidator extends Def
}
private static void checkValidAccessControlledNode(@Nonnull Tree
accessControlledTree,
- @Nonnull TypePredicate
requiredMixin) throws CommitFailedException {
+ @Nonnull TypePredicate
requiredMixin,
+ @Nonnull TreeProvider
treeProvider) throws CommitFailedException {
if
(AC_NODETYPE_NAMES.contains(TreeUtil.getPrimaryTypeName(accessControlledTree)))
{
throw accessViolation(5, "Access control policy within access
control content (" + accessControlledTree.getPath() + ')');
}
- NodeState ns = (accessControlledTree instanceof AbstractTree) ?
((AbstractTree) accessControlledTree).getNodeState() : null;
- if (!requiredMixin.apply(ns)) {
+ if
(!requiredMixin.apply(treeProvider.asNodeState(accessControlledTree))) {
String msg = "Isolated policy node (" +
accessControlledTree.getPath() + "). Parent is not of type " + requiredMixin;
throw accessViolation(6, msg);
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidatorProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidatorProvider.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidatorProvider.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidatorProvider.java
Wed May 9 15:38:38 2018
@@ -20,13 +20,11 @@ import javax.annotation.Nonnull;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.oak.api.Root;
-import org.apache.jackrabbit.oak.plugins.tree.RootProvider;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.plugins.tree.TreeProvider;
+import org.apache.jackrabbit.oak.security.authorization.ProviderCtx;
import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
-import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import
org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
@@ -41,14 +39,10 @@ import org.apache.jackrabbit.oak.spi.sta
*/
public class AccessControlValidatorProvider extends ValidatorProvider {
- private final SecurityProvider securityProvider;
- private final RootProvider rootProvider;
- private final TreeProvider treeProvider;
-
- public AccessControlValidatorProvider(@Nonnull SecurityProvider
securityProvider, @Nonnull RootProvider rootProvider, @Nonnull TreeProvider
treeProvider) {
- this.securityProvider = securityProvider;
- this.rootProvider = rootProvider;
- this.treeProvider = treeProvider;
+ private final ProviderCtx providerCtx;
+
+ public AccessControlValidatorProvider(@Nonnull ProviderCtx providerCtx) {
+ this.providerCtx = providerCtx;
}
//--------------------------------------------------< ValidatorProvider
>---
@@ -58,14 +52,14 @@ public class AccessControlValidatorProvi
RestrictionProvider restrictionProvider =
getConfig(AuthorizationConfiguration.class).getRestrictionProvider();
- Root root = rootProvider.createReadOnlyRoot(before);
+ Root root = providerCtx.getRootProvider().createReadOnlyRoot(before);
PrivilegeManager privilegeManager =
getConfig(PrivilegeConfiguration.class).getPrivilegeManager(root,
NamePathMapper.DEFAULT);
PrivilegeBitsProvider privilegeBitsProvider = new
PrivilegeBitsProvider(root);
- return new AccessControlValidator(after, privilegeManager,
privilegeBitsProvider, restrictionProvider, treeProvider);
+ return new AccessControlValidator(after, privilegeManager,
privilegeBitsProvider, restrictionProvider, providerCtx);
}
private <T> T getConfig(Class<T> configClass) {
- return securityProvider.getConfiguration(configClass);
+ return providerCtx.getSecurityProvider().getConfiguration(configClass);
}
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfiguration.java
Wed May 9 15:38:38 2018
@@ -185,7 +185,7 @@ public class CompositeAuthorizationConfi
pp = aggrPermissionProviders.get(0);
break;
default :
- pp = new CompositePermissionProvider(root,
aggrPermissionProviders, getContext(), compositionType, getRootProvider());
+ pp = new CompositePermissionProvider(root,
aggrPermissionProviders, getContext(), compositionType, getRootProvider(),
getTreeProvider());
}
return pp;
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProvider.java
Wed May 9 15:38:38 2018
@@ -27,9 +27,9 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.tree.RootProvider;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
+import org.apache.jackrabbit.oak.plugins.tree.TreeProvider;
import org.apache.jackrabbit.oak.plugins.tree.TreeType;
import org.apache.jackrabbit.oak.plugins.tree.TreeTypeProvider;
-import org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree;
import
org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration.CompositionType;
import
org.apache.jackrabbit.oak.security.authorization.permission.PermissionUtil;
import org.apache.jackrabbit.oak.spi.security.Context;
@@ -57,6 +57,7 @@ class CompositePermissionProvider implem
private final Context ctx;
private final CompositionType compositionType;
private final RootProvider rootProvider;
+ private final TreeProvider treeProvider;
private final RepositoryPermission repositoryPermission;
@@ -66,12 +67,13 @@ class CompositePermissionProvider implem
CompositePermissionProvider(@Nonnull Root root, @Nonnull
List<AggregatedPermissionProvider> pps,
@Nonnull Context acContext, @Nonnull
CompositionType compositionType,
- @Nonnull RootProvider rootProvider) {
+ @Nonnull RootProvider rootProvider, @Nonnull
TreeProvider treeProvider) {
this.root = root;
this.pps = pps.toArray(new AggregatedPermissionProvider[pps.size()]);
this.ctx = acContext;
this.compositionType = compositionType;
this.rootProvider = rootProvider;
+ this.treeProvider = treeProvider;
repositoryPermission = new CompositeRepositoryPermission(this.pps,
this.compositionType);
immutableRoot = rootProvider.createReadOnlyRoot(root);
@@ -93,7 +95,7 @@ class CompositePermissionProvider implem
@Nonnull
@Override
public Set<String> getPrivileges(@Nullable Tree tree) {
- Tree immutableTree = PermissionUtil.getImmutableTree(tree,
immutableRoot);
+ Tree immutableTree = PermissionUtil.getReadOnlyTree(tree,
immutableRoot);
PrivilegeBits result = PrivilegeBits.getInstance();
PrivilegeBits denied = PrivilegeBits.getInstance();
@@ -122,7 +124,7 @@ class CompositePermissionProvider implem
@Override
public boolean hasPrivileges(@Nullable Tree tree, @Nonnull String...
