Author: stillalex Date: Mon Mar 19 20:08:56 2018 New Revision: 1827239 URL: http://svn.apache.org/viewvc?rev=1827239&view=rev Log: OAK-7024 java.security.acl deprecated in Java 10, marked for removal in Java 11
Added: jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/GroupPrincipalWrapper.java (with props) jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/GroupPrincipals.java (with props) jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/GroupPrincipalsTest.java (with props) Modified: jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProvider.java jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AbstractPrincipalTest.java jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.java jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalTest.java jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderAutoMembershipTest.java jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderDeepNestingTest.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipal.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/AbstractPrincipalProviderTest.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipalTest.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ImpersonationImplEmptyTest.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderTest.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/principal/CustomPrincipalProvider.java jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L3_PrecedenceRulesTest.java jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/principal/L3_EveryoneTest.java jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerTest.java jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java jackrabbit/oak/trunk/oak-security-spi/pom.xml jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EmptyPrincipalProvider.java jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalManagerImpl.java jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModuleTest.java jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalConfigurationTest.java jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProviderTest.java jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/EmptyPrincipalProviderTest.java jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipalTest.java jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalManagerImplTest.java jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/TestPrincipalProvider.java Modified: jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProvider.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProvider.java (original) +++ jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProvider.java Mon Mar 19 20:08:56 2018 @@ -17,7 +17,6 @@ package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal; import java.security.Principal; -import java.security.acl.Group; import java.text.ParseException; import java.util.Collection; import java.util.Collections; @@ -41,6 +40,8 @@ import com.google.common.collect.Immutab import com.google.common.collect.Iterables; import com.google.common.collect.Iterators; import com.google.common.collect.Sets; + +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal; import org.apache.jackrabbit.api.security.principal.PrincipalManager; import org.apache.jackrabbit.api.security.user.Authorizable; @@ -59,6 +60,7 @@ import org.apache.jackrabbit.oak.plugins import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef; import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig; import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalIdentityConstants; +import org.apache.jackrabbit.oak.spi.security.principal.GroupPrincipals; import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl; import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider; import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType; @@ -69,7 +71,7 @@ import org.slf4j.LoggerFactory; /** * Implementation of the {@code PrincipalProvider} interface that exposes - * 'external' principals of type {@link java.security.acl.Group}. 'External' + * 'external' principals of type {@link org.apache.jackrabbit.oak.spi.security.principal.GroupPrincipal}. 'External' * refers to the fact that these principals are defined and managed by an * {@link org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider}. * @@ -125,8 +127,8 @@ class ExternalGroupPrincipalProvider imp @Nonnull @Override - public Set<Group> getGroupMembership(@Nonnull Principal principal) { - if (!(principal instanceof Group)) { + public Set<Principal> getMembershipPrincipals(@Nonnull Principal principal) { + if (!GroupPrincipals.isGroup(principal)) { try { if (principal instanceof ItemBasedPrincipal) { Tree t = root.getTree(((ItemBasedPrincipal) principal).getPath()); @@ -183,7 +185,7 @@ class ExternalGroupPrincipalProvider imp } } - private Set<Group> getGroupPrincipals(@CheckForNull Authorizable authorizable) throws RepositoryException { + private Set<Principal> getGroupPrincipals(@CheckForNull Authorizable authorizable) throws RepositoryException { if (authorizable != null && !authorizable.isGroup()) { Tree userTree = root.getTree(authorizable.getPath()); return getGroupPrincipals(userTree); @@ -192,12 +194,12 @@ class ExternalGroupPrincipalProvider imp } } - private Set<Group> getGroupPrincipals(@Nonnull Tree userTree) { + private Set<Principal> getGroupPrincipals(@Nonnull Tree userTree) { if (userTree.exists() && UserUtil.isType(userTree, AuthorizableType.USER) && userTree.hasProperty(REP_EXTERNAL_PRINCIPAL_NAMES)) { PropertyState ps = userTree.getProperty(REP_EXTERNAL_PRINCIPAL_NAMES); if (ps != null) { // we have an 'external' user that has been synchronized with the dynamic-membership option - Set<Group> groupPrincipals = Sets.newHashSet(); + Set<Principal> groupPrincipals = Sets.newHashSet(); for (String principalName : ps.getValue(Type.STRINGS)) { groupPrincipals.add(new ExternalGroupPrincipal(principalName)); } @@ -270,7 +272,7 @@ class ExternalGroupPrincipalProvider imp * identities that are <strong>not</strong> represented as authorizable group * in the repository's user management. */ - private final class ExternalGroupPrincipal extends PrincipalImpl implements java.security.acl.Group { + private final class ExternalGroupPrincipal extends PrincipalImpl implements GroupPrincipal { private ExternalGroupPrincipal(String principalName) { super(principalName); @@ -278,26 +280,8 @@ class ExternalGroupPrincipalProvider imp } @Override - public boolean addMember(Principal user) { - if (isMember(user)) { - return false; - } else { - throw new UnsupportedOperationException("Adding members to external group principals is not supported."); - } - } - - @Override - public boolean removeMember(Principal user) { - if (!isMember(user)) { - return false; - } else { - throw new UnsupportedOperationException("Removing members from external group principals is not supported."); - } - } - - @Override public boolean isMember(Principal member) { - if (member instanceof Group) { + if (GroupPrincipals.isGroup(member)) { return false; } try { @@ -438,35 +422,35 @@ class ExternalGroupPrincipalProvider imp private final class AutoMembershipPrincipals { private final Map<String, String[]> autoMembershipMapping; - private final Map<String, Set<Group>> principalMap; + private final Map<String, Set<Principal>> principalMap; private AutoMembershipPrincipals(@Nonnull Map<String, String[]> autoMembershipMapping) { this.autoMembershipMapping = autoMembershipMapping; - this.principalMap = new