Author: angela
Date: Mon Dec 17 14:06:16 2018
New Revision: 1849091
URL: http://svn.apache.org/viewvc?rev=1849091&view=rev
Log:
OAK-7944 : Minor improvements to oak security code base
- more access modifiers that must not be public
- PermissionValidator: redundant check for null node state
- PermissionStoreEditor: improve readability
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationInitializer.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditor.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipWriter.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/PasswordHistory.java
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationInitializer.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationInitializer.java?rev=1849091&r1=1849090&r2=1849091&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationInitializer.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationInitializer.java
Mon Dec 17 14:06:16 2018
@@ -46,7 +46,7 @@ class AuthorizationInitializer implement
private final MountInfoProvider mountInfoProvider;
- public AuthorizationInitializer(@NotNull MountInfoProvider
mountInfoProvider) {
+ AuthorizationInitializer(@NotNull MountInfoProvider mountInfoProvider) {
this.mountInfoProvider = mountInfoProvider;
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java?rev=1849091&r1=1849090&r2=1849091&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java
Mon Dec 17 14:06:16 2018
@@ -43,14 +43,14 @@ final class Util implements AccessContro
*/
private Util() {}
- public static void checkValidPrincipal(@Nullable Principal principal,
- @NotNull PrincipalManager
principalManager) throws AccessControlException {
+ static void checkValidPrincipal(@Nullable Principal principal,
+ @NotNull PrincipalManager
principalManager) throws AccessControlException {
checkValidPrincipal(principal, principalManager, ImportBehavior.ABORT);
}
- public static boolean checkValidPrincipal(@Nullable Principal principal,
- @NotNull PrincipalManager
principalManager,
- int importBehavior) throws
AccessControlException {
+ static boolean checkValidPrincipal(@Nullable Principal principal,
+ @NotNull PrincipalManager
principalManager,
+ int importBehavior) throws
AccessControlException {
String name = (principal == null) ? null : principal.getName();
if (name == null || name.isEmpty()) {
throw new AccessControlException("Invalid principal " + name);
@@ -73,8 +73,8 @@ final class Util implements AccessContro
}
}
- public static void checkValidPrincipals(@Nullable Set<Principal>
principals,
- @NotNull PrincipalManager
principalManager) throws AccessControlException {
+ static void checkValidPrincipals(@Nullable Set<Principal> principals,
+ @NotNull PrincipalManager
principalManager) throws AccessControlException {
if (principals == null) {
throw new AccessControlException("Valid principals expected. Found
null.");
}
@@ -83,7 +83,7 @@ final class Util implements AccessContro
}
}
- public static boolean isValidPolicy(@Nullable String oakPath, @NotNull
AccessControlPolicy policy) {
+ static boolean isValidPolicy(@Nullable String oakPath, @NotNull
AccessControlPolicy policy) {
if (policy instanceof ACL) {
String path = ((ACL) policy).getOakPath();
return !((path == null && oakPath != null) || (path != null &&
!path.equals(oakPath)));
@@ -91,29 +91,29 @@ final class Util implements AccessContro
return false;
}
- public static void checkValidPolicy(@Nullable String oakPath, @NotNull
AccessControlPolicy policy) throws AccessControlException {
+ static void checkValidPolicy(@Nullable String oakPath, @NotNull
AccessControlPolicy policy) throws AccessControlException {
if (!isValidPolicy(oakPath, policy)) {
throw new AccessControlException("Invalid access control policy "
+ policy);
}
}
- public static boolean isAccessControlled(@Nullable String oakPath,
@NotNull Tree tree,
- @NotNull ReadOnlyNodeTypeManager
ntMgr) {
+ static boolean isAccessControlled(@Nullable String oakPath, @NotNull Tree
tree,
+ @NotNull ReadOnlyNodeTypeManager ntMgr) {
String mixinName = getMixinName(oakPath);
return ntMgr.isNodeType(tree, mixinName);
}
- public static boolean isACE(@NotNull Tree tree, @NotNull
ReadOnlyNodeTypeManager ntMgr) {
+ static boolean isACE(@NotNull Tree tree, @NotNull ReadOnlyNodeTypeManager
ntMgr) {
return tree.exists() && ntMgr.isNodeType(tree, NT_REP_ACE);
}
@NotNull
- public static String getMixinName(@Nullable String oakPath) {
+ static String getMixinName(@Nullable String oakPath) {
return (oakPath == null) ? MIX_REP_REPO_ACCESS_CONTROLLABLE :
MIX_REP_ACCESS_CONTROLLABLE;
}
@NotNull
- public static String getAclName(@Nullable String oakPath) {
+ static String getAclName(@Nullable String oakPath) {
return (oakPath == null) ? REP_REPO_POLICY : REP_POLICY;
}
@@ -125,7 +125,7 @@ final class Util implements AccessContro
* @return the name of the ACE node.