privilegeNames) {
- Tree immutableTree = PermissionUtil.getImmutableTree(tree,
immutableRoot);
+ Tree immutableTree = PermissionUtil.getReadOnlyTree(tree,
immutableRoot);
PrivilegeBits privilegeBits =
privilegeBitsProvider.getBits(privilegeNames);
if (privilegeBits.isEmpty()) {
return true;
@@ -168,19 +170,19 @@ class CompositePermissionProvider implem
@Nonnull
@Override
public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull
TreePermission parentPermission) {
- ImmutableTree immutableTree = (ImmutableTree)
PermissionUtil.getImmutableTree(tree, immutableRoot);
+ Tree readOnlyTree = PermissionUtil.getReadOnlyTree(tree,
immutableRoot);
if (tree.isRoot()) {
- return CompositeTreePermission.create(immutableTree, typeProvider,
pps, compositionType);
+ return CompositeTreePermission.create(readOnlyTree, treeProvider,
typeProvider, pps, compositionType);
} else if (parentPermission instanceof CompositeTreePermission) {
- return CompositeTreePermission.create(immutableTree,
((CompositeTreePermission) parentPermission));
+ return CompositeTreePermission.create(readOnlyTree, treeProvider,
((CompositeTreePermission) parentPermission));
} else {
- return
parentPermission.getChildPermission(immutableTree.getName(),
immutableTree.getNodeState());
+ return parentPermission.getChildPermission(readOnlyTree.getName(),
treeProvider.asNodeState(readOnlyTree));
}
}
@Override
public boolean isGranted(@Nonnull Tree parent, @Nullable PropertyState
property, long permissions) {
- Tree immParent = PermissionUtil.getImmutableTree(parent,
immutableRoot);
+ Tree immParent = PermissionUtil.getReadOnlyTree(parent, immutableRoot);
boolean isGranted = false;
long coveredPermissions = Permissions.NO_PERMISSION;
@@ -348,13 +350,13 @@ class CompositePermissionProvider implem
@Override
public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull
TreeType type,
@Nonnull TreePermission parentPermission) {
- ImmutableTree immutableTree = (ImmutableTree)
PermissionUtil.getImmutableTree(tree, immutableRoot);
+ Tree immutableTree = PermissionUtil.getReadOnlyTree(tree,
immutableRoot);
if (tree.isRoot()) {
- return CompositeTreePermission.create(immutableTree, typeProvider,
pps, compositionType);
+ return CompositeTreePermission.create(immutableTree, treeProvider,
typeProvider, pps, compositionType);
} else if (parentPermission instanceof CompositeTreePermission) {
- return CompositeTreePermission.create(immutableTree,
((CompositeTreePermission) parentPermission), type);
+ return CompositeTreePermission.create(immutableTree, treeProvider,
((CompositeTreePermission) parentPermission), type);
} else {
- return
parentPermission.getChildPermission(immutableTree.getName(),
immutableTree.getNodeState());
+ return
parentPermission.getChildPermission(immutableTree.getName(),
treeProvider.asNodeState(immutableTree));
}
}
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermission.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermission.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermission.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeTreePermission.java
Wed May 9 15:38:38 2018
@@ -16,35 +16,35 @@
*/
package org.apache.jackrabbit.oak.security.authorization.composite;
-import static
org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration.CompositionType.AND;
-import static
org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration.CompositionType.OR;
-
import java.util.function.Supplier;
-
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.plugins.tree.TreeProvider;
import org.apache.jackrabbit.oak.plugins.tree.TreeType;
import org.apache.jackrabbit.oak.plugins.tree.TreeTypeProvider;
-import org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree;
import
org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration.CompositionType;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.state.NodeState;
+import static
org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration.CompositionType.AND;
+import static
org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration.CompositionType.OR;
+
/**
* {@code TreePermission} implementation that combines multiple {@code
TreePermission}
* implementations.
