Author: stillalex
Date: Mon Mar 19 20:08:56 2018
New Revision: 1827239
URL: http://svn.apache.org/viewvc?rev=1827239&view=rev
Log:
OAK-7024 java.security.acl deprecated in Java 10, marked for removal in Java 11
Added:
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/GroupPrincipalWrapper.java
(with props)
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/GroupPrincipals.java
(with props)
jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/GroupPrincipalsTest.java
(with props)
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProvider.java
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AbstractPrincipalTest.java
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.java
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalTest.java
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderAutoMembershipTest.java
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderDeepNestingTest.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipal.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/AbstractPrincipalProviderTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipalTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ImpersonationImplEmptyTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderTest.java
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/principal/CustomPrincipalProvider.java
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L3_PrecedenceRulesTest.java
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/principal/L3_EveryoneTest.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerTest.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java
jackrabbit/oak/trunk/oak-security-spi/pom.xml
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EmptyPrincipalProvider.java
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalManagerImpl.java
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java
jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModuleTest.java
jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalConfigurationTest.java
jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProviderTest.java
jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/EmptyPrincipalProviderTest.java
jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipalTest.java
jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalManagerImplTest.java
jackrabbit/oak/trunk/oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/TestPrincipalProvider.java
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProvider.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProvider.java
(original)
+++
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProvider.java
Mon Mar 19 20:08:56 2018
@@ -17,7 +17,6 @@
package
org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal;
import java.security.Principal;
-import java.security.acl.Group;
import java.text.ParseException;
import java.util.Collection;
import java.util.Collections;
@@ -41,6 +40,8 @@ import com.google.common.collect.Immutab
import com.google.common.collect.Iterables;
import com.google.common.collect.Iterators;
import com.google.common.collect.Sets;
+
+import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
@@ -59,6 +60,7 @@ import org.apache.jackrabbit.oak.plugins
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalIdentityConstants;
+import org.apache.jackrabbit.oak.spi.security.principal.GroupPrincipals;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
@@ -69,7 +71,7 @@ import org.slf4j.LoggerFactory;
/**
* Implementation of the {@code PrincipalProvider} interface that exposes
- * 'external' principals of type {@link java.security.acl.Group}. 'External'
+ * 'external' principals of type {@link
org.apache.jackrabbit.oak.spi.security.principal.GroupPrincipal}. 'External'
* refers to the fact that these principals are defined and managed by an
* {@link
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider}.
*
@@ -125,8 +127,8 @@ class ExternalGroupPrincipalProvider imp
@Nonnull
@Override
- public Set<Group> getGroupMembership(@Nonnull Principal principal) {
- if (!(principal instanceof Group)) {
+ public Set<Principal> getMembershipPrincipals(@Nonnull Principal
principal) {
+ if (!GroupPrincipals.isGroup(principal)) {
try {
if (principal instanceof ItemBasedPrincipal) {
Tree t = root.getTree(((ItemBasedPrincipal)
principal).getPath());
@@ -183,7 +185,7 @@ class ExternalGroupPrincipalProvider imp
}
}
- private Set<Group> getGroupPrincipals(@CheckForNull Authorizable
authorizable) throws RepositoryException {
+ private Set<Principal> getGroupPrincipals(@CheckForNull Authorizable
authorizable) throws RepositoryException {
if (authorizable != null && !authorizable.isGroup()) {
Tree userTree = root.getTree(authorizable.getPath());
return getGroupPrincipals(userTree);
@@ -192,12 +194,12 @@ class ExternalGroupPrincipalProvider imp
}
}
- private Set<Group> getGroupPrincipals(@Nonnull Tree userTree) {
+ private Set<Principal> getGroupPrincipals(@Nonnull Tree userTree) {
if (userTree.exists() && UserUtil.isType(userTree,
AuthorizableType.USER) && userTree.hasProperty(REP_EXTERNAL_PRINCIPAL_NAMES)) {
PropertyState ps =
userTree.getProperty(REP_EXTERNAL_PRINCIPAL_NAMES);
if (ps != null) {
// we have an 'external' user that has been synchronized with
the dynamic-membership option
- Set<Group> groupPrincipals = Sets.newHashSet();
+ Set<Principal> groupPrincipals = Sets.newHashSet();
for (String principalName : ps.getValue(Type.STRINGS)) {
groupPrincipals.add(new
ExternalGroupPrincipal(principalName));
}
@@ -270,7 +272,7 @@ class ExternalGroupPrincipalProvider imp
* identities that are <strong>not</strong> represented as authorizable
group
* in the repository's user management.