ConcurrentHashMap<String, Set<Group>>(autoMembershipMapping.size()); + this.principalMap = new ConcurrentHashMap<String, Set<Principal>>(autoMembershipMapping.size()); } @Nonnull - private Collection<Group> get(@CheckForNull String idpName) { + private Collection<Principal> get(@CheckForNull String idpName) { if (idpName == null) { return ImmutableSet.of(); } - Set<Group> principals; + Set<Principal> principals; if (!principalMap.containsKey(idpName)) { String[] vs = autoMembershipMapping.get(idpName); if (vs == null) { principals = ImmutableSet.of(); } else { - ImmutableSet.Builder<Group> builder = ImmutableSet.builder(); + ImmutableSet.Builder<Principal> builder = ImmutableSet.builder(); for (String groupId : autoMembershipMapping.get(idpName)) { try { Authorizable gr = userManager.getAuthorizable(groupId); if (gr != null && gr.isGroup()) { Principal grPrincipal = gr.getPrincipal(); - if (grPrincipal instanceof Group) { - builder.add((Group) grPrincipal); + if (GroupPrincipals.isGroup(grPrincipal)) { + builder.add(grPrincipal); } else { - log.warn("Principal of group {} is not of type java.security.acl.Group -> Ignoring", groupId); + log.warn("Principal of group {} is not of group type -> Ignoring", groupId); } } else { log.warn("Configured auto-membership group {} does not exist -> Ignoring", groupId); Modified: jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java (original) +++ jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java Mon Mar 19 20:08:56 2018 @@ -19,7 +19,6 @@ package org.apache.jackrabbit.oak.spi.se import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME; import java.security.Principal; -import java.security.acl.Group; import java.util.Arrays; import java.util.HashMap; import java.util.HashSet; Modified: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AbstractPrincipalTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AbstractPrincipalTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AbstractPrincipalTest.java (original) +++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AbstractPrincipalTest.java Mon Mar 19 20:08:56 2018 @@ -24,6 +24,8 @@ import javax.annotation.Nonnull; import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; import com.google.common.collect.Iterables; + +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.user.Group; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.namepath.NamePathMapper; @@ -80,19 +82,19 @@ public abstract class AbstractPrincipalT return config; } - java.security.acl.Group getGroupPrincipal() throws Exception { + GroupPrincipal getGroupPrincipal() throws Exception { ExternalUser externalUser = idp.getUser(USER_ID); return getGroupPrincipal(externalUser.getDeclaredGroups().iterator().next()); } - java.security.acl.Group getGroupPrincipal(@Nonnull ExternalIdentityRef ref) throws Exception { + GroupPrincipal getGroupPrincipal(@Nonnull ExternalIdentityRef ref) throws Exception { String principalName = idp.getIdentity(ref).getPrincipalName(); Principal p = principalProvider.getPrincipal(principalName); assertNotNull(p); - assertTrue(p instanceof java.security.acl.Group); + assertTrue(p instanceof GroupPrincipal); - return (java.security.acl.Group) p; + return (GroupPrincipal) p; } Group createTestGroup() throws Exception { Modified: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.java (original) +++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.java Mon Mar 19 20:08:56 2018 @@ -27,6 +27,8 @@ import javax.annotation.Nullable; import com.google.common.base.Function; import com.google.common.collect.ImmutableSet; import com.google.common.collect.Iterables; + +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.principal.PrincipalManager; import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.jackrabbit.api.security.user.Group; @@ -134,7 +136,7 @@ public class ExternalGroupPrincipalProvi Principal principal = principalProvider.getPrincipal(princName); assertNotNull(principal); - assertTrue(principal instanceof java.security.acl.Group); + assertTrue(principal instanceof GroupPrincipal); } } @@ -194,18 +196,18 @@ public class ExternalGroupPrincipalProvi @Test public void testGetGroupMembershipLocalPrincipal() throws Exception { - Set<? extends Principal> principals = principalProvider.getGroupMembership(getTestUser().getPrincipal()); + Set<? extends Principal> principals = principalProvider.getMembershipPrincipals(getTestUser().getPrincipal()); assertTrue(principals.isEmpty()); } @Test public void testGetGroupMembershipLocalGroupPrincipal() throws Exception { Group gr = createTestGroup(); - Set<? extends Principal> principals = principalProvider.getGroupMembership(gr.getPrincipal()); + Set<? extends Principal> principals = principalProvider.getMembershipPrincipals(gr.getPrincipal()); assertTrue(principals.isEmpty()); - // same if the principal is not marked as 'java.security.acl.Group' and not tree-based-principal - principals = principalProvider.getGroupMembership(new PrincipalImpl(gr.getPrincipal().getName())); + // same if the principal is not marked as 'GroupPrincipal' and not tree-based-principal + principals = principalProvider.getMembershipPrincipals(new PrincipalImpl(gr.getPrincipal().getName())); assertTrue(principals.isEmpty()); } @@ -216,7 +218,7 @@ public class ExternalGroupPrincipalProvi Set<Principal> expected = getExpectedGroupPrincipals(USER_ID); - Set<? extends Principal> principals = principalProvider.getGroupMembership(user.getPrincipal()); + Set<? extends Principal> principals = principalProvider.getMembershipPrincipals(user.getPrincipal()); assertEquals(expected, principals); } @@ -228,7 +230,7 @@ public class ExternalGroupPrincipalProvi Set<Principal> expected = getExpectedGroupPrincipals(USER_ID); // same as in test before even if the principal is not a tree-based-principal - Set<? extends Principal> principals = principalProvider.getGroupMembership(new PrincipalImpl(user.getPrincipal().getName())); + Set<? extends Principal> principals = principalProvider.getMembershipPrincipals(new PrincipalImpl(user.getPrincipal().getName())); assertEquals(expected, principals); } @@ -238,7 +240,7 @@ public class ExternalGroupPrincipalProvi Authorizable user = getUserManager(root).getAuthorizable(TestIdentityProvider.ID_SECOND_USER); assertNotNull(user); - Set<? extends Principal> principals = principalProvider.getGroupMembership(user.getPrincipal()); + Set<? extends Principal> principals = principalProvider.getMembershipPrincipals(user.getPrincipal()); assertTrue(principals.isEmpty()); } @@ -249,7 +251,7 @@ public class ExternalGroupPrincipalProvi assertNotNull(user); // same as in test before even if the principal is not a tree-based-principal - Set<? extends Principal> principals = principalProvider.getGroupMembership(new PrincipalImpl(user.getPrincipal().getName())); + Set<? extends Principal> principals = principalProvider.getMembershipPrincipals(new PrincipalImpl(user.getPrincipal().getName())); assertTrue(principals.isEmpty()); } @@ -258,11 +260,11 @@ public class ExternalGroupPrincipalProvi Authorizable group = getUserManager(root).getAuthorizable("secondGroup"); assertNotNull(group); - Set<? extends Principal> principals = principalProvider.getGroupMembership(group.getPrincipal()); + Set<? extends Principal> principals = principalProvider.getMembershipPrincipals(group.getPrincipal()); assertTrue(principals.isEmpty()); - // same if the principal is not marked as 'java.security.acl.Group' and not tree-based-principal - principals = principalProvider.getGroupMembership(new PrincipalImpl(group.getPrincipal().getName())); + // same if the principal is not marked as 'GroupPrincipal' and not tree-based-principal + principals = principalProvider.getMembershipPrincipals(new PrincipalImpl(group.getPrincipal().getName())); assertTrue(principals.isEmpty()); } @@ -377,7 +379,7 @@ public class ExternalGroupPrincipalProvi ExternalUser otherUser = new TestUser("anotherUser", ImmutableSet.of(gr.getExternalId())); sync(otherUser); - Set<Principal> expected = new HashSet(); + Set<Principal> expected = new HashSet<>(); expected.add(new PrincipalImpl(gr.getPrincipalName())); long depth = syncConfig.user().getMembershipNestingDepth(); if (depth > 1) { Modified: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalTest.java (original) +++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalTest.java Mon Mar 19 20:08:56 2018 @@ -23,6 +23,8 @@ import javax.annotation.Nullable; import com.google.common.base.Function; import com.google.common.collect.ImmutableList; import com.google.common.collect.Iterables; + +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.user.Group; import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup; import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser; @@ -38,7 +40,7 @@ public class ExternalGroupPrincipalTest @Test public void testIsMember() throws Exception { ExternalUser externalUser = idp.getUser(USER_ID); - java.security.acl.Group principal = getGroupPrincipal(externalUser.getDeclaredGroups().iterator().next()); + GroupPrincipal principal = getGroupPrincipal(externalUser.getDeclaredGroups().iterator().next()); assertTrue(principal.isMember(new PrincipalImpl(externalUser.getPrincipalName()))); assertTrue(principal.isMember(getUserManager(root).getAuthorizable(USER_ID).getPrincipal())); @@ -46,7 +48,7 @@ public class ExternalGroupPrincipalTest @Test public void testIsMemberExternalGroup() throws Exception { - java.security.acl.Group principal = getGroupPrincipal(); + GroupPrincipal principal = getGroupPrincipal(); Iterable<String> exGroupPrincNames = Iterables.transform(ImmutableList.copyOf(idp.listGroups()), new Function<ExternalGroup, String>() { @Nullable @@ -63,7 +65,7 @@ public class ExternalGroupPrincipalTest @Test public void testIsMemberLocalUser() throws Exception { - java.security.acl.Group principal = getGroupPrincipal(); + GroupPrincipal principal = getGroupPrincipal(); assertFalse(principal.isMember(getTestUser().getPrincipal())); assertFalse(principal.isMember(new PrincipalImpl(getTestUser().getPrincipal().getName()))); @@ -72,39 +74,15 @@ public class ExternalGroupPrincipalTest @Test public void testIsMemberLocalGroup() throws Exception { Group gr = createTestGroup(); - java.security.acl.Group principal = getGroupPrincipal(); + GroupPrincipal principal = getGroupPrincipal(); assertFalse(principal.isMember(gr.getPrincipal())); assertFalse(principal.isMember(new PrincipalImpl(gr.getPrincipal().getName()))); } - @Test(expected = UnsupportedOperationException.class) - public void testAddMember() throws Exception { - java.security.acl.Group principal = getGroupPrincipal(); - principal.addMember(getTestUser().getPrincipal()); - } - - @Test - public void testAddMemberExistingMember() throws Exception { - java.security.acl.Group principal = getGroupPrincipal(); - assertFalse(principal.addMember(getUserManager(root).getAuthorizable(USER_ID).getPrincipal())); - } - - @Test(expected = UnsupportedOperationException.class) - public void testRemoveMember() throws Exception { - java.security.acl.Group principal = getGroupPrincipal(); - principal.removeMember(getUserManager(root).getAuthorizable(USER_ID).getPrincipal()); - } - - @Test - public void testRemoveMemberNotMember() throws Exception { - java.security.acl.Group principal = getGroupPrincipal(); - assertFalse(principal.removeMember(getTestUser().getPrincipal())); - } - @Test public void testMembers() throws Exception { - java.security.acl.Group principal = getGroupPrincipal(); + GroupPrincipal principal = getGroupPrincipal(); Principal[] expectedMembers = new Principal[] { getUserManager(root).getAuthorizable(USER_ID).getPrincipal(), Modified: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderAutoMembershipTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderAutoMembershipTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderAutoMembershipTest.java (original) +++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderAutoMembershipTest.java Mon Mar 19 20:08:56 2018 @@ -107,7 +107,7 @@ public class PrincipalProviderAutoMember Authorizable user = getUserManager(root).getAuthorizable(USER_ID); - Set<java.security.acl.Group> result = principalProvider.getGroupMembership(user.getPrincipal()); + Set<Principal> result = principalProvider.getMembershipPrincipals(user.getPrincipal()); assertTrue(result.contains(userAutoMembershipGroup.getPrincipal())); assertTrue(result.contains(groupAutoMembershipGroup.getPrincipal())); assertEquals(expected, result); Modified: jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderDeepNestingTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderDeepNestingTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderDeepNestingTest.java (original) +++ jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderDeepNestingTest.java Mon Mar 19 20:08:56 2018 @@ -20,6 +20,8 @@ import java.security.Principal; import java.util.Set; import com.google.common.collect.ImmutableSet; + +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.principal.PrincipalManager; import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity; import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef; @@ -51,7 +53,7 @@ public class PrincipalProviderDeepNestin Principal principal = principalProvider.getPrincipal(princName); assertNotNull(principal); - assertTrue(principal instanceof java.security.acl.Group); + assertTrue(principal instanceof GroupPrincipal); } } @@ -69,9 +71,9 @@ public class PrincipalProviderDeepNestin Principal principal = principalProvider.getPrincipal(inheritedPrincName); assertNotNull(principal); - assertTrue(principal instanceof java.security.acl.Group); + assertTrue(principal instanceof GroupPrincipal); - java.security.acl.Group inheritedGrPrincipal = (java.security.acl.Group) principal; + GroupPrincipal inheritedGrPrincipal = (GroupPrincipal) principal; assertTrue(inheritedGrPrincipal.isMember(new PrincipalImpl(externalUser.getPrincipalName()))); assertFalse(inheritedGrPrincipal.isMember(grPrincipal)); } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java Mon Mar 19 20:08:56 2018 @@ -17,7 +17,6 @@ package org.apache.jackrabbit.oak.security.authorization.permission; import java.security.Principal; -import java.security.acl.Group; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -50,6 +49,7 @@ import org.apache.jackrabbit.oak.spi.sec import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission; import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider; +import org.apache.jackrabbit.oak.spi.security.principal.GroupPrincipals; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants; @@ -103,7 +103,7 @@ final class CompiledPermissionImpl imple Set<String> userNames = new HashSet<String>(principals.size()); Set<String> groupNames = new HashSet<String>(principals.size()); for (Principal principal : principals) { - if (principal instanceof Group) { + if (GroupPrincipals.isGroup(principal)) { groupNames.add(principal.getName()); } else { userNames.add(principal.getName()); Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java Mon Mar 19 20:08:56 2018 @@ -17,7 +17,6 @@ package org.apache.jackrabbit.oak.security.principal; import java.security.Principal; -import java.security.acl.Group; import java.util.Collections; import java.util.HashSet; import java.util.Iterator; @@ -38,6 +37,7 @@ import org.apache.jackrabbit.api.securit import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal; +import org.apache.jackrabbit.oak.spi.security.principal.GroupPrincipals; import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl; import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider; import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType; @@ -81,7 +81,7 @@ class PrincipalProviderImpl implements P @Nonnull @Override - public Set<Group> getGroupMembership(@Nonnull Principal principal) { + public Set<Principal> getMembershipPrincipals(@Nonnull Principal principal) { Authorizable authorizable = getAuthorizable(principal); if (authorizable == null) { return Collections.emptySet(); @@ -144,14 +144,14 @@ class PrincipalProviderImpl implements P } } - private Set<Group> getGroupMembership(Authorizable authorizable) { - Set<java.security.acl.Group> groupPrincipals = new HashSet<Group>(); + private Set<Principal> getGroupMembership(Authorizable authorizable) { + Set<Principal> groupPrincipals = new HashSet<>(); try { Iterator<org.apache.jackrabbit.api.security.user.Group> groups = authorizable.memberOf(); while (groups.hasNext()) { Principal grPrincipal = groups.next().getPrincipal(); - if (grPrincipal instanceof Group) { - groupPrincipals.add((Group) grPrincipal); + if (GroupPrincipals.isGroup(grPrincipal)) { + groupPrincipals.add(grPrincipal); } } } catch (RepositoryException e) { Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipal.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipal.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipal.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipal.java Mon Mar 19 20:08:56 2018 @@ -25,6 +25,8 @@ import javax.jcr.RepositoryException; import com.google.common.base.Function; import com.google.common.base.Predicates; import com.google.common.collect.Iterators; + +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.jackrabbit.oak.api.Tree; @@ -36,7 +38,7 @@ import org.slf4j.LoggerFactory; /** * Base class for {@code Group} principals. */ -abstract class AbstractGroupPrincipal extends TreeBasedPrincipal implements java.security.acl.Group { +abstract class AbstractGroupPrincipal extends TreeBasedPrincipal implements GroupPrincipal { private static final Logger log = LoggerFactory.getLogger(AbstractGroupPrincipal.class); @@ -110,13 +112,4 @@ abstract class AbstractGroupPrincipal ex return Iterators.asEnumeration(Iterators.filter(principals, Predicates.<Object>notNull())); } - @Override - public boolean addMember(Principal principal) { - throw new UnsupportedOperationException(); - } - - @Override - public boolean removeMember(Principal principal) { - throw new UnsupportedOperationException(); - } } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java Mon Mar 19 20:08:56 2018 @@ -17,7 +17,6 @@ package org.apache.jackrabbit.oak.security.user; import java.security.Principal; -import java.security.acl.Group; import java.util.HashSet; import java.util.Set; import javax.annotation.CheckForNull; @@ -34,6 +33,7 @@ import org.apache.jackrabbit.oak.api.Pro import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal; +import org.apache.jackrabbit.oak.spi.security.principal.GroupPrincipals; import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl; import org.apache.jackrabbit.oak.spi.security.principal.PrincipalIteratorAdapter; import org.apache.jackrabbit.oak.spi.security.user.UserConstants; @@ -182,7 +182,7 @@ class ImpersonationImpl implements Imper private boolean isAdmin(@Nonnull Principal principal) { if (principal instanceof AdminPrincipal) { return true; - } else if (principal instanceof Group) { + } else if (GroupPrincipals.isGroup(principal)) { return false; } else { try { @@ -215,7 +215,7 @@ class ImpersonationImpl implements Imper log.debug("Cannot grant impersonation to an unknown principal."); return false; } - if (p instanceof Group) { + if (GroupPrincipals.isGroup(p)) { log.debug("Cannot grant impersonation to a principal that is a Group."); return false; } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java Mon Mar 19 20:08:56 2018 @@ -17,7 +17,6 @@ package org.apache.jackrabbit.oak.security.user; import java.security.Principal; -import java.security.acl.Group; import java.text.ParseException; import java.util.Collections; import java.util.Date; @@ -118,7 +117,7 @@ class UserPrincipalProvider implements P @Nonnull @Override - public Set<Group> getGroupMembership(@Nonnull Principal principal) { + public Set<Principal> getMembershipPrincipals(@Nonnull Principal principal) { Tree tree = getAuthorizableTree(principal); if (tree == null) { return Collections.emptySet(); @@ -217,12 +216,12 @@ class UserPrincipalProvider implements P } @CheckForNull - private Group createGroupPrincipal(@Nonnull Tree groupTree) { + private Principal createGroupPrincipal(@Nonnull Tree groupTree) { String principalName = getPrincipalName(groupTree); if (principalName == null) { return null; } - return new GroupPrincipal(principalName, groupTree); + return new GroupPrincipalImpl(principalName, groupTree); } @CheckForNull @@ -238,8 +237,8 @@ class UserPrincipalProvider implements P } @Nonnull - private Set<Group> getGroupMembership(@Nonnull Tree authorizableTree) { - Set<Group> groupPrincipals = null; + private Set<Principal> getGroupMembership(@Nonnull Tree authorizableTree) { + Set<Principal> groupPrincipals = null; boolean doCache = cacheEnabled && UserUtil.isType(authorizableTree, AuthorizableType.USER); if (doCache) { groupPrincipals = readGroupsFromCache(authorizableTree); @@ -247,12 +246,12 @@ class UserPrincipalProvider implements P // caching not configured or cache expired: use the membershipProvider to calculate if (groupPrincipals == null) { - groupPrincipals = new HashSet<Group>(); + groupPrincipals = new HashSet<>(); Iterator<String> groupPaths = membershipProvider.getMembership(authorizableTree, true); while (groupPaths.hasNext()) { Tree groupTree = userProvider.getAuthorizableByPath(groupPaths.next()); if (groupTree != null && UserUtil.isType(groupTree, AuthorizableType.GROUP)) { - Group gr = createGroupPrincipal(groupTree); + Principal gr = createGroupPrincipal(groupTree); if (gr != null) { groupPrincipals.add(gr); } @@ -271,7 +270,7 @@ class UserPrincipalProvider implements P return groupPrincipals; } - private void cacheGroups(@Nonnull Tree authorizableNode, @Nonnull Set<Group> groupPrincipals) { + private void cacheGroups(@Nonnull Tree authorizableNode, @Nonnull Set<Principal> groupPrincipals) { try { root.refresh(); Tree cache = authorizableNode.getChild(CacheConstants.REP_CACHE); @@ -286,9 +285,9 @@ class UserPrincipalProvider implements P } cache.setProperty(CacheConstants.REP_EXPIRATION, LongUtils.calculateExpirationTime(expiration)); - String value = (groupPrincipals.isEmpty()) ? "" : Joiner.on(",").join(Iterables.transform(groupPrincipals, new Function<Group, String>() { + String value = (groupPrincipals.isEmpty()) ? "" : Joiner.on(",").join(Iterables.transform(groupPrincipals, new Function<Principal, String>() { @Override - public String apply(Group input) { + public String apply(Principal