*/
final class CompositeTreePermission implements TreePermission {
- private final ImmutableTree tree;
+ private final Tree tree;
private final TreeType type;
private final CompositionType compositionType;
+ private final TreeProvider treeProvider;
private final TreeTypeProvider typeProvider;
private final AggregatedPermissionProvider[] providers;
private final TreePermission[] treePermissions;
@@ -53,12 +53,14 @@ final class CompositeTreePermission impl
private Boolean canRead;
private Boolean canReadProperties;
- private CompositeTreePermission(@Nonnull ImmutableTree tree, @Nonnull
TreeType type,
+ private CompositeTreePermission(@Nonnull Tree tree, @Nonnull TreeType type,
+ @Nonnull TreeProvider treeProvider,
@Nonnull TreeTypeProvider typeProvider, @Nonnull
AggregatedPermissionProvider[] providers,
@Nonnull TreePermission[] treePermissions, int cnt, @Nonnull
CompositionType compositionType) {
this.tree = tree;
this.type = type;
+ this.treeProvider = treeProvider;
this.typeProvider = typeProvider;
this.providers = providers;
this.treePermissions = treePermissions;
@@ -66,8 +68,11 @@ final class CompositeTreePermission impl
this.compositionType = compositionType;
}
- static TreePermission create(@Nonnull ImmutableTree rootTree, @Nonnull
TreeTypeProvider typeProvider,
- @Nonnull AggregatedPermissionProvider[] providers, @Nonnull
CompositionType compositionType) {
+ static TreePermission create(@Nonnull Tree rootTree,
+ @Nonnull TreeProvider treeProvider,
+ @Nonnull TreeTypeProvider typeProvider,
+ @Nonnull AggregatedPermissionProvider[]
providers,
+ @Nonnull CompositionType compositionType) {
switch (providers.length) {
case 0 : return TreePermission.EMPTY;
case 1 : return providers[0].getTreePermission(rootTree,
TreeType.DEFAULT, TreePermission.EMPTY);
@@ -81,22 +86,24 @@ final class CompositeTreePermission impl
}
treePermissions[i] = tp;
}
- return new CompositeTreePermission(rootTree, TreeType.DEFAULT,
typeProvider, providers, treePermissions,
+ return new CompositeTreePermission(rootTree, TreeType.DEFAULT,
treeProvider, typeProvider, providers, treePermissions,
cnt, compositionType);
}
}
- static TreePermission create(@Nonnull final ImmutableTree tree, @Nonnull
CompositeTreePermission parentPermission) {
- return create(() -> tree, tree.getName(), tree.getNodeState(),
parentPermission, null);
+ static TreePermission create(@Nonnull final Tree tree, @Nonnull
TreeProvider treeProvider, @Nonnull CompositeTreePermission parentPermission) {
+ return create(() -> tree, tree.getName(),
treeProvider.asNodeState(tree), parentPermission, null);
}
- static TreePermission create(@Nonnull final ImmutableTree tree, @Nonnull
CompositeTreePermission parentPermission,
- @Nullable TreeType treeType) {
- return create(() -> tree, tree.getName(), tree.getNodeState(),
parentPermission, treeType);
+ static TreePermission create(@Nonnull final Tree tree, @Nonnull
TreeProvider treeProvider, @Nonnull CompositeTreePermission parentPermission,
+ @Nullable TreeType treeType) {
+ return create(() -> tree, tree.getName(),
treeProvider.asNodeState(tree), parentPermission, treeType);
}
- private static TreePermission create(@Nonnull Supplier<ImmutableTree>
lazyTree, @Nonnull String childName, @Nonnull NodeState childState, @Nonnull
CompositeTreePermission parentPermission,
- @Nullable TreeType treeType) {
+ private static TreePermission create(@Nonnull Supplier<Tree> lazyTree,
+ @Nonnull String childName, @Nonnull
NodeState childState,
+ @Nonnull CompositeTreePermission
parentPermission,
+ @Nullable TreeType treeType) {
switch (parentPermission.childSize) {
case 0: return TreePermission.EMPTY;
case 1:
@@ -109,7 +116,7 @@ final class CompositeTreePermission impl
}
return (parent == null) ? TreePermission.EMPTY :
parent.getChildPermission(childName, childState);
default:
- ImmutableTree tree = lazyTree.get();
+ Tree tree = lazyTree.get();
TreeType type;
if (treeType != null) {
type = treeType;
@@ -133,7 +140,7 @@ final class CompositeTreePermission impl
j++;
}
}
- return new CompositeTreePermission(tree, type,
parentPermission.typeProvider, pvds, tps, cnt,
+ return new CompositeTreePermission(tree, type,
parentPermission.treeProvider, parentPermission.typeProvider, pvds, tps, cnt,
parentPermission.compositionType);
}
}
@@ -142,7 +149,7 @@ final class CompositeTreePermission impl
@Nonnull
@Override
public TreePermission getChildPermission(@Nonnull final String childName,
@Nonnull final NodeState childState) {
- return create(() -> new ImmutableTree(tree, childName, childState),
childName, childState, this, null);
+ return create(() -> treeProvider.createReadOnlyTree(tree, childName,
childState), childName, childState, this, null);
}
@Override
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
Wed May 9 15:38:38 2018
@@ -36,11 +36,11 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.tree.TreeType;
import org.apache.jackrabbit.oak.plugins.tree.TreeTypeProvider;
-import org.apache.jackrabbit.oak.namepath.NamePathMapper;
-import org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree;
import org.apache.jackrabbit.oak.plugins.version.ReadOnlyVersionManager;
+import org.apache.jackrabbit.oak.security.authorization.ProviderCtx;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.Context;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
@@ -48,13 +48,11 @@ import org.apache.jackrabbit.oak.spi.sec
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
-import
org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.principal.GroupPrincipals;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.state.NodeState;
-
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -77,7 +75,9 @@ final class CompiledPermissionImpl imple
private final PermissionStore store;
private final PermissionEntryProvider userStore;
private final PermissionEntryProvider groupStore;
+
private final TreeTypeProvider typeProvider;
+ private final ProviderCtx providerCtx;