*/
- private final class ExternalGroupPrincipal extends PrincipalImpl
implements java.security.acl.Group {
+ private final class ExternalGroupPrincipal extends PrincipalImpl
implements GroupPrincipal {
private ExternalGroupPrincipal(String principalName) {
super(principalName);
@@ -278,26 +280,8 @@ class ExternalGroupPrincipalProvider imp
}
@Override
- public boolean addMember(Principal user) {
- if (isMember(user)) {
- return false;
- } else {
- throw new UnsupportedOperationException("Adding members to
external group principals is not supported.");
- }
- }
-
- @Override
- public boolean removeMember(Principal user) {
- if (!isMember(user)) {
- return false;
- } else {
- throw new UnsupportedOperationException("Removing members from
external group principals is not supported.");
- }
- }
-
- @Override
public boolean isMember(Principal member) {
- if (member instanceof Group) {
+ if (GroupPrincipals.isGroup(member)) {
return false;
}
try {
@@ -438,35 +422,35 @@ class ExternalGroupPrincipalProvider imp
private final class AutoMembershipPrincipals {
private final Map<String, String[]> autoMembershipMapping;
- private final Map<String, Set<Group>> principalMap;
+ private final Map<String, Set<Principal>> principalMap;
private AutoMembershipPrincipals(@Nonnull Map<String, String[]>
autoMembershipMapping) {
this.autoMembershipMapping = autoMembershipMapping;
- this.principalMap = new ConcurrentHashMap<String,
Set<Group>>(autoMembershipMapping.size());
+ this.principalMap = new ConcurrentHashMap<String,
Set<Principal>>(autoMembershipMapping.size());
}
@Nonnull
- private Collection<Group> get(@CheckForNull String idpName) {
+ private Collection<Principal> get(@CheckForNull String idpName) {
if (idpName == null) {
return ImmutableSet.of();
}
- Set<Group> principals;
+ Set<Principal> principals;
if (!principalMap.containsKey(idpName)) {
String[] vs = autoMembershipMapping.get(idpName);
if (vs == null) {
principals = ImmutableSet.of();
} else {
- ImmutableSet.Builder<Group> builder =
ImmutableSet.builder();
+ ImmutableSet.Builder<Principal> builder =
ImmutableSet.builder();
for (String groupId : autoMembershipMapping.get(idpName)) {
try {
Authorizable gr =
userManager.getAuthorizable(groupId);
if (gr != null && gr.isGroup()) {
Principal grPrincipal = gr.getPrincipal();
- if (grPrincipal instanceof Group) {
- builder.add((Group) grPrincipal);
+ if (GroupPrincipals.isGroup(grPrincipal)) {
+ builder.add(grPrincipal);
} else {
- log.warn("Principal of group {} is not of
type java.security.acl.Group -> Ignoring", groupId);
+ log.warn("Principal of group {} is not of
group type -> Ignoring", groupId);
}
} else {
log.warn("Configured auto-membership group {}
does not exist -> Ignoring", groupId);
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java
(original)
+++
jackrabbit/oak/trunk/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java
Mon Mar 19 20:08:56 2018
@@ -19,7 +19,6 @@ package org.apache.jackrabbit.oak.spi.se
import static
org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;
import java.security.Principal;
-import java.security.acl.Group;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AbstractPrincipalTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AbstractPrincipalTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AbstractPrincipalTest.java
(original)
+++
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AbstractPrincipalTest.java
Mon Mar 19 20:08:56 2018
@@ -24,6 +24,8 @@ import javax.annotation.Nonnull;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
+
+import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
@@ -80,19 +82,19 @@ public abstract class AbstractPrincipalT
return config;
}
- java.security.acl.Group getGroupPrincipal() throws Exception {
+ GroupPrincipal getGroupPrincipal() throws Exception {
ExternalUser externalUser = idp.getUser(USER_ID);
return
getGroupPrincipal(externalUser.getDeclaredGroups().iterator().next());
}
- java.security.acl.Group getGroupPrincipal(@Nonnull ExternalIdentityRef
ref) throws Exception {