input) { return Text.escape(input.getName()); } })); @@ -307,7 +306,7 @@ class UserPrincipalProvider implements P } @CheckForNull - private Set<Group> readGroupsFromCache(@Nonnull Tree authorizableNode) { + private Set<Principal> readGroupsFromCache(@Nonnull Tree authorizableNode) { Tree principalCache = authorizableNode.getChild(CacheConstants.REP_CACHE); if (!principalCache.exists()) { log.debug("No group cache at " + authorizableNode.getPath()); @@ -319,10 +318,10 @@ class UserPrincipalProvider implements P String str = TreeUtil.getString(principalCache, CacheConstants.REP_GROUP_PRINCIPAL_NAMES); if (str == null || str.isEmpty()) { - return new HashSet<Group>(1); + return Collections.emptySet(); } - Set<Group> groups = new HashSet<Group>(); + Set<Principal> groups = new HashSet<>(); for (String s : Text.explode(str, ',')) { final String name = Text.unescape(s); groups.add(new CachedGroupPrincipal(name)); @@ -441,11 +440,11 @@ class UserPrincipalProvider implements P * Implementation of {@link AbstractGroupPrincipal} that reads the underlying * authorizable group lazily in case the group membership must be retrieved. */ - private final class GroupPrincipal extends BaseGroupPrincipal { + private final class GroupPrincipalImpl extends BaseGroupPrincipal { private org.apache.jackrabbit.api.security.user.Group group; - GroupPrincipal(@Nonnull String principalName, @Nonnull Tree groupTree) { + GroupPrincipalImpl(@Nonnull String principalName, @Nonnull Tree groupTree) { super(principalName, groupTree); } Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java Mon Mar 19 20:08:56 2018 @@ -17,7 +17,6 @@ package org.apache.jackrabbit.oak.security.authorization.accesscontrol; import java.security.Principal; -import java.security.acl.Group; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; @@ -551,7 +550,7 @@ public class ACLTest extends AbstractAcc @Test public void testSetEntryForGroupPrincipal() throws Exception { Privilege[] privs = privilegesFromNames(JCR_READ); - Group grPrincipal = (Group) principalManager.getEveryone(); + Principal grPrincipal = principalManager.getEveryone(); // adding allow-entry must succeed assertTrue(acl.addAccessControlEntry(grPrincipal, privs)); Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/AbstractPrincipalProviderTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/AbstractPrincipalProviderTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/AbstractPrincipalProviderTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/AbstractPrincipalProviderTest.java Mon Mar 19 20:08:56 2018 @@ -26,6 +26,7 @@ import java.util.Map; import java.util.Set; import java.util.UUID; +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.principal.PrincipalManager; import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.jackrabbit.api.security.user.Group; @@ -170,7 +171,7 @@ public abstract class AbstractPrincipalP Principal principal = principalProvider.getPrincipal(testGroup.getPrincipal().getName()); assertNotNull(principal); - assertTrue(principal instanceof java.security.acl.Group); + assertTrue(principal instanceof GroupPrincipal); } @Test @@ -196,7 +197,7 @@ public abstract class AbstractPrincipalP @Test public void testGetGroupMembership() throws Exception { - Set<java.security.acl.Group> grPrincipals = principalProvider.getGroupMembership(userPrincipal); + Set<Principal> grPrincipals = principalProvider.getMembershipPrincipals(userPrincipal); assertEquals(2, grPrincipals.size()); assertTrue(grPrincipals.contains(EveryonePrincipal.getInstance())); assertTrue(grPrincipals.contains(testGroup.getPrincipal())); @@ -204,21 +205,21 @@ public abstract class AbstractPrincipalP @Test public void tstGetGroupMembershipNonExisting() { - Set<java.security.acl.Group> grPrincipals = principalProvider.getGroupMembership(nonExisting); + Set<Principal> grPrincipals = principalProvider.getMembershipPrincipals(nonExisting); assertNotNull(grPrincipals); assertTrue(grPrincipals.isEmpty()); } @Test public void testGetGroupMembershipEveryonePrincipal() { - Set<java.security.acl.Group> grPrincipals = principalProvider.getGroupMembership(EveryonePrincipal.getInstance()); + Set<Principal> grPrincipals = principalProvider.getMembershipPrincipals(EveryonePrincipal.getInstance()); assertNotNull(grPrincipals); assertTrue(grPrincipals.isEmpty()); } @Test public void testGetGroupMembershipGroupPrincipal() throws Exception { - Set<java.security.acl.Group> grPrincipals = principalProvider.getGroupMembership(testGroup.getPrincipal()); + Set<Principal> grPrincipals = principalProvider.getMembershipPrincipals(testGroup.getPrincipal()); assertNotNull(grPrincipals); assertEquals(1, grPrincipals.size()); assertTrue(grPrincipals.contains(EveryonePrincipal.getInstance())); @@ -226,7 +227,7 @@ public abstract class AbstractPrincipalP @Test public void testGetGroupMembershipGroupPrincipal2() throws Exception { - Set<java.security.acl.Group> grPrincipals = principalProvider.getGroupMembership(testGroup2.getPrincipal()); + Set<Principal> grPrincipals = principalProvider.getMembershipPrincipals(testGroup2.getPrincipal()); assertNotNull(grPrincipals); assertEquals(2, grPrincipals.size()); assertTrue(grPrincipals.contains(testGroup.getPrincipal())); Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java Mon Mar 19 20:08:56 2018 @@ -22,6 +22,8 @@ import java.util.Iterator; import java.util.Set; import com.google.common.collect.ImmutableSet; + +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.principal.PrincipalManager; import org.apache.jackrabbit.api.security.user.Group; import org.apache.jackrabbit.api.security.user.UserManager; @@ -50,7 +52,7 @@ public class PrincipalProviderImplTest e root.commit(); Principal ep = principalProvider.getPrincipal(EveryonePrincipal.NAME); - Set<? extends Principal> everyoneMembers = ImmutableSet.copyOf(Collections.list(((java.security.acl.Group) ep).members())); + Set<? extends Principal> everyoneMembers = ImmutableSet.copyOf(Collections.list(((GroupPrincipal) ep).members())); Iterator<? extends Principal> all = principalProvider.findPrincipals(PrincipalManager.SEARCH_TYPE_ALL); while (all.hasNext()) { Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipalTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipalTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipalTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipalTest.java Mon Mar 19 20:08:56 2018 @@ -152,16 +152,6 @@ public class AbstractGroupPrincipalTest assertFalse(everyoneAgp.isMember(member)); } - @Test(expected = UnsupportedOperationException.class) - public void testAddMember() { - agp.addMember(new PrincipalImpl("name")); - } - - @Test(expected = UnsupportedOperationException.class) - public void testRemoveMember() { - agp.removeMember(new PrincipalImpl("name")); - } - private class AGP extends AbstractGroupPrincipal { private Authorizable member; Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ImpersonationImplEmptyTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ImpersonationImplEmptyTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ImpersonationImplEmptyTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ImpersonationImplEmptyTest.java Mon Mar 19 20:08:56 2018 @@ -23,6 +23,8 @@ import java.util.UUID; import javax.security.auth.Subject; import com.google.common.collect.ImmutableSet; + +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.user.Group; import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.oak.AbstractSecurityTest; @@ -39,17 +41,7 @@ import static org.junit.Assert.assertTru public class ImpersonationImplEmptyTest extends AbstractSecurityTest { - final java.security.acl.Group groupPrincipal = new java.security.acl.Group() { - @Override - public boolean addMember(Principal user) { - throw new UnsupportedOperationException(); - } - - @Override - public boolean removeMember(Principal user) { - throw new UnsupportedOperationException(); - } - + final GroupPrincipal groupPrincipal = new GroupPrincipal() { @Override public boolean isMember(Principal member) { throw new UnsupportedOperationException(); Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderTest.java Mon Mar 19 20:08:56 2018 @@ -21,6 +21,7 @@ import java.util.Enumeration; import java.util.Set; import java.util.UUID; +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.jackrabbit.api.security.user.Group; import org.apache.jackrabbit.api.security.user.User; @@ -150,9 +151,9 @@ public class UserPrincipalProviderTest e Principal ep = principalProvider.getPrincipal(EveryonePrincipal.NAME); - assertTrue(ep instanceof java.security.acl.Group); - ((java.security.acl.Group) ep).members(); - ((java.security.acl.Group) ep).isMember(getTestUser().getPrincipal()); + assertTrue(ep instanceof GroupPrincipal); + //((GroupPrincipal) ep).members(); + //assertTrue(((GroupPrincipal) ep).isMember(getTestUser().getPrincipal())); } finally { if (everyoneGroup != null) { @@ -171,10 +172,10 @@ public class UserPrincipalProviderTest e try { Principal principal = principalProvider.getPrincipal(group.getPrincipal().getName()); - assertTrue(principal instanceof java.security.acl.Group); + assertTrue(principal instanceof GroupPrincipal); boolean found = false; - Enumeration<? extends Principal> members = ((java.security.acl.Group) principal).members(); + Enumeration<? extends Principal> members = ((GroupPrincipal) principal).members(); while (members.hasMoreElements() && !found) { found = members.nextElement().equals(getTestUser().getPrincipal()); } @@ -194,8 +195,8 @@ public class UserPrincipalProviderTest e try { Principal principal = principalProvider.getPrincipal(group.getPrincipal().getName()); - assertTrue(principal instanceof java.security.acl.Group); - ((java.security.acl.Group) principal).isMember(getTestUser().getPrincipal()); + assertTrue(principal instanceof GroupPrincipal); + assertTrue(((GroupPrincipal) principal).isMember(getTestUser().getPrincipal())); } finally { group.remove(); root.commit(); Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java Mon Mar 19 20:08:56 2018 @@ -32,6 +32,7 @@ import com.google.common.base.Predicate; import com.google.common.collect.ImmutableSet; import com.google.common.collect.Iterables; import org.apache.jackrabbit.JcrConstants; +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.principal.PrincipalIterator; import org.apache.jackrabbit.api.security.principal.PrincipalManager; import org.apache.jackrabbit.api.security.user.Group; @@ -171,7 +172,7 @@ public class UserPrincipalProviderWithCa public void testGetGroupMembershipPopulatesCache() throws Exception { PrincipalProvider pp = createPrincipalProvider(systemRoot); - Set<? extends Principal> principals = pp.getGroupMembership(getTestUser().getPrincipal()); + Set<? extends Principal> principals = pp.getMembershipPrincipals(getTestUser().getPrincipal()); assertPrincipals(principals, EveryonePrincipal.getInstance(), testGroup.getPrincipal()); root.refresh(); @@ -234,10 +235,10 @@ public class UserPrincipalProviderWithCa public void testGetGroupMembershipForGroups() throws Exception { PrincipalProvider pp = createPrincipalProvider(systemRoot); - Set<? extends Principal> principals = pp.getGroupMembership(testGroup.getPrincipal()); + Set<? extends Principal> principals = pp.getMembershipPrincipals(testGroup.getPrincipal()); assertPrincipals(principals, EveryonePrincipal.getInstance()); - principals = pp.getGroupMembership(testGroup2.getPrincipal()); + principals = pp.getMembershipPrincipals(testGroup2.getPrincipal()); assertPrincipals(principals, EveryonePrincipal.getInstance(), testGroup.getPrincipal()); root.refresh(); @@ -273,7 +274,7 @@ public class UserPrincipalProviderWithCa for (Principal p : principals) { String className = p.getClass().getName(); - assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$GroupPrincipal", className); + assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$GroupPrincipalImpl", className); } Principal testPrincipal = getTestUser().getPrincipal(); @@ -288,7 +289,7 @@ public class UserPrincipalProviderWithCa assertTrue(p instanceof TreeBasedPrincipal); assertEquals(testGroup.getPath(), ((TreeBasedPrincipal) p).getPath()); - java.security.acl.Group principalGroup = (java.security.acl.Group) p; + GroupPrincipal principalGroup = (GroupPrincipal) p; assertTrue(principalGroup.isMember(testPrincipal)); Enumeration<? extends Principal> members = principalGroup.members(); @@ -307,7 +308,7 @@ public class UserPrincipalProviderWithCa for (Principal p : principals) { String className = p.getClass().getName(); - assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$GroupPrincipal", className); + assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$GroupPrincipalImpl", className); } testGroup.remove(); @@ -326,7 +327,7 @@ public class UserPrincipalProviderWithCa assertTrue(p instanceof TreeBasedPrincipal); assertNull(((TreeBasedPrincipal) p).getPath()); - java.security.acl.Group principalGroup = (java.security.acl.Group) p; + GroupPrincipal principalGroup = (GroupPrincipal) p; assertFalse(principalGroup.isMember(getTestUser().getPrincipal())); Enumeration<? extends Principal> members = principalGroup.members(); @@ -520,7 +521,7 @@ public class UserPrincipalProviderWithCa root.refresh(); - List<PropertyState> props = new ArrayList(); + List<PropertyState> props = new ArrayList<>(); props.add(PropertyStates.createProperty(CacheConstants.REP_EXPIRATION, 25)); props.add(PropertyStates.createProperty(CacheConstants.REP_GROUP_PRINCIPAL_NAMES, EveryonePrincipal.NAME)); props.add(PropertyStates.createProperty(JcrConstants.JCR_PRIMARYTYPE, JcrConstants.NT_UNSTRUCTURED)); @@ -603,7 +604,7 @@ public class UserPrincipalProviderWithCa private static final class GroupPredicate implements Predicate<Principal> { @Override public boolean apply(@Nullable Principal input) { - return (input instanceof java.security.acl.Group) && !EveryonePrincipal.getInstance().equals(input); + return (input instanceof GroupPrincipal) && !EveryonePrincipal.getInstance().equals(input); } } } \ No newline at end of file Modified: jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/principal/CustomPrincipalProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/principal/CustomPrincipalProvider.