private Root root;
private ReadOnlyVersionManager versionManager;
@@ -87,11 +87,12 @@ final class CompiledPermissionImpl imple
@Nonnull Root root,
@Nonnull String workspaceName,
@Nonnull PermissionStore store,
- @Nonnull RestrictionProvider
restrictionProvider,
@Nonnull ConfigurationParameters options,
- @Nonnull Context ctx) {
+ @Nonnull Context ctx,
+ @Nonnull ProviderCtx providerCtx) {
this.root = root;
this.workspaceName = workspaceName;
+ this.providerCtx = providerCtx;
bitsProvider = new PrivilegeBitsProvider(root);
@@ -120,14 +121,14 @@ final class CompiledPermissionImpl imple
@Nonnull String workspaceName,
@Nonnull PermissionStore store,
@Nonnull Set<Principal> principals,
- @Nonnull RestrictionProvider
restrictionProvider,
@Nonnull ConfigurationParameters options,
- @Nonnull Context ctx) {
+ @Nonnull Context ctx,
+ @Nonnull ProviderCtx providerCtx) {
Tree permissionsTree = PermissionUtil.getPermissionsRoot(root,
workspaceName);
if (!permissionsTree.exists() || principals.isEmpty()) {
return NoPermissions.getInstance();
} else {
- return new CompiledPermissionImpl(principals, root, workspaceName,
store, restrictionProvider, options, ctx);
+ return new CompiledPermissionImpl(principals, root, workspaceName,
store, options, ctx, providerCtx);
}
}
@@ -193,7 +194,7 @@ final class CompiledPermissionImpl imple
while (!versionableTree.exists()) {
versionableTree = versionableTree.getParent();
}
- return new VersionTreePermission(tree,
buildVersionDelegatee(versionableTree));
+ return new VersionTreePermission(tree,
buildVersionDelegatee(versionableTree), providerCtx.getTreeProvider());
}
}
case ACCESS_CONTROL:
@@ -484,7 +485,7 @@ final class CompiledPermissionImpl imple
@Nonnull
@Override
public TreePermission getChildPermission(@Nonnull String childName,
@Nonnull NodeState childState) {
- Tree childTree = new ImmutableTree((ImmutableTree) tree,
childName, childState);
+ Tree childTree =
providerCtx.getTreeProvider().createReadOnlyTree(tree, childName, childState);
return getTreePermission(childTree,
typeProvider.getType(childTree, type), this);
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProvider.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProvider.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProvider.java
Wed May 9 15:38:38 2018
@@ -24,7 +24,7 @@ import javax.annotation.Nonnull;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.commons.LongUtils;
-import org.apache.jackrabbit.oak.plugins.tree.RootProvider;
+import org.apache.jackrabbit.oak.security.authorization.ProviderCtx;
import org.apache.jackrabbit.oak.spi.mount.Mount;
import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
@@ -49,10 +49,9 @@ public class MountPermissionProvider ext
public MountPermissionProvider(@Nonnull Root root, @Nonnull String
workspaceName,
@Nonnull Set<Principal> principals,
@Nonnull RestrictionProvider restrictionProvider,
@Nonnull ConfigurationParameters options,
@Nonnull Context ctx,
- @Nonnull MountInfoProvider
mountInfoProvider,
- @Nonnull RootProvider rootProvider) {
- super(root, workspaceName, principals, restrictionProvider, options,
ctx, rootProvider);
- this.mountInfoProvider = mountInfoProvider;
+ @Nonnull ProviderCtx providerCtx) {
+ super(root, workspaceName, principals, restrictionProvider, options,
ctx, providerCtx);
+ this.mountInfoProvider = providerCtx.getMountInfoProvider();
}
@Override
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidator.java
Wed May 9 15:38:38 2018
@@ -24,7 +24,7 @@ import org.apache.jackrabbit.oak.api.Com
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
-import org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree;
+import org.apache.jackrabbit.oak.plugins.tree.TreeProvider;
import org.apache.jackrabbit.oak.spi.commit.EditorDiff;
import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.Validator;
@@ -75,12 +75,11 @@ public class MoveAwarePermissionValidato
private Validator visibleValidator(@Nonnull Tree source,
@Nonnull Tree dest) {
// TODO improve: avoid calculating the 'before' permissions in case
the current parent permissions already point to the correct tree.
- ImmutableTree immutableTree = (ImmutableTree)
moveCtx.rootBefore.getTree("/");
- TreePermission tp =
getPermissionProvider().getTreePermission(immutableTree
- , TreePermission.EMPTY);
+ Tree immutableTree = moveCtx.rootBefore.getTree("/");
+ TreePermission tp =
getPermissionProvider().getTreePermission(immutableTree, TreePermission.EMPTY);
for (String n : PathUtils.elements(source.getPath())) {
immutableTree = immutableTree.getChild(n);
- tp = tp.getChildPermission(n, immutableTree.getNodeState());
+ tp = tp.getChildPermission(n,
getTreeProvider().asNodeState(immutableTree));
}
Validator validator = createValidator(source, dest, tp, this);
return new VisibleValidator(validator, true, false);
@@ -129,10 +128,10 @@ public class MoveAwarePermissionValidato
if (parent == null) {
return false;
}
- ImmutableTree child = (ImmutableTree) parent.getChild(name);
+ Tree child = parent.getChild(name);
String sourcePath = moveTracker.getSourcePath(child.getPath());
if (sourcePath != null) {
- ImmutableTree source = (ImmutableTree)
rootBefore.getTree(sourcePath);
+ Tree source = rootBefore.getTree(sourcePath);
if (source.exists()) {
// check permissions for adding the moved node at the
target location.
validator.checkPermissions(child, false,
Permissions.ADD_NODE | Permissions.NODE_TYPE_MANAGEMENT);
@@ -147,10 +146,10 @@ public class MoveAwarePermissionValidato
if (parent == null) {
return false;
}
- ImmutableTree child = (ImmutableTree) parent.getChild(name);
+ Tree child = parent.getChild(name);
String destPath = moveTracker.getDestPath(child.getPath());
if (destPath != null) {
- ImmutableTree dest = (ImmutableTree)
rootAfter.getTree(destPath);
+ Tree dest = rootAfter.getTree(destPath);
if (dest.exists()) {
// check permissions for removing that node.