+ GroupPrincipal getGroupPrincipal(@Nonnull ExternalIdentityRef ref) throws
Exception {
String principalName = idp.getIdentity(ref).getPrincipalName();
Principal p = principalProvider.getPrincipal(principalName);
assertNotNull(p);
- assertTrue(p instanceof java.security.acl.Group);
+ assertTrue(p instanceof GroupPrincipal);
- return (java.security.acl.Group) p;
+ return (GroupPrincipal) p;
}
Group createTestGroup() throws Exception {
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.java
(original)
+++
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.java
Mon Mar 19 20:08:56 2018
@@ -27,6 +27,8 @@ import javax.annotation.Nullable;
import com.google.common.base.Function;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
+
+import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
@@ -134,7 +136,7 @@ public class ExternalGroupPrincipalProvi
Principal principal = principalProvider.getPrincipal(princName);
assertNotNull(principal);
- assertTrue(principal instanceof java.security.acl.Group);
+ assertTrue(principal instanceof GroupPrincipal);
}
}
@@ -194,18 +196,18 @@ public class ExternalGroupPrincipalProvi
@Test
public void testGetGroupMembershipLocalPrincipal() throws Exception {
- Set<? extends Principal> principals =
principalProvider.getGroupMembership(getTestUser().getPrincipal());
+ Set<? extends Principal> principals =
principalProvider.getMembershipPrincipals(getTestUser().getPrincipal());
assertTrue(principals.isEmpty());
}
@Test
public void testGetGroupMembershipLocalGroupPrincipal() throws Exception {
Group gr = createTestGroup();
- Set<? extends Principal> principals =
principalProvider.getGroupMembership(gr.getPrincipal());
+ Set<? extends Principal> principals =
principalProvider.getMembershipPrincipals(gr.getPrincipal());
assertTrue(principals.isEmpty());
- // same if the principal is not marked as 'java.security.acl.Group'
and not tree-based-principal
- principals = principalProvider.getGroupMembership(new
PrincipalImpl(gr.getPrincipal().getName()));
+ // same if the principal is not marked as 'GroupPrincipal' and not
tree-based-principal
+ principals = principalProvider.getMembershipPrincipals(new
PrincipalImpl(gr.getPrincipal().getName()));
assertTrue(principals.isEmpty());
}
@@ -216,7 +218,7 @@ public class ExternalGroupPrincipalProvi
Set<Principal> expected = getExpectedGroupPrincipals(USER_ID);
- Set<? extends Principal> principals =
principalProvider.getGroupMembership(user.getPrincipal());
+ Set<? extends Principal> principals =
principalProvider.getMembershipPrincipals(user.getPrincipal());
assertEquals(expected, principals);
}
@@ -228,7 +230,7 @@ public class ExternalGroupPrincipalProvi
Set<Principal> expected = getExpectedGroupPrincipals(USER_ID);
// same as in test before even if the principal is not a
tree-based-principal
- Set<? extends Principal> principals =
principalProvider.getGroupMembership(new
PrincipalImpl(user.getPrincipal().getName()));
+ Set<? extends Principal> principals =
principalProvider.getMembershipPrincipals(new
PrincipalImpl(user.getPrincipal().getName()));
assertEquals(expected, principals);
}
@@ -238,7 +240,7 @@ public class ExternalGroupPrincipalProvi
Authorizable user =
getUserManager(root).getAuthorizable(TestIdentityProvider.ID_SECOND_USER);
assertNotNull(user);
- Set<? extends Principal> principals =
principalProvider.getGroupMembership(user.getPrincipal());
+ Set<? extends Principal> principals =
principalProvider.getMembershipPrincipals(user.getPrincipal());
assertTrue(principals.isEmpty());
}
@@ -249,7 +251,7 @@ public class ExternalGroupPrincipalProvi
assertNotNull(user);
// same as in test before even if the principal is not a
tree-based-principal
- Set<? extends Principal> principals =
principalProvider.getGroupMembership(new
PrincipalImpl(user.getPrincipal().getName()));
+ Set<? extends Principal> principals =
principalProvider.getMembershipPrincipals(new
PrincipalImpl(user.getPrincipal().getName()));
assertTrue(principals.isEmpty());
}
@@ -258,11 +260,11 @@ public class ExternalGroupPrincipalProvi
