date:20180405

svn commit: r1828446 - /jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/

2018-04-05 Thread angela

Author: angela
Date: Thu Apr  5 15:33:48 2018
New Revision: 1828446

URL: http://svn.apache.org/viewvc?rev=1828446=rev
Log:
OAK-5122 : Exercise for Custom Authorization Models (wip)

Added:

jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/

jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L1_IntroductionTest.java
  - copied, changed from r1828439, 
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/accesscontrol/L1_IntroductionTest.java

jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L2_SetupAggregationTest.java
   (with props)

jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L3_UnderstandAggregationTest.java
   (with props)

jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L4_CustomAuthorizationTest.java
   (with props)

jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L5_CustomAccessControlManagementTest.java
   (with props)

jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L6_CustomPermissionEvaluationTest.java
   (with props)

Copied: 
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L1_IntroductionTest.java
 (from r1828439, 
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/accesscontrol/L1_IntroductionTest.java)
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L1_IntroductionTest.java?p2=jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L1_IntroductionTest.java=jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/accesscontrol/L1_IntroductionTest.java=1828439=1828446=1828446=diff
==
--- 
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/accesscontrol/L1_IntroductionTest.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L1_IntroductionTest.java
 Thu Apr  5 15:33:48 2018
@@ -14,68 +14,29 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package 
org.apache.jackrabbit.oak.exercise.security.authorization.accesscontrol;
+package org.apache.jackrabbit.oak.exercise.security.authorization.advanced;
 
 import org.apache.jackrabbit.oak.AbstractSecurityTest;
 
 /**
  * 
- * Module: Authorization (Access Control Management)
+ * Module: Advanced Authorization Topics
  * 
=
  *
- * Title: Introduction to Access Control Management
+ * Title: Introduction to Advanced Authorization Topics
  * 
-
  *
  * Goal:
- * Become familiar with the JCR Access Control Management API and the 
extensions
- * provided by Jackrabbit API. Understand how access control management is
- * used and exposed in Oak and finally gain insight into some details of the
- * default implementation.
+ * Become familiar with the following advanced authorization topics:
  *
- * Exercises:
- *
- * - Overview and Usages of AccessControl Management
- *   Search for usage of the access control management API (e.g. {@link 
javax.jcr.security.AccessControlManager})
- *   in Oak _and_ Jackrabbit JCR Commons.
- *
- *   Question: Where is the access control manager being used for?
- *   Question: Who is the expected API consumer?
- *   Question: What are the characteristics of this areas?
- *   Question: Can you identify areas where oak-jcr and oak-core actually make 
use of the access control management API?
- *
- * - Configuration
- *   Look at the default implementation(s) of the {@link 
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration}
- *   and try to identify the configurable parts with respect to access control.
- *   Compare your results with the Oak documentation.
- *
- *   Question: Can you provide a list of configuration options for access 
control s.str.?
- *   Question: Can you identify where these configuration options are being 
evaluated?
- *   Question: Which options also affect the permission evaluation?
- *
- * - Pluggability
- *   Become familar with the pluggable parts of the access control management

svn commit: r1828445 - /jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java

2018-04-05 Thread stillalex

Author: stillalex
Date: Thu Apr  5 15:29:49 2018
New Revision: 1828445

URL: http://svn.apache.org/viewvc?rev=1828445=rev
Log:
OAK-5122 Exercise for Custom Authorization Models
 - javadocs


Modified:

jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java

Modified: 
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java?rev=1828445=1828444=1828445=diff
==
--- 
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java
 Thu Apr  5 15:29:49 2018
@@ -74,7 +74,7 @@ import static org.apache.jackrabbit.oak.
  * This authorization module forms part of the training material provided by 
the
  * oak-exercise module and must not be used in a productive environment!
  *
- * Overview
+ * Overview
  * This simplistic authorization model is limited to permission evaluation and
  * doesn't support access control management.
  *
@@ -85,7 +85,7 @@ import static org.apache.jackrabbit.oak.
  * There exists a single exception to that rule: For the internal {@link 
SystemPrincipal}
  * permission evaluation is not enforced by this module i.e. this module is 
skipped.
  *
- * Intended Usage
+ * Intended Usage
  * This authorization model is intended to be used in 'AND' combination with 
the
  * default authorization setup defined by Oak (and optionally additional models
  * such as e.g. oak-authorization-cug.
@@ -93,14 +93,14 @@ import static org.apache.jackrabbit.oak.
  * It is not intended to be used as standalone model as it would grant full 
read
  * access to everyone.
  *
- * Limitations
+ * Limitations
  * Experimental model for training purpose and not intended for usage in 
production.
  *
- * Key Features
+ * Key Features
  *
- * Access Control Management
+ * Access Control Management
  *
- * 
+ * 
  * FeatureDescription
  * Supported Privilegesall
  * Supports Custom Privilegesyes
@@ -111,25 +111,25 @@ import static org.apache.jackrabbit.oak.
  * Effective Policies by Principalsfor every set of 
principals a single effective policy of type {@link 
NamedAccessControlPolicy}
  * 
  *
- * Permission Evaluation
+ * Permission Evaluation
  *
- * 
+ * 
  * FeatureDescription
  * Supported Permissionsall
  * Aggregated Permission Provideryes
  * 
  *
- * Representation in the Repository
+ * Representation in the Repository
  *
  * There exists no dedicated access control or permission content for this
  * authorization model as it doesn't persist any information into the 
repository.
  * {@link SecurityConfiguration#getContext()} therefore returns the {@link 
Context#DEFAULT default}.
  *
- * Configuration
+ * Configuration
  *
  * This model doesn't come with any configuration options.
  *
- * Installation Instructions
+ * Installation Instructions
  *
  * The following steps are required to install this authorization model in an 
OSGi based Oak setup.
  *
@@ -142,7 +142,7 @@ import static org.apache.jackrabbit.oak.
  * make sure the 'Authorization Composition Type' is set to 
AND
  * 
  * 
- * Wait for the {@link SecurityProvider} to be successfully registered 
again.
+ * Wait for the {@link 
org.apache.jackrabbit.oak.spi.security.SecurityProvider} to be successfully 
registered again.
  * 
  *
  */