validator.checkPermissions(child, true,
Permissions.REMOVE_NODE);
@@ -162,10 +161,11 @@ public class MoveAwarePermissionValidato
return false;
}
- private boolean diff(@Nonnull ImmutableTree source, @Nonnull
ImmutableTree dest,
+ private boolean diff(@Nonnull Tree source, @Nonnull Tree dest,
@Nonnull MoveAwarePermissionValidator validator)
throws CommitFailedException {
Validator nextValidator = validator.visibleValidator(source, dest);
- CommitFailedException e = EditorDiff.process(nextValidator ,
source.getNodeState(), dest.getNodeState());
+ TreeProvider tp = validator.getTreeProvider();
+ CommitFailedException e = EditorDiff.process(nextValidator ,
tp.asNodeState(source), tp.asNodeState(dest));
if (e != null) {
throw e;
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImpl.java
Wed May 9 15:38:38 2018
@@ -24,10 +24,9 @@ import javax.annotation.Nullable;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
-import org.apache.jackrabbit.oak.plugins.tree.RootProvider;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.plugins.tree.TreeType;
-import org.apache.jackrabbit.oak.spi.version.VersionConstants;
+import org.apache.jackrabbit.oak.security.authorization.ProviderCtx;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.Context;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
@@ -41,6 +40,7 @@ import org.apache.jackrabbit.oak.spi.sec
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
+import org.apache.jackrabbit.oak.spi.version.VersionConstants;
public class PermissionProviderImpl implements PermissionProvider,
AccessControlConstants, PermissionConstants, AggregatedPermissionProvider {
@@ -56,7 +56,7 @@ public class PermissionProviderImpl impl
private final Context ctx;
- private final RootProvider rootProvider;
+ private final ProviderCtx providerCtx;
private CompiledPermissions compiledPermissions;
@@ -68,33 +68,33 @@ public class PermissionProviderImpl impl
@Nonnull RestrictionProvider
restrictionProvider,
@Nonnull ConfigurationParameters options,
@Nonnull Context ctx,
- @Nonnull RootProvider rootProvider) {
+ @Nonnull ProviderCtx providerCtx) {
this.root = root;
this.workspaceName = workspaceName;
this.principals = principals;
this.restrictionProvider = restrictionProvider;
this.options = options;
this.ctx = ctx;
- this.rootProvider = rootProvider;
+ this.providerCtx = providerCtx;
- immutableRoot = rootProvider.createReadOnlyRoot(root);
+ immutableRoot = providerCtx.getRootProvider().createReadOnlyRoot(root);
}
@Override
public void refresh() {
- immutableRoot = rootProvider.createReadOnlyRoot(root);
+ immutableRoot = providerCtx.getRootProvider().createReadOnlyRoot(root);
getCompiledPermissions().refresh(immutableRoot, workspaceName);
}
@Nonnull
@Override
public Set<String> getPrivileges(@Nullable Tree tree) {
- return
getCompiledPermissions().getPrivileges(PermissionUtil.getImmutableTree(tree,
immutableRoot));
+ return
getCompiledPermissions().getPrivileges(PermissionUtil.getReadOnlyTree(tree,
immutableRoot));
}
@Override
public boolean hasPrivileges(@Nullable Tree tree, @Nonnull String...
privilegeNames) {
- return
getCompiledPermissions().hasPrivileges(PermissionUtil.getImmutableTree(tree,
immutableRoot), privilegeNames);
+ return
getCompiledPermissions().hasPrivileges(PermissionUtil.getReadOnlyTree(tree,
immutableRoot), privilegeNames);
}
@Nonnull
@@ -106,12 +106,12 @@ public class PermissionProviderImpl impl
@Nonnull
@Override
public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull
TreePermission parentPermission) {
- return
getCompiledPermissions().getTreePermission(PermissionUtil.getImmutableTree(tree,
immutableRoot), parentPermission);
+ return
getCompiledPermissions().getTreePermission(PermissionUtil.getReadOnlyTree(tree,
immutableRoot), parentPermission);
}
@Override
public boolean isGranted(@Nonnull Tree tree, @Nullable PropertyState
property, long permissions) {
- return
getCompiledPermissions().isGranted(PermissionUtil.getImmutableTree(tree,
immutableRoot), property, permissions);
+ return
getCompiledPermissions().isGranted(PermissionUtil.getReadOnlyTree(tree,
immutableRoot), property, permissions);
}
@Override
@@ -153,7 +153,7 @@ public class PermissionProviderImpl impl
@Nonnull
@Override
public TreePermission getTreePermission(@Nonnull Tree tree, @Nonnull
TreeType type, @Nonnull TreePermission parentPermission) {
- return
getCompiledPermissions().getTreePermission(PermissionUtil.getImmutableTree(tree,
immutableRoot), type, parentPermission);
+ return
getCompiledPermissions().getTreePermission(PermissionUtil.getReadOnlyTree(tree,
immutableRoot), type, parentPermission);
}
//--------------------------------------------------------------------------
@@ -166,7 +166,7 @@ public class PermissionProviderImpl impl
} else {
cp = CompiledPermissionImpl.create(immutableRoot,
workspaceName,
getPermissionStore(immutableRoot, workspaceName,
restrictionProvider), principals,
- restrictionProvider, options, ctx);
+ options, ctx, providerCtx);
}
compiledPermissions = cp;
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionUtil.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionUtil.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionUtil.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionUtil.java
Wed May 9 15:38:38 2018
@@ -28,7 +28,7 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
-import org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree;
+import org.apache.jackrabbit.oak.plugins.tree.ReadOnly;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
@@ -108,11 +108,11 @@ public final class PermissionUtil implem
return path;
}
- public static Tree getImmutableTree(@Nullable Tree tree, @Nonnull Root
immutableRoot) {
- if (tree instanceof ImmutableTree) {