Authorizable group =
getUserManager(root).getAuthorizable("secondGroup");
assertNotNull(group);
- Set<? extends Principal> principals =
principalProvider.getGroupMembership(group.getPrincipal());
+ Set<? extends Principal> principals =
principalProvider.getMembershipPrincipals(group.getPrincipal());
assertTrue(principals.isEmpty());
- // same if the principal is not marked as 'java.security.acl.Group'
and not tree-based-principal
- principals = principalProvider.getGroupMembership(new
PrincipalImpl(group.getPrincipal().getName()));
+ // same if the principal is not marked as 'GroupPrincipal' and not
tree-based-principal
+ principals = principalProvider.getMembershipPrincipals(new
PrincipalImpl(group.getPrincipal().getName()));
assertTrue(principals.isEmpty());
}
@@ -377,7 +379,7 @@ public class ExternalGroupPrincipalProvi
ExternalUser otherUser = new TestUser("anotherUser",
ImmutableSet.of(gr.getExternalId()));
sync(otherUser);
- Set<Principal> expected = new HashSet();
+ Set<Principal> expected = new HashSet<>();
expected.add(new PrincipalImpl(gr.getPrincipalName()));
long depth = syncConfig.user().getMembershipNestingDepth();
if (depth > 1) {
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalTest.java
(original)
+++
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalTest.java
Mon Mar 19 20:08:56 2018
@@ -23,6 +23,8 @@ import javax.annotation.Nullable;
import com.google.common.base.Function;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;
+
+import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.user.Group;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
@@ -38,7 +40,7 @@ public class ExternalGroupPrincipalTest
@Test
public void testIsMember() throws Exception {
ExternalUser externalUser = idp.getUser(USER_ID);
- java.security.acl.Group principal =
getGroupPrincipal(externalUser.getDeclaredGroups().iterator().next());
+ GroupPrincipal principal =
getGroupPrincipal(externalUser.getDeclaredGroups().iterator().next());
assertTrue(principal.isMember(new
PrincipalImpl(externalUser.getPrincipalName())));
assertTrue(principal.isMember(getUserManager(root).getAuthorizable(USER_ID).getPrincipal()));
@@ -46,7 +48,7 @@ public class ExternalGroupPrincipalTest
@Test
public void testIsMemberExternalGroup() throws Exception {
- java.security.acl.Group principal = getGroupPrincipal();
+ GroupPrincipal principal = getGroupPrincipal();
Iterable<String> exGroupPrincNames =
Iterables.transform(ImmutableList.copyOf(idp.listGroups()), new
Function<ExternalGroup, String>() {
@Nullable
@@ -63,7 +65,7 @@ public class ExternalGroupPrincipalTest
@Test
public void testIsMemberLocalUser() throws Exception {
- java.security.acl.Group principal = getGroupPrincipal();
+ GroupPrincipal principal = getGroupPrincipal();
assertFalse(principal.isMember(getTestUser().getPrincipal()));
assertFalse(principal.isMember(new
PrincipalImpl(getTestUser().getPrincipal().getName())));
@@ -72,39 +74,15 @@ public class ExternalGroupPrincipalTest
@Test
public void testIsMemberLocalGroup() throws Exception {
Group gr = createTestGroup();
- java.security.acl.Group principal = getGroupPrincipal();
+ GroupPrincipal principal = getGroupPrincipal();
assertFalse(principal.isMember(gr.getPrincipal()));
assertFalse(principal.isMember(new
PrincipalImpl(gr.getPrincipal().getName())));
}
- @Test(expected = UnsupportedOperationException.class)
- public void testAddMember() throws Exception {
- java.security.acl.Group principal = getGroupPrincipal();
- principal.addMember(getTestUser().getPrincipal());
- }
-
- @Test
- public void testAddMemberExistingMember() throws Exception {
- java.security.acl.Group principal = getGroupPrincipal();
-
assertFalse(principal.addMember(getUserManager(root).getAuthorizable(USER_ID).getPrincipal()));
- }
-
- @Test(expected = UnsupportedOperationException.class)
- public void testRemoveMember() throws Exception {
- java.security.acl.Group principal = getGroupPrincipal();
-
principal.removeMember(getUserManager(root).getAuthorizable(USER_ID).getPrincipal());
- }
-
- @Test