svn commit: r1828444 - /jackrabbit/oak/trunk/oak-segment-tar/src/main/java/org/apache/jackrabbit/oak/segment/SegmentNodeStoreStatsMBean.java

2018-04-05 Thread stillalex

Author: stillalex
Date: Thu Apr  5 15:28:12 2018
New Revision: 1828444

URL: http://svn.apache.org/viewvc?rev=1828444=rev
Log:
OAK-7384 SegmentNodeStoreStats should expose stats for previous minute per 
thread group
 - javadocs


Modified:

jackrabbit/oak/trunk/oak-segment-tar/src/main/java/org/apache/jackrabbit/oak/segment/SegmentNodeStoreStatsMBean.java

Modified: 
jackrabbit/oak/trunk/oak-segment-tar/src/main/java/org/apache/jackrabbit/oak/segment/SegmentNodeStoreStatsMBean.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-segment-tar/src/main/java/org/apache/jackrabbit/oak/segment/SegmentNodeStoreStatsMBean.java?rev=1828444=1828443=1828444=diff
==
--- 
jackrabbit/oak/trunk/oak-segment-tar/src/main/java/org/apache/jackrabbit/oak/segment/SegmentNodeStoreStatsMBean.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-segment-tar/src/main/java/org/apache/jackrabbit/oak/segment/SegmentNodeStoreStatsMBean.java
 Thu Apr  5 15:28:12 2018
@@ -47,21 +47,21 @@ public interface SegmentNodeStoreStatsMB
 CompositeData getQueuingTimes();
 
 /**
- * @return tabular data of the form  collected 
+ * @return tabular data of the form commits,writerGroup collected 
  * in the last minute
  * @throws OpenDataException if data is not available
  */
 TabularData getCommitsCountPerWriterGroupLastMinute() throws 
OpenDataException;
 
 /**
- * @return tabular data of the form  for writers 
+ * @return tabular data of the form commits,writer for writers 
  * not included in groups
  * @throws OpenDataException if data is not available
  */
 TabularData getCommitsCountForOtherWriters() throws OpenDataException;
 
 /**
- * @return tabular data of the form  for each writer
+ * @return tabular data of the form writer,writerDetails for each 
writer
  * currently in the queue
  * @throws OpenDataException if data is not available
  */

svn commit: r1828443 - /jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java

2018-04-05 Thread stillalex

Author: stillalex
Date: Thu Apr  5 15:26:48 2018
New Revision: 1828443

URL: http://svn.apache.org/viewvc?rev=1828443=rev
Log:
OAK-7024 java.security.acl deprecated in Java 10, marked for removal in Java 12
 - more javadocs


Modified:

jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java

Modified: 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java?rev=1828443=1828442=1828443=diff
==
--- 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java
 Thu Apr  5 15:26:48 2018
@@ -69,7 +69,7 @@ import org.slf4j.LoggerFactory;
 
 /**
  * Implementation of the {@code PrincipalConfiguration} interface that provides
- * principal management for {@link Group principals} associated with
+ * principal management for {@code Group principals} associated with
  * {@link 
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity 
external identities}
  * managed outside of the scope of the repository by an
  * {@link 
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider}.

svn commit: r1828441 - /jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/accesscontrol/L7_RestrictionsTest.java

2018-04-05 Thread angela

Author: angela
Date: Thu Apr  5 15:10:08 2018
New Revision: 1828441

URL: http://svn.apache.org/viewvc?rev=1828441=rev
Log:
minor improvement (typo)

Modified:

jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/accesscontrol/L7_RestrictionsTest.java

Modified: 
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/accesscontrol/L7_RestrictionsTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/accesscontrol/L7_RestrictionsTest.java?rev=1828441=1828440=1828441=diff
==
--- 
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/accesscontrol/L7_RestrictionsTest.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/accesscontrol/L7_RestrictionsTest.java
 Thu Apr  5 15:10:08 2018
@@ -80,7 +80,7 @@ import org.apache.jackrabbit.test.NotExe
  * 
-
  *
  * While the restriction API provided by Jackrabbit API is rather limited the
- * Oak internal way to handle, store and read these restictions is a bit
+ * Oak internal way to handle, store and read these restrictions is a bit
  * more elaborate.
  *
  * Use the Oak code base and the documentation at

svn commit: r1828439 - /jackrabbit/oak/trunk/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/util/UTF8Encoder.java