+ public static Tree getReadOnlyTree(@Nullable Tree tree, @Nonnull Root
readOnlyRoot) {
+ if (tree instanceof ReadOnly) {
return tree;
} else {
- return (tree == null) ? null :
immutableRoot.getTree(tree.getPath());
+ return (tree == null) ? null :
readOnlyRoot.getTree(tree.getPath());
}
}
}
\ No newline at end of file
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
Wed May 9 15:38:38 2018
@@ -25,11 +25,11 @@ import org.apache.jackrabbit.oak.api.Com
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.index.IndexConstants;
-import org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree;
import org.apache.jackrabbit.oak.plugins.lock.LockConstants;
import org.apache.jackrabbit.oak.plugins.nodetype.TypePredicate;
import org.apache.jackrabbit.oak.plugins.tree.TreeConstants;
-import org.apache.jackrabbit.oak.spi.version.VersionConstants;
+import org.apache.jackrabbit.oak.plugins.tree.TreeProvider;
+import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.commit.DefaultValidator;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.commit.VisibleValidator;
@@ -38,7 +38,7 @@ import org.apache.jackrabbit.oak.spi.sec
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.spi.state.NodeStateUtils;
-import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
+import org.apache.jackrabbit.oak.spi.version.VersionConstants;
import static com.google.common.base.Preconditions.checkNotNull;
import static org.apache.jackrabbit.JcrConstants.JCR_CREATED;
@@ -190,6 +190,11 @@ class PermissionValidator extends Defaul
return permissionProvider;
}
+ @Nonnull
+ TreeProvider getTreeProvider() {
+ return provider.getTreeProvider();
+ }
+
@CheckForNull
Validator checkPermissions(@Nonnull Tree tree, boolean isBefore,
long defaultPermission) throws
CommitFailedException {
@@ -200,7 +205,7 @@ class PermissionValidator extends Defaul
}
return null; // no need for further validation down the subtree
} else {
- NodeState ns = getNodeState(tree);
+ NodeState ns = provider.getTreeProvider().asNodeState(tree);
if (ns == null) {
throw new CommitFailedException(ACCESS, 0, "Access denied");
}
@@ -317,7 +322,7 @@ class PermissionValidator extends Defaul
// NOTE: we cannot rely on autocreated/protected definition as this
// doesn't reveal if a given property is expected to be never modified
// after creation.
- NodeState parentNs = getNodeState(parent);
+ NodeState parentNs = provider.getTreeProvider().asNodeState(parent);
if (JcrConstants.JCR_UUID.equals(name) &&
isReferenceable.apply(parentNs)) {
return true;
} else {
@@ -357,13 +362,4 @@ class PermissionValidator extends Defaul
private boolean isIndexDefinition(@Nonnull Tree tree) {
return tree.getPath().contains(IndexConstants.INDEX_DEFINITIONS_NAME);
}
-
- @CheckForNull
- private static NodeState getNodeState(@Nonnull Tree tree) {
- if (tree instanceof ImmutableTree) {
- return ((ImmutableTree) tree).getNodeState();
- } else {
- return null;
- }
- }
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java
Wed May 9 15:38:38 2018
@@ -22,15 +22,14 @@ import javax.annotation.Nonnull;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
-import org.apache.jackrabbit.oak.plugins.tree.RootProvider;
import org.apache.jackrabbit.oak.plugins.tree.TreeProvider;
+import org.apache.jackrabbit.oak.security.authorization.ProviderCtx;
import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.Context;
-import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
@@ -44,7 +43,6 @@ import org.apache.jackrabbit.oak.spi.sta
*/
public class PermissionValidatorProvider extends ValidatorProvider {
- private final SecurityProvider securityProvider;
private final AuthorizationConfiguration acConfig;
private final long jr2Permissions;
@@ -52,17 +50,15 @@ public class PermissionValidatorProvider
private final Set<Principal> principals;
private final MoveTracker moveTracker;
- private final RootProvider rootProvider;
- private final TreeProvider treeProvider;
+ private final ProviderCtx providerCtx;
private Context acCtx;
private Context userCtx;
- public PermissionValidatorProvider(@Nonnull SecurityProvider
securityProvider, @Nonnull String workspaceName,
+ public PermissionValidatorProvider(@Nonnull String workspaceName,
@Nonnull Set<Principal> principals,
@Nonnull MoveTracker moveTracker,
- @Nonnull RootProvider rootProvider,
@Nonnull TreeProvider treeProvider) {
- this.securityProvider = securityProvider;
- this.acConfig =
securityProvider.getConfiguration(AuthorizationConfiguration.class);
+ @Nonnull ProviderCtx providerCtx) {
+ this.acConfig =
providerCtx.getSecurityProvider().getConfiguration(AuthorizationConfiguration.class);
ConfigurationParameters params = acConfig.getParameters();
String compatValue =
params.getConfigValue(PermissionConstants.PARAM_PERMISSIONS_JR2, null,
String.class);
@@ -72,8 +68,7 @@ public class PermissionValidatorProvider
this.principals = principals;
this.moveTracker = moveTracker;
- this.rootProvider = rootProvider;
- this.treeProvider = treeProvider;
+ this.providerCtx = providerCtx;
}
//--------------------------------------------------< ValidatorProvider
>---
@@ -100,21 +95,25 @@ public class PermissionValidatorProvider
Context getUserContext() {
if (userCtx == null) {
- UserConfiguration uc =
securityProvider.getConfiguration(UserConfiguration.class);
+ UserConfiguration uc =
providerCtx.getSecurityProvider().getConfiguration(UserConfiguration.class);
userCtx = uc.getContext();
}
return userCtx;
}
+ TreeProvider getTreeProvider() {
+ return providerCtx.getTreeProvider();
+ }
+
boolean requiresJr2Permissions(long permission) {
return Permissions.includes(jr2Permissions, permission);
}
Root createReadOnlyRoot(@Nonnull NodeState nodeState) {