- public void testRemoveMemberNotMember() throws Exception {
- java.security.acl.Group principal = getGroupPrincipal();
- assertFalse(principal.removeMember(getTestUser().getPrincipal()));
- }
-
@Test
public void testMembers() throws Exception {
- java.security.acl.Group principal = getGroupPrincipal();
+ GroupPrincipal principal = getGroupPrincipal();
Principal[] expectedMembers = new Principal[] {
getUserManager(root).getAuthorizable(USER_ID).getPrincipal(),
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderAutoMembershipTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderAutoMembershipTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderAutoMembershipTest.java
(original)
+++
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderAutoMembershipTest.java
Mon Mar 19 20:08:56 2018
@@ -107,7 +107,7 @@ public class PrincipalProviderAutoMember
Authorizable user = getUserManager(root).getAuthorizable(USER_ID);
- Set<java.security.acl.Group> result =
principalProvider.getGroupMembership(user.getPrincipal());
+ Set<Principal> result =
principalProvider.getMembershipPrincipals(user.getPrincipal());
assertTrue(result.contains(userAutoMembershipGroup.getPrincipal()));
assertTrue(result.contains(groupAutoMembershipGroup.getPrincipal()));
assertEquals(expected, result);
Modified:
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderDeepNestingTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderDeepNestingTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderDeepNestingTest.java
(original)
+++
jackrabbit/oak/trunk/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderDeepNestingTest.java
Mon Mar 19 20:08:56 2018
@@ -20,6 +20,8 @@ import java.security.Principal;
import java.util.Set;
import com.google.common.collect.ImmutableSet;
+
+import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import
org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
@@ -51,7 +53,7 @@ public class PrincipalProviderDeepNestin
Principal principal = principalProvider.getPrincipal(princName);
assertNotNull(principal);
- assertTrue(principal instanceof java.security.acl.Group);
+ assertTrue(principal instanceof GroupPrincipal);
}
}
@@ -69,9 +71,9 @@ public class PrincipalProviderDeepNestin
Principal principal =
principalProvider.getPrincipal(inheritedPrincName);
assertNotNull(principal);
- assertTrue(principal instanceof java.security.acl.Group);
+ assertTrue(principal instanceof GroupPrincipal);
- java.security.acl.Group inheritedGrPrincipal =
(java.security.acl.Group) principal;
+ GroupPrincipal inheritedGrPrincipal = (GroupPrincipal)
principal;
assertTrue(inheritedGrPrincipal.isMember(new
PrincipalImpl(externalUser.getPrincipalName())));
assertFalse(inheritedGrPrincipal.isMember(grPrincipal));
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java
Mon Mar 19 20:08:56 2018
@@ -17,7 +17,6 @@
package org.apache.jackrabbit.oak.security.authorization.permission;
import java.security.Principal;
-import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
@@ -50,6 +49,7 @@ import org.apache.jackrabbit.oak.spi.sec
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import
org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import
org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
+import org.apache.jackrabbit.oak.spi.security.principal.GroupPrincipals;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
@@ -103,7 +103,7 @@ final class CompiledPermissionImpl imple
Set<String> userNames = new HashSet<String>(principals.size());
Set<String> groupNames = new HashSet<String>(principals.size());
for (Principal principal : principals) {
- if (principal instanceof Group) {
+ if (GroupPrincipals.isGroup(principal)) {
groupNames.add(principal.getName());
} else {
userNames.add(principal.getName());
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java
Mon Mar 19 20:08:56 2018
@@ -17,7 +17,6 @@
package org.apache.jackrabbit.oak.security.principal;
import java.security.Principal;
-import java.security.acl.Group;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