2018-04-05 Thread reschke

Author: reschke
Date: Thu Apr  5 14:52:58 2018
New Revision: 1828439

URL: http://svn.apache.org/viewvc?rev=1828439=rev
Log:
OAK-7268: Create charset encoding utility that detects malformed input - 
Javadoc fix

Modified:

jackrabbit/oak/trunk/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/util/UTF8Encoder.java

Modified: 
jackrabbit/oak/trunk/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/util/UTF8Encoder.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/util/UTF8Encoder.java?rev=1828439=1828438=1828439=diff
==
--- 
jackrabbit/oak/trunk/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/util/UTF8Encoder.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/util/UTF8Encoder.java
 Thu Apr  5 14:52:58 2018
@@ -69,7 +69,7 @@ public class UTF8Encoder {
 }
 
 /**
- * @see {@link CharsetEncoder#canEncode(CharSequence)
+ * See {@link CharsetEncoder#canEncode(CharSequence)}.
  */
 public static boolean canEncode(CharSequence input) {
 CharsetEncoder e = CSE.get();

svn commit: r1828437 - /jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java

2018-04-05 Thread stillalex

Author: stillalex
Date: Thu Apr  5 14:30:11 2018
New Revision: 1828437

URL: http://svn.apache.org/viewvc?rev=1828437=rev
Log:
OAK-7024 java.security.acl deprecated in Java 10, marked for removal in Java 11
 - fixed javadocs


Modified:

jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java

Modified: 
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java?rev=1828437=1828436=1828437=diff
==
--- 
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java
 Thu Apr  5 14:30:11 2018
@@ -76,7 +76,7 @@ public interface PrincipalProvider {
 /**
  * Returns an iterator over all group principals for which the given
  * principal is either direct or indirect member of. Thus for any principal
- * returned in the iterator {@link GroupPrincipal#isMember(Principal)}
+ * returned in the iterator {@link 
org.apache.jackrabbit.api.security.principal.GroupPrincipal#isMember(Principal)}
  * must return {@code true}.
  * 
  * Example:
@@ -85,7 +85,7 @@ public interface PrincipalProvider {
  *
  * @param principal the principal to return it's membership from.
  * @return an iterator returning all groups the given principal is member 
of.
- * @see GroupPrincipal#isMember(java.security.Principal)
+ * @see 
org.apache.jackrabbit.api.security.principal.GroupPrincipal#isMember(java.security.Principal)
  */
 @Nonnull
 default Set getMembershipPrincipals(@Nonnull Principal 
principal) {

svn commit: r1828434 - /jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L7_PermissionContentTest.java

2018-04-05 Thread angela

Author: angela
Date: Thu Apr  5 13:51:03 2018
New Revision: 1828434

URL: http://svn.apache.org/viewvc?rev=1828434=rev
Log:
OAK-3008 : Training material for Oak security (wip)

Modified:

jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L7_PermissionContentTest.java

Modified: 
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L7_PermissionContentTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L7_PermissionContentTest.java?rev=1828434=1828433=1828434=diff
==
--- 
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L7_PermissionContentTest.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L7_PermissionContentTest.java
 Thu Apr  5 13:51:03 2018
@@ -16,9 +16,17 @@
  */
 package org.apache.jackrabbit.oak.exercise.security.authorization.permission;
 
+import javax.jcr.GuestCredentials;
+
 import org.apache.jackrabbit.oak.AbstractSecurityTest;
+import org.apache.jackrabbit.oak.api.ContentSession;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
 import org.junit.Test;
 
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
 /**
  * 
  * Module: Authorization (Permission Evaluation)
@@ -62,20 +70,41 @@ import org.junit.Test;
  *   Question: Can you explain why the permission store is read-only?
  *   Question: Can you identify the class(es) responsible for enforcing the 
read-only nature?
  *
- * - {@link #TODO}
- *
  * 
  */
 public class L7_PermissionContentTest extends AbstractSecurityTest {
 
-@Test
-public void testReadOnly() {
-// TODO
-}
+String permissionStorePath = null; // EXERCISE: specify the path to the 
permission store root node
 
 @Test
 public void testAdministrativeAccessOnly() {
-// TODO
+Root root = adminSession.getLatestRoot();
+Tree permissionStoreTree = root.getTree(permissionStorePath);
+assertTrue(permissionStoreTree.exists());
+
+// EXERCISE : explain the content structure of the permission store
+Tree wspTree = 
permissionStoreTree.getChild(adminSession.getWorkspaceName());
+for (Tree t : wspTree.getChildren()) {
+System.out.println(t.getName());
+}
+
+// EXERCISE : pick one child tree above and inspect the subtree
+//- what does the name of the child stand for?
+//- explain the structure
+String name = null; // EXERCISE
+Tree child = wspTree.getChild(name);
+
+// EXERCISE: walk through the tree structure and look at the properties
 }
 