- return rootProvider.createReadOnlyRoot(nodeState);
+ return providerCtx.getRootProvider().createReadOnlyRoot(nodeState);
}
Tree createReadOnlyTree(@Nonnull NodeState nodeState) {
- return treeProvider.createReadOnlyTree(nodeState);
+ return providerCtx.getTreeProvider().createReadOnlyTree(nodeState);
}
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionTreePermission.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionTreePermission.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionTreePermission.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionTreePermission.java
Wed May 9 15:38:38 2018
@@ -22,7 +22,7 @@ import javax.annotation.Nonnull;
import com.google.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
-import org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree;
+import org.apache.jackrabbit.oak.plugins.tree.TreeProvider;
import org.apache.jackrabbit.oak.spi.version.VersionConstants;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.state.NodeState;
@@ -40,10 +40,12 @@ class VersionTreePermission implements T
private final Tree versionTree;
private final TreePermission versionablePermission;
+ private final TreeProvider treeProvider;
- VersionTreePermission(@Nonnull Tree versionTree, @Nonnull TreePermission
versionablePermission) {
+ VersionTreePermission(@Nonnull Tree versionTree, @Nonnull TreePermission
versionablePermission, @Nonnull TreeProvider treeProvider) {
this.versionTree = versionTree;
this.versionablePermission = versionablePermission;
+ this.treeProvider = treeProvider;
}
VersionTreePermission createChildPermission(@Nonnull Tree versionTree) {
@@ -51,9 +53,9 @@ class VersionTreePermission implements T
if (JCR_FROZENNODE.equals(versionTree.getName()) ||
NT_NAMES.contains(TreeUtil.getPrimaryTypeName(versionTree))) {
delegatee = versionablePermission;
} else {
- delegatee =
versionablePermission.getChildPermission(versionTree.getName(),
((ImmutableTree) versionTree).getNodeState());
+ delegatee =
versionablePermission.getChildPermission(versionTree.getName(),
treeProvider.asNodeState(versionTree));
}
- return new VersionTreePermission(versionTree, delegatee);
+ return new VersionTreePermission(versionTree, delegatee, treeProvider);
}
//-----------------------------------------------------< TreePermission
>---
@@ -61,7 +63,7 @@ class VersionTreePermission implements T
@Nonnull
@Override
public TreePermission getChildPermission(@Nonnull String childName,
@Nonnull NodeState childState) {
- return createChildPermission(new ImmutableTree((ImmutableTree)
versionTree, childName, childState));
+ return
createChildPermission(treeProvider.createReadOnlyTree(versionTree, childName,
childState));
}
@Override
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeConfigurationImpl.java
Wed May 9 15:38:38 2018
@@ -79,7 +79,7 @@ public class PrivilegeConfigurationImpl
@Nonnull
@Override
public List<? extends ValidatorProvider> getValidators(@Nonnull String
workspaceName, @Nonnull Set<Principal> principals, @Nonnull MoveTracker
moveTracker) {
- return Collections.singletonList(new
PrivilegeValidatorProvider(getRootProvider()));
+ return Collections.singletonList(new
PrivilegeValidatorProvider(getRootProvider(), getTreeProvider()));
}
@Nonnull
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidator.java
Wed May 9 15:38:38 2018
@@ -25,10 +25,10 @@ import org.apache.jackrabbit.oak.api.Com
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
-import org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree;
-import org.apache.jackrabbit.oak.spi.namespace.NamespaceConstants;
+import org.apache.jackrabbit.oak.plugins.tree.TreeProvider;
import org.apache.jackrabbit.oak.spi.commit.DefaultValidator;
import org.apache.jackrabbit.oak.spi.commit.Validator;
+import org.apache.jackrabbit.oak.spi.namespace.NamespaceConstants;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
@@ -49,11 +49,13 @@ class PrivilegeValidator extends Default
private final Root rootBefore;
private final Root rootAfter;
private final PrivilegeBitsProvider bitsProvider;
+ private final TreeProvider treeProvider;
- PrivilegeValidator(Root before, Root after) {
+ PrivilegeValidator(@Nonnull Root before, @Nonnull Root after, @Nonnull
TreeProvider treeProvider) {
rootBefore = before;
rootAfter = after;
bitsProvider = new PrivilegeBitsProvider(rootBefore);
+ this.treeProvider = treeProvider;
}
//----------------------------------------------------------< Validator
>---
@@ -80,7 +82,7 @@ class PrivilegeValidator extends Default
public Validator childNodeAdded(String name, NodeState after) throws
CommitFailedException {
if (isPrivilegeDefinition(after)) {
// make sure privileges have been initialized before
- getPrivilegesTree(rootBefore);
+ Tree parent = getPrivilegesTree(rootBefore);
// the following characteristics are expected to be validated
elsewhere:
// - permission to allow privilege registration -> permission
validator.
@@ -94,7 +96,7 @@ class PrivilegeValidator extends Default
}
// validate the definition
- Tree tree = new
ImmutableTree(ImmutableTree.ParentProvider.UNSUPPORTED, name, after);
+ Tree tree = treeProvider.createReadOnlyTree(parent, name, after);
validateDefinition(tree);
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/privilege/PrivilegeValidatorProvider.java
Wed May 9 15:38:38 2018
@@ -20,6 +20,7 @@ import javax.annotation.Nonnull;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.plugins.tree.RootProvider;
+import org.apache.jackrabbit.oak.plugins.tree.TreeProvider;
import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
import org.apache.jackrabbit.oak.spi.commit.SubtreeValidator;
import org.apache.jackrabbit.oak.spi.commit.Validator;
@@ -37,20 +38,23 @@ import static org.apache.jackrabbit.oak.