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/principal/CustomPrincipalProvider.java (original) +++ jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/principal/CustomPrincipalProvider.java Mon Mar 19 20:08:56 2018 @@ -17,7 +17,6 @@ package org.apache.jackrabbit.oak.exercise.security.principal; import java.security.Principal; -import java.security.acl.Group; import java.util.Collections; import java.util.Iterator; import java.util.Set; @@ -50,7 +49,7 @@ class CustomPrincipalProvider implements @Nonnull @Override - public Set<Group> getGroupMembership(@Nonnull Principal principal) { + public Set<Principal> getMembershipPrincipals(@Nonnull Principal principal) { // EXERCISE : expose the group membership of your known Principals // EXERCISE : add every other principal into one of your known-principal-groups to establish dynamic group membership return Collections.EMPTY_SET; Modified: jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L3_PrecedenceRulesTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L3_PrecedenceRulesTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L3_PrecedenceRulesTest.java (original) +++ jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L3_PrecedenceRulesTest.java Mon Mar 19 20:08:56 2018 @@ -25,6 +25,7 @@ import javax.jcr.security.Privilege; import org.apache.jackrabbit.api.JackrabbitSession; import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.jackrabbit.api.security.user.Group; import org.apache.jackrabbit.api.security.user.User; @@ -162,7 +163,7 @@ public class L3_PrecedenceRulesTest exte public void testGroupMembership() throws RepositoryException { assertFalse(testSession.nodeExists(testRoot)); - assertTrue(((java.security.acl.Group) testGroupPrincipal).isMember(testPrincipal)); + assertTrue(((GroupPrincipal) testGroupPrincipal).isMember(testPrincipal)); AccessControlUtils.addAccessControlEntry(superuser, testRoot, testGroupPrincipal, AccessControlUtils.privilegesFromNames(superuser, Privilege.JCR_READ), true); superuser.save(); Modified: jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/principal/L3_EveryoneTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/principal/L3_EveryoneTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/principal/L3_EveryoneTest.java (original) +++ jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/principal/L3_EveryoneTest.java Mon Mar 19 20:08:56 2018 @@ -20,6 +20,7 @@ import java.security.Principal; import javax.jcr.RepositoryException; import org.apache.jackrabbit.api.JackrabbitSession; +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.principal.PrincipalIterator; import org.apache.jackrabbit.api.security.principal.PrincipalManager; import org.apache.jackrabbit.api.security.user.Authorizable; @@ -41,10 +42,10 @@ import org.apache.jackrabbit.test.Abstra * * - {@link #testEveryoneExists()} * Test to illustrate the that everyone principal always exists and always is - * an instanceof {@link java.security.acl.Group} even if there is no corresponding - * authorizable. + * an instanceof {@link org.apache.jackrabbit.api.security.principal.GroupPrincipal} even if + * there is no corresponding authorizable. * Discuss the meaning of the everyone principal and why having a corresponding authorizable is optional. - * Note the difference between java.security.acl.Group and org.apache.jackrabbit.api.security.user.Group. + * Note the difference between GroupPrincipal and org.apache.jackrabbit.api.security.user.Group. * * - {@link #testEveryoneName()} * Test to illustrate that the name of the everyone principal is constant. @@ -104,7 +105,7 @@ public class L3_EveryoneTest extends Abs Principal everyone = principalManager.getEveryone(); assertNotNull(everyone); - assertTrue(everyone instanceof java.security.acl.Group); + assertTrue(everyone instanceof GroupPrincipal); Authorizable everyoneAuthorizable = ((JackrabbitSession) superuser).getUserManager().getAuthorizable(everyone); assertNull(everyoneAuthorizable); @@ -127,7 +128,7 @@ public class L3_EveryoneTest extends Abs } public void testEveryoneIsMemberofEveryone() throws RepositoryException { - java.security.acl.Group everyone = (java.security.acl.Group) principalManager.getEveryone(); + GroupPrincipal everyone = (GroupPrincipal) principalManager.getEveryone(); PrincipalIterator it = principalManager.getPrincipals(PrincipalManager.SEARCH_TYPE_ALL); // EXERCISE: discuss the dynamic nature of the everyone group principal @@ -147,7 +148,7 @@ public class L3_EveryoneTest extends Abs superuser.save(); try { - java.security.acl.Group everyone = (java.security.acl.Group) principalManager.getEveryone(); + GroupPrincipal everyone = (GroupPrincipal) principalManager.getEveryone(); assertEquals(everyone, everyoneAuthorizable.getPrincipal()); Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerTest.java (original) +++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerTest.java Mon Mar 19 20:08:56 2018 @@ -17,7 +17,6 @@ package org.apache.jackrabbit.oak.jcr.security.principal; import java.security.Principal; -import java.security.acl.Group; import java.util.Enumeration; import java.util.HashSet; import java.util.Set; @@ -26,6 +25,7 @@ import javax.jcr.Session; import javax.jcr.SimpleCredentials; import org.apache.jackrabbit.api.JackrabbitSession; +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal; import org.apache.jackrabbit.api.security.principal.PrincipalIterator; import org.apache.jackrabbit.api.security.principal.PrincipalManager; @@ -42,7 +42,7 @@ import org.junit.Test; public class PrincipalManagerTest extends AbstractJCRTest { private PrincipalManager principalMgr; - private Group everyone; + private GroupPrincipal everyone; private Principal[] adminPrincipals; @@ -55,7 +55,7 @@ public class PrincipalManagerTest extend throw new NotExecutableException(); } principalMgr = ((JackrabbitSession) superuser).getPrincipalManager(); - everyone = (Group) principalMgr.getEveryone(); + everyone = (GroupPrincipal) principalMgr.getEveryone(); adminPrincipals = getPrincipals(getHelper().getSuperuserCredentials()); } @@ -76,7 +76,7 @@ public class PrincipalManagerTest extend } private static boolean isGroup(Principal p) { - return p instanceof java.security.acl.Group; + return p instanceof GroupPrincipal; } @Test @@ -187,7 +187,7 @@ public class PrincipalManagerTest extend continue; } if (isGroup(p)) { - Enumeration<? extends Principal> en = ((java.security.acl.Group) p).members(); + Enumeration<? extends Principal> en = ((GroupPrincipal) p).members(); while (en.hasMoreElements()) { Principal memb = en.nextElement(); assertTrue(principalMgr.hasPrincipal(memb.getName())); @@ -209,7 +209,7 @@ public class PrincipalManagerTest extend continue; } if (isGroup(p)) { - Enumeration<? extends Principal> en = ((java.security.acl.Group) p).members(); + Enumeration<? extends Principal> en = ((GroupPrincipal) p).members(); while (en.hasMoreElements()) { Principal memb = en.nextElement(); assertTrue(principalMgr.hasPrincipal(memb.getName())); @@ -274,7 +274,7 @@ public class PrincipalManagerTest extend assertTrue(isGroup(p)); - Enumeration<? extends Principal> members = ((java.security.acl.Group) p).members(); + Enumeration<? extends Principal> members = ((GroupPrincipal) p).members(); while (members.hasMoreElements()) { Principal memb = members.nextElement(); Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java (original) +++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java Mon Mar 19 20:08:56 2018 @@ -22,6 +22,7 @@ import java.util.Iterator; import java.util.Set; import javax.jcr.RepositoryException; +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.jackrabbit.api.security.user.Group; import org.apache.jackrabbit.api.security.user.User; @@ -68,11 +69,11 @@ public class EveryoneGroupTest extends A @Test public void testGroupPrincipal() throws Exception { Principal everyonePrincipal = everyone.getPrincipal(); - assertTrue(everyonePrincipal instanceof java.security.acl.Group); + assertTrue(everyonePrincipal instanceof GroupPrincipal); assertTrue(everyonePrincipal.equals(EveryonePrincipal.getInstance())); assertTrue(EveryonePrincipal.getInstance().equals(everyonePrincipal)); - java.security.acl.Group