+@Test
+public void testReadOnly() throws Exception {
+ContentSession guestSession = login(new GuestCredentials());
+
+Root root = guestSession.getLatestRoot();
+Tree permissionStoreTree = root.getTree(permissionStorePath);
+
+// EXERCISE: explain the fact that the tree does not exist
+assertFalse(permissionStoreTree.exists());
+}
 }
\ No newline at end of file

svn commit: r1828429 - in /jackrabbit/oak/trunk: oak-search/ oak-segment-azure/

2018-04-05 Thread mreutegg

Author: mreutegg
Date: Thu Apr  5 13:02:32 2018
New Revision: 1828429

URL: http://svn.apache.org/viewvc?rev=1828429=rev
Log:
Ignore target folder

Modified:
jackrabbit/oak/trunk/oak-search/   (props changed)
jackrabbit/oak/trunk/oak-segment-azure/   (props changed)

Propchange: jackrabbit/oak/trunk/oak-search/
--
--- svn:ignore (added)
+++ svn:ignore Thu Apr  5 13:02:32 2018
@@ -0,0 +1 @@
+target

Propchange: jackrabbit/oak/trunk/oak-segment-azure/
--
--- svn:ignore (added)
+++ svn:ignore Thu Apr  5 13:02:32 2018
@@ -0,0 +1 @@
+target

svn commit: r1828423 - /jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java

2018-04-05 Thread angela

Author: angela
Date: Thu Apr  5 12:30:03 2018
New Revision: 1828423

URL: http://svn.apache.org/viewvc?rev=1828423=rev
Log:
OAK-5122 : Exercise for Custom Authorization Models (wip)

Modified:

jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java

Modified: 
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java?rev=1828423=1828422=1828423=diff
==
--- 
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java
 Thu Apr  5 12:30:03 2018
@@ -21,8 +21,7 @@ import java.util.List;
 import java.util.Set;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
-import javax.jcr.RepositoryException;
-import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.jcr.security.AccessControlException;
 import javax.jcr.security.AccessControlManager;
 import javax.jcr.security.AccessControlPolicy;
 import javax.jcr.security.AccessControlPolicyIterator;
@@ -136,10 +135,10 @@ import static org.apache.jackrabbit.oak.
  *
  * 
  * Upload the oak-exercise bundle
- * Go to the configuration of {@link 
org.apache.jackrabbit.oak.security.internal.SecurityProviderRegistration}
+ * Edit configuration of {@link 
org.apache.jackrabbit.oak.security.internal.SecurityProviderRegistration}
  * 
  * add {@code 
org.apache.jackrabbit.oak.exercise.security.authorization.models.readonly.ReadOnlyAuthorizationConfiguration}
-  * to the list of required service IDs
+ * to the list of required service IDs
  * make sure the 'Authorization Composition Type' is set to 
AND
  * 
  * 
@@ -177,13 +176,13 @@ public final class ReadOnlyAuthorization
 }
 
 @Override
-public void setPolicy(String absPath, AccessControlPolicy policy) 
throws UnsupportedRepositoryOperationException {
-throw new UnsupportedRepositoryOperationException();
+public void setPolicy(String absPath, AccessControlPolicy policy) 
throws AccessControlException {
+throw new AccessControlException();
 }
 
 @Override
-public void removePolicy(String absPath, AccessControlPolicy 
policy) throws UnsupportedRepositoryOperationException {
-throw new UnsupportedRepositoryOperationException();
+public void removePolicy(String absPath, AccessControlPolicy 
policy) throws AccessControlException {
+throw new AccessControlException();
 }
 
 @Override
@@ -217,12 +216,10 @@ public final class ReadOnlyAuthorization
 } else {
 return new AggregatedPermissionProvider() {
 
-private Root immutableRoot = 
getRootProvider().createReadOnlyRoot(root);
-
 @Nonnull
 @Override
 public PrivilegeBits supportedPrivileges(@Nullable Tree tree, 
@Nullable PrivilegeBits privilegeBits) {
-return (privilegeBits != null) ? privilegeBits : new 
PrivilegeBitsProvider(immutableRoot).getBits(PrivilegeConstants.JCR_ALL);
+return (privilegeBits != null) ? privilegeBits : new 
PrivilegeBitsProvider(root).getBits(PrivilegeConstants.JCR_ALL);
 }
 
 @Override
@@ -253,7 +250,6 @@ public final class ReadOnlyAuthorization
 
 @Override
 public void refresh() {
-immutableRoot = getRootProvider().createReadOnlyRoot(root);
 }
 
 @Nonnull
@@ -399,7 +395,7 @@ public final class ReadOnlyAuthorization
 private static final NamedAccessControlPolicy INSTANCE = new 
ReadOnlyPolicy();
 
 @Override
-public String getName() throws RepositoryException {
+public String getName() {
 return "Read-only Policy defined by 
'ReadOnlyAuthorizationConfiguration'";
 }
 }

svn commit: r1828412 - /jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java

2018-04-05 Thread angela

Author: angela
Date: Thu Apr  5 10:11:48 2018
New Revision: 1828412

URL: http://svn.apache.org/viewvc?rev=1828412=rev
Log:
OAK-5122 : Exercise for Custom Authorization Models (wip)