*/
@NotNull
- public static String generateAceName(@NotNull ACE ace, int index) {
+ static String generateAceName(@NotNull ACE ace, int index) {
String hint = (ace.isAllow()) ? "allow" : "deny";
if (index == 0) {
return hint;
@@ -134,7 +134,7 @@ final class Util implements AccessContro
}
}
- public static int getImportBehavior(AuthorizationConfiguration config) {
+ static int getImportBehavior(AuthorizationConfiguration config) {
String importBehaviorStr =
config.getParameters().getConfigValue(ProtectedItemImporter.PARAM_IMPORT_BEHAVIOR,
ImportBehavior.NAME_ABORT);
return ImportBehavior.valueFromString(importBehaviorStr);
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditor.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditor.java?rev=1849091&r1=1849090&r2=1849091&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditor.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditor.java
Mon Dec 17 14:06:16 2018
@@ -232,11 +232,13 @@ final class PermissionStoreEditor implem
private static void updateNumEntries(@NotNull String principalName,
@NotNull NodeBuilder principalRoot, int cnt) {
PropertyState ps = principalRoot.getProperty(REP_NUM_PERMISSIONS);
- long numEntries = ((ps == null) ? 0 : ps.getValue(Type.LONG)) + cnt;
if (ps == null && !principalRoot.isNew()) {
// existing principal root that doesn't have the rep:numEntries set
return;
- } else if (numEntries < 0) {
+ }
+
+ long numEntries = ((ps == null) ? 0 : ps.getValue(Type.LONG)) + cnt;
+ if (numEntries < 0) {
// numEntries unexpectedly turned negative
log.error("NumEntries counter for principal '"+principalName+"'
turned negative -> removing 'rep:numPermissions' property.");
principalRoot.removeProperty(REP_NUM_PERMISSIONS);
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java?rev=1849091&r1=1849090&r2=1849091&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java
Mon Dec 17 14:06:16 2018
@@ -204,10 +204,6 @@ class PermissionValidator extends Defaul
return null; // no need for further validation down the subtree
} else {
NodeState ns = provider.getTreeProvider().asNodeState(tree);
- if (ns == null) {
- throw new CommitFailedException(ACCESS, 0, "Access denied");
- }
-
TreePermission tp =
parentPermission.getChildPermission(tree.getName(), ns);
if (!tp.isGranted(toTest)) {
throw new CommitFailedException(ACCESS, 0, "Access denied");
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipWriter.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipWriter.java?rev=1849091&r1=1849090&r2=1849091&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipWriter.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipWriter.java
Mon Dec 17 14:06:16 2018
@@ -49,7 +49,7 @@ public class MembershipWriter {
*/
private int membershipSizeThreshold = DEFAULT_MEMBERSHIP_THRESHOLD;
- public void setMembershipSizeThreshold(int membershipSizeThreshold) {
+ void setMembershipSizeThreshold(int membershipSizeThreshold) {
this.membershipSizeThreshold = membershipSizeThreshold;
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/PasswordHistory.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/PasswordHistory.java?rev=1849091&r1=1849090&r2=1849091&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/PasswordHistory.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/PasswordHistory.java
Mon Dec 17 14:06:16 2018
@@ -42,7 +42,7 @@ final class PasswordHistory implements U
private final int maxSize;
private final boolean isEnabled;
- public PasswordHistory(@NotNull ConfigurationParameters config) {
+ PasswordHistory(@NotNull ConfigurationParameters config) {
maxSize = Math.min(HISTORY_MAX_SIZE,
config.getConfigValue(UserConstants.PARAM_PASSWORD_HISTORY_SIZE,
UserConstants.PASSWORD_HISTORY_DISABLED_SIZE));
isEnabled = maxSize > UserConstants.PASSWORD_HISTORY_DISABLED_SIZE;
}