@@ -38,6 +37,7 @@ import org.apache.jackrabbit.api.securit
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
+import org.apache.jackrabbit.oak.spi.security.principal.GroupPrincipals;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
@@ -81,7 +81,7 @@ class PrincipalProviderImpl implements P
@Nonnull
@Override
- public Set<Group> getGroupMembership(@Nonnull Principal principal) {
+ public Set<Principal> getMembershipPrincipals(@Nonnull Principal
principal) {
Authorizable authorizable = getAuthorizable(principal);
if (authorizable == null) {
return Collections.emptySet();
@@ -144,14 +144,14 @@ class PrincipalProviderImpl implements P
}
}
- private Set<Group> getGroupMembership(Authorizable authorizable) {
- Set<java.security.acl.Group> groupPrincipals = new HashSet<Group>();
+ private Set<Principal> getGroupMembership(Authorizable authorizable) {
+ Set<Principal> groupPrincipals = new HashSet<>();
try {
Iterator<org.apache.jackrabbit.api.security.user.Group> groups =
authorizable.memberOf();
while (groups.hasNext()) {
Principal grPrincipal = groups.next().getPrincipal();
- if (grPrincipal instanceof Group) {
- groupPrincipals.add((Group) grPrincipal);
+ if (GroupPrincipals.isGroup(grPrincipal)) {
+ groupPrincipals.add(grPrincipal);
}
}
} catch (RepositoryException e) {
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipal.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipal.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipal.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipal.java
Mon Mar 19 20:08:56 2018
@@ -25,6 +25,8 @@ import javax.jcr.RepositoryException;
import com.google.common.base.Function;
import com.google.common.base.Predicates;
import com.google.common.collect.Iterators;
+
+import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.Tree;
@@ -36,7 +38,7 @@ import org.slf4j.LoggerFactory;
/**
* Base class for {@code Group} principals.
*/
-abstract class AbstractGroupPrincipal extends TreeBasedPrincipal implements
java.security.acl.Group {
+abstract class AbstractGroupPrincipal extends TreeBasedPrincipal implements
GroupPrincipal {
private static final Logger log =
LoggerFactory.getLogger(AbstractGroupPrincipal.class);
@@ -110,13 +112,4 @@ abstract class AbstractGroupPrincipal ex
return Iterators.asEnumeration(Iterators.filter(principals,
Predicates.<Object>notNull()));
}
- @Override
- public boolean addMember(Principal principal) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public boolean removeMember(Principal principal) {
- throw new UnsupportedOperationException();
- }
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/ImpersonationImpl.java
Mon Mar 19 20:08:56 2018
@@ -17,7 +17,6 @@
package org.apache.jackrabbit.oak.security.user;
import java.security.Principal;
-import java.security.acl.Group;
import java.util.HashSet;
import java.util.Set;
import javax.annotation.CheckForNull;
@@ -34,6 +33,7 @@ import org.apache.jackrabbit.oak.api.Pro
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
+import org.apache.jackrabbit.oak.spi.security.principal.GroupPrincipals;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import
org.apache.jackrabbit.oak.spi.security.principal.PrincipalIteratorAdapter;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
@@ -182,7 +182,7 @@ class ImpersonationImpl implements Imper
private boolean isAdmin(@Nonnull Principal principal) {
if (principal instanceof AdminPrincipal) {
return true;
- } else if (principal instanceof Group) {
+ } else if (GroupPrincipals.isGroup(principal)) {
return false;
} else {
try {
@@ -215,7 +215,7 @@ class ImpersonationImpl implements Imper
log.debug("Cannot grant impersonation to an unknown principal.");
return false;
}
- if (p instanceof Group) {
+ if (GroupPrincipals.isGroup(p)) {
log.debug("Cannot grant impersonation to a principal that is a
Group.");
return false;
}
Modified:
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java
Mon Mar 19 20:08:56 2018
@@ -17,7 +17,6 @@
package org.apache.jackrabbit.oak.security.user;
import java.security.Principal;