Modified:

jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java

Modified: 
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java?rev=1828412=1828411=1828412=diff
==
--- 
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java
 Thu Apr  5 10:11:48 2018
@@ -21,10 +21,12 @@ import java.util.List;
 import java.util.Set;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
+import javax.jcr.RepositoryException;
 import javax.jcr.UnsupportedRepositoryOperationException;
 import javax.jcr.security.AccessControlManager;
 import javax.jcr.security.AccessControlPolicy;
 import javax.jcr.security.AccessControlPolicyIterator;
+import javax.jcr.security.NamedAccessControlPolicy;
 
 import com.google.common.collect.ImmutableList;
 import com.google.common.collect.ImmutableSet;
@@ -51,11 +53,13 @@ import org.apache.jackrabbit.oak.spi.sec
 import 
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
 import 
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager;
 import 
org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
+import 
org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider;
 import 
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
 import 
org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
 import 
org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
 import 
org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
 import 
org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
 import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
@@ -66,7 +70,82 @@ import org.osgi.service.component.annota
 import static 
org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
 
 /**
- * TODO ADD DESCRIPTION
+ * Read Only Authorization Model
+ *
+ * This authorization module forms part of the training material provided by 
the
+ * oak-exercise module and must not be used in a productive environment!
+ *
+ * Overview
+ * This simplistic authorization model is limited to permission evaluation and
+ * doesn't support access control management.
+ *
+ * The permission evaluation is hardcoded to only allow read access to every 
single
+ * item in the repository (even access control content). All other permissions 
are
+ * denied for every set of principals.
+ *
+ * There exists a single exception to that rule: For the internal {@link 
SystemPrincipal}
+ * permission evaluation is not enforced by this module i.e. this module is 
skipped.
+ *
+ * Intended Usage
+ * This authorization model is intended to be used in 'AND' combination with 
the
+ * default authorization setup defined by Oak (and optionally additional models
+ * such as e.g. oak-authorization-cug.
+ *
+ * It is not intended to be used as standalone model as it would grant full 
read
+ * access to everyone.
+ *
+ * Limitations
+ * Experimental model for training purpose and not intended for usage in 
production.
+ *
+ * Key Features
+ *
+ * Access Control Management
+ *
+ * 
+ * FeatureDescription
+ * Supported Privilegesall
+ * Supports Custom Privilegesyes
+ * Management by Pathnot supported
+ * Management by Principalsnot supported
+ * Owned PoliciesNone
+ * Effective Policies by Pathfor every path a single 
effective policy of type {@link NamedAccessControlPolicy}
+ * Effective Policies by Principalsfor every set of 
principals a single effective policy of type {@link 
NamedAccessControlPolicy}
+ * 
+ *
+ * Permission Evaluation
+ *
+ * 
+ * FeatureDescription
+ * Supported Permissionsall
+ * Aggregated

svn commit: r1828405 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query: QueryImpl.java UnionQueryImpl.java ast/JoinImpl.java ast/SelectorImpl.java ast/SourceImpl.java

2018-04-05 Thread thomasm

Author: thomasm
Date: Thu Apr  5 09:20:55 2018
New Revision: 1828405

URL: http://svn.apache.org/viewvc?rev=1828405=rev
Log:
OAK-7390 QueryResult.getSize() can be slow for many or or union conditions

Modified:

jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/QueryImpl.java

jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/UnionQueryImpl.java

jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/ast/JoinImpl.java

jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/ast/SelectorImpl.java

jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/ast/SourceImpl.java

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/QueryImpl.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/QueryImpl.java?rev=1828405=1828404=1828405=diff
==
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/QueryImpl.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/QueryImpl.java
 Thu Apr  5 09:20:55 2018
@@ -1261,7 +1261,7 @@ public class QueryImpl implements Query
 // "order by" was used, so we know the size
 return size;
 }
-return Math.min(limit, source.getSize(precision, max));
+return Math.min(limit, source.getSize(context.getBaseState(), 
precision, max));
 }
 
 @Override

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/UnionQueryImpl.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/UnionQueryImpl.java?rev=1828405=1828404=1828405=diff
==
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/UnionQueryImpl.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/UnionQueryImpl.java
 Thu Apr  5 09:20:55 2018
@@ -173,14 +173,15 @@ public class UnionQueryImpl implements Q
 public long getSize(SizePrecision precision, long max) {
 // Note: for "unionAll == false", overlapping entries are counted twice
 // (this can result in a larger reported size, but it is not a 
security problem)
-
-// ensure the queries are both executed, otherwise the cursor is not 
set,
-// and so the size would be -1
-left.executeQuery().getRows().iterator().hasNext();
-right.executeQuery().getRows().iterator().hasNext();
 long a = left.getSize(precision, max);
+if (a < 0) {
+return -1;
+}
+if (a >= limit) {
+return limit;
+}
 long b = right.getSize(precision, max);
-if (a < 0 || b < 0) {
+if (b < 0) {
 return -1;
 }
 long total = QueryImpl.saturatedAdd(a, b);

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/ast/JoinImpl.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/ast/JoinImpl.java?rev=1828405=1828404=1828405=diff
==
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/ast/JoinImpl.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/ast/JoinImpl.java
 Thu Apr  5 09:20:55 2018
@@ -281,7 +281,7 @@ public class JoinImpl extends SourceImpl
 }
 
 @Override
-public long getSize(SizePrecision precision, long max) {
+public long getSize(NodeState rootState, SizePrecision precision, long 
max) {
 // we don't know
 return -1;
 }