class PrivilegeValidatorProvider extends ValidatorProvider {
private final RootProvider rootProvider;
+ private final TreeProvider treeProvider;
- PrivilegeValidatorProvider(@Nonnull RootProvider rootProvider) {
+ PrivilegeValidatorProvider(@Nonnull RootProvider rootProvider, @Nonnull
TreeProvider treeProvider) {
this.rootProvider = rootProvider;
+ this.treeProvider = treeProvider;
}
@Nonnull
@Override
public Validator getRootValidator(
NodeState before, NodeState after, CommitInfo info) {
- return new SubtreeValidator(new PrivilegeValidator(createRoot(before),
createRoot(after)),
+ return new SubtreeValidator(new PrivilegeValidator(createRoot(before),
createRoot(after), treeProvider),
JCR_SYSTEM, REP_PRIVILEGES);
}
private Root createRoot(NodeState nodeState) {
return rootProvider.createReadOnlyRoot(nodeState);
}
+
}
\ No newline at end of file
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidatorTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidatorTest.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidatorTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidatorTest.java
Wed May 9 15:38:38 2018
@@ -32,9 +32,12 @@ import org.apache.jackrabbit.oak.Abstrac
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.memory.MemoryNodeStore;
-import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
+import
org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl;
+import
org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
import org.apache.jackrabbit.oak.spi.commit.Validator;
+import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
+import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
@@ -90,7 +93,8 @@ public class AccessControlValidatorTest
}
private AccessControlValidatorProvider createValidatorProvider() {
- return new AccessControlValidatorProvider(getSecurityProvider(),
getRootProvider(), getTreeProvider());
+ CompositeAuthorizationConfiguration cac =
(CompositeAuthorizationConfiguration)
getConfig(AuthorizationConfiguration.class);
+ return new
AccessControlValidatorProvider((AuthorizationConfigurationImpl)
cac.getDefaultConfig());
}
private NodeUtil createAcl() throws AccessDeniedException {
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/AbstractCompositeProviderTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/AbstractCompositeProviderTest.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/AbstractCompositeProviderTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/AbstractCompositeProviderTest.java
Wed May 9 15:38:38 2018
@@ -38,10 +38,9 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
-import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
-import org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree;
import
org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration.CompositionType;
+import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
@@ -254,7 +253,7 @@ public abstract class AbstractCompositeP
String workspaceName = root.getContentSession().getWorkspaceName();
AuthorizationConfiguration config =
getConfig(AuthorizationConfiguration.class);
return new CompositePermissionProvider(root,
getAggregatedProviders(workspaceName, config, principals),
- config.getContext(), CompositionType.AND, getRootProvider());
+ config.getContext(), CompositionType.AND, getRootProvider(),
getTreeProvider());
}
CompositePermissionProvider createPermissionProviderOR(Principal...
principals) {
@@ -265,7 +264,7 @@ public abstract class AbstractCompositeP
String workspaceName = root.getContentSession().getWorkspaceName();
AuthorizationConfiguration config =
getConfig(AuthorizationConfiguration.class);
return new CompositePermissionProvider(root,
getAggregatedProviders(workspaceName, config, principals),
- config.getContext(), CompositionType.OR, getRootProvider());
+ config.getContext(), CompositionType.OR, getRootProvider(),
getTreeProvider());
}
@Test
@@ -573,7 +572,7 @@ public abstract class AbstractCompositeP
List<String> childNames = ImmutableList.of("test", "a", "b", "c",
"nonexisting");
Tree rootTree = readOnlyRoot.getTree(ROOT_PATH);
- NodeState ns = ((ImmutableTree) rootTree).getNodeState();
+ NodeState ns = getTreeProvider().asNodeState(rootTree);
TreePermission tp =
createPermissionProvider().getTreePermission(rootTree, TreePermission.EMPTY);
for (String cName : childNames) {
@@ -588,7 +587,7 @@ public abstract class AbstractCompositeP
List<String> childNames = ImmutableList.of("test", "a", "b", "c",
"nonexisting");
Tree rootTree = readOnlyRoot.getTree(ROOT_PATH);
- NodeState ns = ((ImmutableTree) rootTree).getNodeState();
+ NodeState ns = getTreeProvider().asNodeState(rootTree);
TreePermission tp =
createPermissionProviderOR().getTreePermission(rootTree, TreePermission.EMPTY);
for (String cName : childNames) {
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderCoverageTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderCoverageTest.java?rev=1831261&r1=1831260&r2=1831261&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderCoverageTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderCoverageTest.java
Wed May 9 15:38:38 2018
@@ -32,7 +32,6 @@ import org.apache.jackrabbit.oak.api.Roo
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
-import org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree;
import
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
@@ -116,7 +115,7 @@ public class CompositeProviderCoverageTe
List<String> childNames = ImmutableList.of("test", "a", "b", "c",
"nonexisting");
Tree rootTree = readOnlyRoot.getTree(ROOT_PATH);
- NodeState ns = ((ImmutableTree) rootTree).getNodeState();
+ NodeState ns = getTreeProvider().asNodeState(rootTree);
TreePermission tp =
createPermissionProvider().getTreePermission(rootTree, TreePermission.EMPTY);
for (String cName : childNames) {
@@ -132,7 +131,7 @@ public class CompositeProviderCoverageTe
List<String> childNames = ImmutableList.of("test", "a", "b", "c",
"nonexisting");
Tree rootTree = readOnlyRoot.getTree(ROOT_PATH);
- NodeState ns = ((ImmutableTree) rootTree).getNodeState();
+ NodeState ns = getTreeProvider().asNodeState(rootTree);
TreePermission tp =
createPermissionProviderOR().getTreePermission(rootTree, TreePermission.EMPTY);
for (String cName : childNames) {