gr = (java.security.acl.Group) everyonePrincipal; + GroupPrincipal gr = (GroupPrincipal) everyonePrincipal; assertFalse(gr.isMember(everyonePrincipal)); assertTrue(gr.isMember(getTestUser(superuser).getPrincipal())); assertTrue(gr.isMember(new PrincipalImpl("test"))); Modified: jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java (original) +++ jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java Mon Mar 19 20:08:56 2018 @@ -27,6 +27,7 @@ import javax.jcr.RepositoryException; import javax.jcr.Session; import javax.jcr.UnsupportedRepositoryOperationException; +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.jackrabbit.api.security.user.AuthorizableExistsException; import org.apache.jackrabbit.api.security.user.Group; @@ -491,8 +492,8 @@ public class GroupTest extends AbstractU newGroup2.addMember(auth); superuser.save(); - java.security.acl.Group ngPrincipal = (java.security.acl.Group) newGroup.getPrincipal(); - java.security.acl.Group ng2Principal = (java.security.acl.Group) newGroup2.getPrincipal(); + GroupPrincipal ngPrincipal = (GroupPrincipal) newGroup.getPrincipal(); + GroupPrincipal ng2Principal = (GroupPrincipal) newGroup2.getPrincipal(); assertFalse(ng2Principal.isMember(ngPrincipal)); Modified: jackrabbit/oak/trunk/oak-security-spi/pom.xml URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/pom.xml?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-security-spi/pom.xml (original) +++ jackrabbit/oak/trunk/oak-security-spi/pom.xml Mon Mar 19 20:08:56 2018 @@ -34,7 +34,7 @@ <properties> <!-- enable execution of jacoco and set minimal line coverage --> <skip.coverage>false</skip.coverage> - <minimum.coverage>0.90</minimum.coverage> + <minimum.coverage>0.89</minimum.coverage> </properties> <build> Modified: jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java (original) +++ jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java Mon Mar 19 20:08:56 2018 @@ -492,9 +492,9 @@ public abstract class AbstractLoginModul log.debug("Cannot retrieve principals. No principal provider configured."); return Collections.emptySet(); } else { - Set<Principal> principals = new HashSet(); + Set<Principal> principals = new HashSet<>(); principals.add(userPrincipal); - principals.addAll(principalProvider.getGroupMembership(userPrincipal)); + principals.addAll(principalProvider.getMembershipPrincipals(userPrincipal)); return principals; } } Modified: jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java (original) +++ jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java Mon Mar 19 20:08:56 2018 @@ -18,6 +18,7 @@ package org.apache.jackrabbit.oak.spi.se import java.security.Principal; import java.security.acl.Group; +import java.util.Collections; import java.util.HashSet; import java.util.Iterator; import java.util.List; @@ -70,9 +71,15 @@ public class CompositePrincipalProvider @Nonnull @Override public Set<Group> getGroupMembership(@Nonnull Principal principal) { - Set<Group> groups = new HashSet<Group>(); + return Collections.emptySet(); + } + + @Nonnull + @Override + public Set<Principal> getMembershipPrincipals(@Nonnull Principal principal) { + Set<Principal> groups = new HashSet<>(); for (PrincipalProvider provider : providers) { - groups.addAll(provider.getGroupMembership(principal)); + groups.addAll(provider.getMembershipPrincipals(principal)); } return groups; } Modified: jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EmptyPrincipalProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EmptyPrincipalProvider.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EmptyPrincipalProvider.java (original) +++ jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EmptyPrincipalProvider.java Mon Mar 19 20:08:56 2018 @@ -24,8 +24,6 @@ import java.util.Set; import javax.annotation.Nonnull; import javax.annotation.Nullable; -import com.google.common.collect.ImmutableSet; - /** * Implementation of the {@code PrincipalProvider} interface that never * returns any principals. @@ -44,13 +42,19 @@ public final class EmptyPrincipalProvide @Nonnull @Override public Set<Group> getGroupMembership(@Nonnull Principal principal) { - return ImmutableSet.of(); + return Collections.emptySet(); + } + + @Nonnull + @Override + public Set<Principal> getMembershipPrincipals(@Nonnull Principal principal) { + return Collections.emptySet(); } @Nonnull @Override public Set<? extends Principal> getPrincipals(@Nonnull String userID) { - return ImmutableSet.of(); + return Collections.emptySet(); } @Nonnull Modified: jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java?rev=1827239&r1=1827238&r2=1827239&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java (original) +++ jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java Mon Mar 19 20:08:56 2018 @@ -20,12 +20,13 @@ import java.security.Principal; import java.security.acl.Group; import java.util.Enumeration; +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.principal.JackrabbitPrincipal; /** * Built-in principal group that has every other principal as member. */ -public final class EveryonePrincipal implements JackrabbitPrincipal, java.security.acl.Group { +public final class EveryonePrincipal implements JackrabbitPrincipal, Group, GroupPrincipal { public static final String NAME = "everyone"; @@ -54,6 +55,7 @@ public final class EveryonePrincipal imp throw new UnsupportedOperationException("Cannot remove a member from the everyone group."); } + //------------------------------------------------------< GroupPrincipal >--- @Override public boolean isMember(Principal member) { return !member.equals(this); @@ -75,7 +77,7 @@ public final class EveryonePrincipal imp public boolean equals(Object obj) { if (obj == this) { return true; - } else if (obj instanceof JackrabbitPrincipal && obj instanceof Group) { + } else if (obj instanceof JackrabbitPrincipal && GroupPrincipals.isGroup((Principal) obj)) { JackrabbitPrincipal other = (JackrabbitPrincipal) obj; return NAME.equals(other.getName()); } Added: jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/GroupPrincipalWrapper.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/GroupPrincipalWrapper.java?rev=1827239&view=auto ============================================================================== --- jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/GroupPrincipalWrapper.java (added) +++ jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/GroupPrincipalWrapper.java Mon Mar 19 20:08:56 2018 @@ -0,0 +1,51 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.jackrabbit.oak.spi.security.principal; + +import java.security.Principal; +import java.security.acl.Group; +import java.util.Enumeration; + +import javax.annotation.Nonnull; + +import org.apache.jackrabbit.api.security.principal.GroupPrincipal; + +@Deprecated +class GroupPrincipalWrapper extends PrincipalImpl implements GroupPrincipal { + + private final Group group; + + GroupPrincipalWrapper(@Nonnull Group group) { + super(group.getName()); + this.group = group; + } + + @Override + public String getName() { + return group.getName(); + } + + @Override + public boolean isMember(Principal member) { + return group.isMember(member); + } + + @Override + public Enumeration<? extends Principal> members() { + return GroupPrincipals.transform(group.members()); + } +} Propchange: jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/GroupPrincipalWrapper.java ------------------------------------------------------------------------------ svn:eol-style = native