Modified: 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/ast/SelectorImpl.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/ast/SelectorImpl.java?rev=1828405=1828404=1828405=diff
==
--- 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/ast/SelectorImpl.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query/ast/SelectorImpl.java
 Thu Apr  5 09:20:55 2018
@@ -806,9 +806,9 @@ public class SelectorImpl extends Source
 }
 
 @Override
-public long getSize(SizePrecision precision, long max) {
+public long getSize(NodeState rootState, SizePrecision precision, long 
max) {
 if (cursor == null) {
-return -1;
+execute(rootState);
 }
 return cursor.getSize(precision, max);
 }

Modified:

svn commit: r1828403 - in /jackrabbit/oak/trunk/oak-doc/src/site/markdown/query: grammar-sql2.md.vm grammar-xpath.md.vm query-troubleshooting.md

2018-04-05 Thread thomasm

Author: thomasm
Date: Thu Apr  5 08:53:05 2018
New Revision: 1828403

URL: http://svn.apache.org/viewvc?rev=1828403=rev
Log:
OAK-5051 Document XPath (and SQL-2) syntax as supported by Oak

Modified:
jackrabbit/oak/trunk/oak-doc/src/site/markdown/query/grammar-sql2.md.vm
jackrabbit/oak/trunk/oak-doc/src/site/markdown/query/grammar-xpath.md.vm

jackrabbit/oak/trunk/oak-doc/src/site/markdown/query/query-troubleshooting.md

Modified: 
jackrabbit/oak/trunk/oak-doc/src/site/markdown/query/grammar-sql2.md.vm
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/query/grammar-sql2.md.vm?rev=1828403=1828402=1828403=diff
==
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/query/grammar-sql2.md.vm 
(original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/query/grammar-sql2.md.vm Thu 
Apr  5 08:53:05 2018
@@ -271,6 +271,7 @@ The traversal option can be used to chan
 "index tag": by default, queries will use the index with the lowest expected 
cost (as in relational databases).
 To only consider some of the indexes, add tags (a multi-valued String 
property) to the index(es) of choice,
 and specify this tag in the query.
+See Query Option Index 
Tag.
 
 Examples:
 

Modified: 
jackrabbit/oak/trunk/oak-doc/src/site/markdown/query/grammar-xpath.md.vm
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/query/grammar-xpath.md.vm?rev=1828403=1828402=1828403=diff
==
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/query/grammar-xpath.md.vm 
(original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/query/grammar-xpath.md.vm 
Thu Apr  5 08:53:05 2018
@@ -313,6 +313,7 @@ The traversal option can be used to chan
 "index tag": by default, queries will use the index with the lowest expected 
cost (as in relational databases).
 To only consider some of the indexes, add tags (a multi-valued String 
property) to the index(es) of choice,
 and specify this tag in the query.
+See Query Option Index 
Tag.
 
 Examples:
 

Modified: 
jackrabbit/oak/trunk/oak-doc/src/site/markdown/query/query-troubleshooting.md
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/query/query-troubleshooting.md?rev=1828403=1828402=1828403=diff
==
--- 
jackrabbit/oak/trunk/oak-doc/src/site/markdown/query/query-troubleshooting.md 
(original)
+++ 
jackrabbit/oak/trunk/oak-doc/src/site/markdown/query/query-troubleshooting.md 
Thu Apr  5 08:53:05 2018
@@ -199,3 +199,60 @@ So in this case, only the fulltext restr
 but this might already be sufficient. If it is not, then the fulltext index 
might
 be changed to also index `commerceType`, or possibly 
 to use `evaluatePathRestrictions`.
+
+ Queries With Many OR or UNION Conditions
+
+Queries that contain many "or" conditions, or with many "union" subqueries,
+can be slow as they have to read a lot of data.
+Example query:
+
+/jcr:root/content/(a|b|c|d|e)//element(*, cq:Page)[
+jcr:contains(@jcr:title, 'some text') 
+or jcr:contains(jcr:content/@keywords, 'some text')
+or jcr:contains(jcr:content/@cq:tags, 'some text')
+or jcr:contains(jcr:content/@team, 'some text')
+or jcr:contains(jcr:content/@topics, 'some text')
+or jcr:contains(jcr:content/@jcr:description, 'some text')]
+
+This query will be internally converted into 5 subqueries, due to the "union" 
clause (a|b|c|d|e).
+Then, each of the 5 subqueries will run 6 subqueries: one for each 
jcr:contains condition.
+So, the index will be contacted 30 times.
+
+To avoid this overhead, the index could be changed (or a new index created) to 
do aggregation
+on the required properties (here: jcr:title, jcr:content/keywords,...).
+This will simplify the query to:
+
+/jcr:root/content/(a|b|c|d|e)//element(*, cq:Page)[jcr:contains(., 'some 
text')]
+
+This should resolve most problems.
+To further speed up the query by avoiding to running 5 subqueries, 
+it might be better to use a less specific path constraint,
+but instead use a different way to filter results, such as:
+
+/jcr:root/content//element(*, cq:Page)[jcr:contains(., 'some text') and 
@category='x']
+
+ Ordering by Score Combined With OR / UNION Conditions
+
+Queries that expect results to be sorted by score ("order by @jcr:score 
descending"),
+and use "union" or "or" conditions, may not return the result in the expected 
order,
+depending on the index(es) used. Example:
+
+/jcr:root/conent/products/(indoor|outdoor)//*[jcr:contains(., 'test')] 
+order by @jcr:score descending
+
+Here, the query is converted to a "union", and the result of both subqueries 
is combined.
+If the score for each subquery is not comparable (which is often the case for 
Lucene indexes),
+then the order of the results may not match the

svn commit: r1828399 - /jackrabbit/oak/trunk/oak-doc/src/site/markdown/osgi_config.md