-import java.security.acl.Group;
import java.text.ParseException;
import java.util.Collections;
import java.util.Date;
@@ -118,7 +117,7 @@ class UserPrincipalProvider implements P
@Nonnull
@Override
- public Set<Group> getGroupMembership(@Nonnull Principal principal) {
+ public Set<Principal> getMembershipPrincipals(@Nonnull Principal
principal) {
Tree tree = getAuthorizableTree(principal);
if (tree == null) {
return Collections.emptySet();
@@ -217,12 +216,12 @@ class UserPrincipalProvider implements P
}
@CheckForNull
- private Group createGroupPrincipal(@Nonnull Tree groupTree) {
+ private Principal createGroupPrincipal(@Nonnull Tree groupTree) {
String principalName = getPrincipalName(groupTree);
if (principalName == null) {
return null;
}
- return new GroupPrincipal(principalName, groupTree);
+ return new GroupPrincipalImpl(principalName, groupTree);
}
@CheckForNull
@@ -238,8 +237,8 @@ class UserPrincipalProvider implements P
}
@Nonnull
- private Set<Group> getGroupMembership(@Nonnull Tree authorizableTree) {
- Set<Group> groupPrincipals = null;
+ private Set<Principal> getGroupMembership(@Nonnull Tree authorizableTree) {
+ Set<Principal> groupPrincipals = null;
boolean doCache = cacheEnabled && UserUtil.isType(authorizableTree,
AuthorizableType.USER);
if (doCache) {
groupPrincipals = readGroupsFromCache(authorizableTree);
@@ -247,12 +246,12 @@ class UserPrincipalProvider implements P
// caching not configured or cache expired: use the membershipProvider
to calculate
if (groupPrincipals == null) {
- groupPrincipals = new HashSet<Group>();
+ groupPrincipals = new HashSet<>();
Iterator<String> groupPaths =
membershipProvider.getMembership(authorizableTree, true);
while (groupPaths.hasNext()) {
Tree groupTree =
userProvider.getAuthorizableByPath(groupPaths.next());
if (groupTree != null && UserUtil.isType(groupTree,
AuthorizableType.GROUP)) {
- Group gr = createGroupPrincipal(groupTree);
+ Principal gr = createGroupPrincipal(groupTree);
if (gr != null) {
groupPrincipals.add(gr);
}
@@ -271,7 +270,7 @@ class UserPrincipalProvider implements P
return groupPrincipals;
}
- private void cacheGroups(@Nonnull Tree authorizableNode, @Nonnull
Set<Group> groupPrincipals) {
+ private void cacheGroups(@Nonnull Tree authorizableNode, @Nonnull
Set<Principal> groupPrincipals) {
try {
root.refresh();
Tree cache = authorizableNode.getChild(CacheConstants.REP_CACHE);
@@ -286,9 +285,9 @@ class UserPrincipalProvider implements P
}
cache.setProperty(CacheConstants.REP_EXPIRATION,
LongUtils.calculateExpirationTime(expiration));
- String value = (groupPrincipals.isEmpty()) ? "" :
Joiner.on(",").join(Iterables.transform(groupPrincipals, new Function<Group,
String>() {
+ String value = (groupPrincipals.isEmpty()) ? "" :
Joiner.on(",").join(Iterables.transform(groupPrincipals, new
Function<Principal, String>() {
@Override
- public String apply(Group input) {
+ public String apply(Principal input) {
return Text.escape(input.getName());
}
}));
@@ -307,7 +306,7 @@ class UserPrincipalProvider implements P
}
@CheckForNull
- private Set<Group> readGroupsFromCache(@Nonnull Tree authorizableNode) {
+ private Set<Principal> readGroupsFromCache(@Nonnull Tree authorizableNode)
{
Tree principalCache =
authorizableNode.getChild(CacheConstants.REP_CACHE);
if (!principalCache.exists()) {
log.debug("No group cache at " + authorizableNode.getPath());
@@ -319,10 +318,10 @@ class UserPrincipalProvider implements P
String str = TreeUtil.getString(principalCache,
CacheConstants.REP_GROUP_PRINCIPAL_NAMES);
if (str == null || str.isEmpty()) {
- return new HashSet<Group>(1);
+ return Collections.emptySet();
}
- Set<Group> groups = new HashSet<Group>();
+ Set<Principal> groups = new HashSet<>();
for (String s : Text.explode(str, ',')) {
final String name = Text.unescape(s);
groups.add(new CachedGroupPrincipal(name));
@@ -441,11 +440,11 @@ class UserPrincipalProvider implements P
* Implementation of {@link AbstractGroupPrincipal} that reads the
underlying
* authorizable group lazily in case the group membership must be
retrieved.