2018-04-05 Thread mreutegg

Author: mreutegg
Date: Thu Apr  5 07:20:23 2018
New Revision: 1828399

URL: http://svn.apache.org/viewvc?rev=1828399=rev
Log:
OAK-7359: Update to MongoDB Java driver 3.6

Update documentation on socketKeepAlive

Modified:
jackrabbit/oak/trunk/oak-doc/src/site/markdown/osgi_config.md

Modified: jackrabbit/oak/trunk/oak-doc/src/site/markdown/osgi_config.md
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-doc/src/site/markdown/osgi_config.md?rev=1828399=1828398=1828399=diff
==
--- jackrabbit/oak/trunk/oak-doc/src/site/markdown/osgi_config.md (original)
+++ jackrabbit/oak/trunk/oak-doc/src/site/markdown/osgi_config.md Thu Apr  5 
07:20:23 2018
@@ -244,7 +244,7 @@ db
 : Name of the database in Mongo
 
 socketKeepAlive
-: Default - false
+: Default - true (was 'false' before 1.10)
 : Enables socket keep-alive for MongoDB connections
 : Since 1.8.0, 1.6.2, 1.4.16

svn commit: r1828398 - in /jackrabbit/oak/trunk/oak-store-document/src: main/java/org/apache/jackrabbit/oak/plugins/document/ main/java/org/apache/jackrabbit/oak/plugins/document/mongo/ test/java/org/

2018-04-05 Thread mreutegg

Author: mreutegg
Date: Thu Apr  5 07:19:50 2018
New Revision: 1828398

URL: http://svn.apache.org/viewvc?rev=1828398=rev
Log:
OAK-7359: Update to MongoDB Java driver 3.6

Change socket keep-alive default to enabled in accordance with new MongoDB Java 
driver 3.6.x

Added:

jackrabbit/oak/trunk/oak-store-document/src/test/java/org/apache/jackrabbit/oak/plugins/document/mongo/MongoDocumentNodeStoreBuilderTest.java
   (with props)
Modified:

jackrabbit/oak/trunk/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/DocumentNodeStoreService.java

jackrabbit/oak/trunk/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/mongo/MongoDocumentNodeStoreBuilderBase.java

Modified: 
jackrabbit/oak/trunk/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/DocumentNodeStoreService.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/DocumentNodeStoreService.java?rev=1828398=1828397=1828398=diff
==
--- 
jackrabbit/oak/trunk/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/DocumentNodeStoreService.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/DocumentNodeStoreService.java
 Thu Apr  5 07:19:50 2018
@@ -135,7 +135,7 @@ public class DocumentNodeStoreService {
 static final int DEFAULT_CACHE = (int) (DEFAULT_MEMORY_CACHE_SIZE / MB);
 static final int DEFAULT_BLOB_CACHE_SIZE = 16;
 static final String DEFAULT_DB = "oak";
-static final boolean DEFAULT_SO_KEEP_ALIVE = false;
+static final boolean DEFAULT_SO_KEEP_ALIVE = true;
 static final String DEFAULT_PERSISTENT_CACHE = "cache";
 static final String DEFAULT_JOURNAL_CACHE = "diff-cache";
 static final boolean DEFAULT_CUSTOM_BLOB_STORE = false;

Modified: 
jackrabbit/oak/trunk/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/mongo/MongoDocumentNodeStoreBuilderBase.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/mongo/MongoDocumentNodeStoreBuilderBase.java?rev=1828398=1828397=1828398=diff
==
--- 
jackrabbit/oak/trunk/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/mongo/MongoDocumentNodeStoreBuilderBase.java
 (original)
+++ 
jackrabbit/oak/trunk/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/mongo/MongoDocumentNodeStoreBuilderBase.java
 Thu Apr  5 07:19:50 2018
@@ -53,7 +53,7 @@ public abstract class MongoDocumentNodeS
 private static final Logger LOG = 
LoggerFactory.getLogger(MongoDocumentNodeStoreBuilder.class);
 
 private String mongoUri;
-private boolean socketKeepAlive;
+private boolean socketKeepAlive = true;
 private MongoStatus mongoStatus;
 private long maxReplicationLagMillis = TimeUnit.HOURS.toMillis(6);
 
@@ -149,10 +149,10 @@ public abstract class MongoDocumentNodeS
 }
 
 /**
- * Enables the socket keep-alive option for MongoDB. The default is
- * disabled.
+ * Enables or disables the socket keep-alive option for MongoDB. The 
default
+ * is enabled.
  *
- * @param enable whether to enable it.
+ * @param enable whether to enable or disable it.
  * @return this
  */
 public T setSocketKeepAlive(boolean enable) {
@@ -160,6 +160,13 @@ public abstract class MongoDocumentNodeS
 return thisBuilder();
 }
 
+/**
+ * @return whether socket keep-alive is enabled.
+ */
+public boolean isSocketKeepAlive() {
+return socketKeepAlive;
+}
+
 public T setMaxReplicationLag(long duration, TimeUnit unit){
 maxReplicationLagMillis = unit.toMillis(duration);
 return thisBuilder();

Added: 
jackrabbit/oak/trunk/oak-store-document/src/test/java/org/apache/jackrabbit/oak/plugins/document/mongo/MongoDocumentNodeStoreBuilderTest.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-store-document/src/test/java/org/apache/jackrabbit/oak/plugins/document/mongo/MongoDocumentNodeStoreBuilderTest.java?rev=1828398=auto
==
--- 
jackrabbit/oak/trunk/oak-store-document/src/test/java/org/apache/jackrabbit/oak/plugins/document/mongo/MongoDocumentNodeStoreBuilderTest.java
 (added)
+++ 
jackrabbit/oak/trunk/oak-store-document/src/test/java/org/apache/jackrabbit/oak/plugins/document/mongo/MongoDocumentNodeStoreBuilderTest.java
 Thu Apr  5 07:19:50 2018
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright

svn commit: r1828397 - in /jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models: ./ readonly/ readonly/ReadOnlyAuthorizationConfiguration.ja

2018-04-05 Thread angela

Author: angela
Date: Thu Apr  5 07:12:06 2018
New Revision: 1828397

URL: http://svn.apache.org/viewvc?rev=1828397=rev
Log:
OAK-5122 : Exercise for Custom Authorization Models (wip)

Added:

jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/

jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/

jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java
   (with props)

Added: 
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java
URL: 
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java?rev=1828397=auto
==
--- 
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java
 (added)
+++ 
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java
 Thu Apr  5 07:12:06 2018
@@ -0,0 +1,313 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package 
org.apache.jackrabbit.oak.exercise.security.authorization.models.readonly;
+
+import java.security.Principal;
+import java.util.List;
+import java.util.Set;
+import javax.annotation.Nonnull;
+import javax.annotation.Nullable;
+import javax.jcr.UnsupportedRepositoryOperationException;
+import javax.jcr.security.AccessControlManager;
+import javax.jcr.security.AccessControlPolicy;
+import javax.jcr.security.AccessControlPolicyIterator;
+
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableSet;
+import com.google.common.collect.Iterators;
+import com.google.common.collect.Sets;
+import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
+import 
org.apache.jackrabbit.commons.iterator.AccessControlPolicyIteratorAdapter;
+import org.apache.jackrabbit.oak.api.PropertyState;
+import org.apache.jackrabbit.oak.api.Root;
+import org.apache.jackrabbit.oak.api.Tree;
+import org.apache.jackrabbit.oak.namepath.NamePathMapper;
+import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
+import org.apache.jackrabbit.oak.plugins.tree.TreeType;
+import org.apache.jackrabbit.oak.spi.commit.CommitHook;
+import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
+import org.apache.jackrabbit.oak.spi.commit.ThreeWayConflictHandler;
+import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
+import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer;
+import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationBase;
+import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
+import org.apache.jackrabbit.oak.spi.security.Context;
+import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
+import 
org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
+import 
org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManager;
+import 
org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
+import 
org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
+import 
org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
+import 
org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
+import 
org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
+import 
org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
+import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
+import

svn commit: r1828446 - /jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/advanced/

svn commit: r1828445 - /jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java

svn commit: r1828444 - /jackrabbit/oak/trunk/oak-segment-tar/src/main/java/org/apache/jackrabbit/oak/segment/SegmentNodeStoreStatsMBean.java

svn commit: r1828443 - /jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java

svn commit: r1828441 - /jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/accesscontrol/L7_RestrictionsTest.java

svn commit: r1828439 - /jackrabbit/oak/trunk/oak-store-document/src/main/java/org/apache/jackrabbit/oak/plugins/document/util/UTF8Encoder.java

svn commit: r1828437 - /jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java

svn commit: r1828434 - /jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L7_PermissionContentTest.java

svn commit: r1828429 - in /jackrabbit/oak/trunk: oak-search/ oak-segment-azure/

svn commit: r1828423 - /jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java

svn commit: r1828412 - /jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models/readonly/ReadOnlyAuthorizationConfiguration.java

svn commit: r1828405 - in /jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/query: QueryImpl.java UnionQueryImpl.java ast/JoinImpl.java ast/SelectorImpl.java ast/SourceImpl.java

svn commit: r1828403 - in /jackrabbit/oak/trunk/oak-doc/src/site/markdown/query: grammar-sql2.md.vm grammar-xpath.md.vm query-troubleshooting.md

svn commit: r1828399 - /jackrabbit/oak/trunk/oak-doc/src/site/markdown/osgi_config.md

svn commit: r1828398 - in /jackrabbit/oak/trunk/oak-store-document/src: main/java/org/apache/jackrabbit/oak/plugins/document/ main/java/org/apache/jackrabbit/oak/plugins/document/mongo/ test/java/org/

svn commit: r1828397 - in /jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/authorization/models: ./ readonly/ readonly/ReadOnlyAuthorizationConfiguration.ja

16 matches

Site Navigation

Mail list logo

Footer information