*/
- private final class GroupPrincipal extends BaseGroupPrincipal {
+ private final class GroupPrincipalImpl extends BaseGroupPrincipal {
private org.apache.jackrabbit.api.security.user.Group group;
- GroupPrincipal(@Nonnull String principalName, @Nonnull Tree groupTree)
{
+ GroupPrincipalImpl(@Nonnull String principalName, @Nonnull Tree
groupTree) {
super(principalName, groupTree);
}
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/ACLTest.java
Mon Mar 19 20:08:56 2018
@@ -17,7 +17,6 @@
package org.apache.jackrabbit.oak.security.authorization.accesscontrol;
import java.security.Principal;
-import java.security.acl.Group;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
@@ -551,7 +550,7 @@ public class ACLTest extends AbstractAcc
@Test
public void testSetEntryForGroupPrincipal() throws Exception {
Privilege[] privs = privilegesFromNames(JCR_READ);
- Group grPrincipal = (Group) principalManager.getEveryone();
+ Principal grPrincipal = principalManager.getEveryone();
// adding allow-entry must succeed
assertTrue(acl.addAccessControlEntry(grPrincipal, privs));
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/AbstractPrincipalProviderTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/AbstractPrincipalProviderTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/AbstractPrincipalProviderTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/AbstractPrincipalProviderTest.java
Mon Mar 19 20:08:56 2018
@@ -26,6 +26,7 @@ import java.util.Map;
import java.util.Set;
import java.util.UUID;
+import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
@@ -170,7 +171,7 @@ public abstract class AbstractPrincipalP
Principal principal =
principalProvider.getPrincipal(testGroup.getPrincipal().getName());
assertNotNull(principal);
- assertTrue(principal instanceof java.security.acl.Group);
+ assertTrue(principal instanceof GroupPrincipal);
}
@Test
@@ -196,7 +197,7 @@ public abstract class AbstractPrincipalP
@Test
public void testGetGroupMembership() throws Exception {
- Set<java.security.acl.Group> grPrincipals =
principalProvider.getGroupMembership(userPrincipal);
+ Set<Principal> grPrincipals =
principalProvider.getMembershipPrincipals(userPrincipal);
assertEquals(2, grPrincipals.size());
assertTrue(grPrincipals.contains(EveryonePrincipal.getInstance()));
assertTrue(grPrincipals.contains(testGroup.getPrincipal()));
@@ -204,21 +205,21 @@ public abstract class AbstractPrincipalP
@Test
public void tstGetGroupMembershipNonExisting() {
- Set<java.security.acl.Group> grPrincipals =
principalProvider.getGroupMembership(nonExisting);
+ Set<Principal> grPrincipals =
principalProvider.getMembershipPrincipals(nonExisting);
assertNotNull(grPrincipals);
assertTrue(grPrincipals.isEmpty());
}
@Test
public void testGetGroupMembershipEveryonePrincipal() {
- Set<java.security.acl.Group> grPrincipals =
principalProvider.getGroupMembership(EveryonePrincipal.getInstance());
+ Set<Principal> grPrincipals =
principalProvider.getMembershipPrincipals(EveryonePrincipal.getInstance());
assertNotNull(grPrincipals);
assertTrue(grPrincipals.isEmpty());
}
@Test
public void testGetGroupMembershipGroupPrincipal() throws Exception {
- Set<java.security.acl.Group> grPrincipals =
principalProvider.getGroupMembership(testGroup.getPrincipal());
+ Set<Principal> grPrincipals =
principalProvider.getMembershipPrincipals(testGroup.getPrincipal());
assertNotNull(grPrincipals);
assertEquals(1, grPrincipals.size());
assertTrue(grPrincipals.contains(EveryonePrincipal.getInstance()));
@@ -226,7 +227,7 @@ public abstract class AbstractPrincipalP
@Test
public void testGetGroupMembershipGroupPrincipal2() throws Exception {
- Set<java.security.acl.Group> grPrincipals =
principalProvider.getGroupMembership(testGroup2.getPrincipal());
+ Set<Principal> grPrincipals =
principalProvider.getMembershipPrincipals(testGroup2.getPrincipal());
assertNotNull(grPrincipals);
assertEquals(2, grPrincipals.size());
assertTrue(grPrincipals.contains(testGroup.getPrincipal()));
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImplTest.java
Mon Mar 19 20:08:56 2018
@@ -22,6 +22,8 @@ import java.util.Iterator;
import java.util.Set;
import com.google.common.collect.ImmutableSet;
+
+import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.UserManager;
@@ -50,7 +52,7 @@ public class PrincipalProviderImplTest e
root.commit();
Principal ep =
principalProvider.getPrincipal(EveryonePrincipal.NAME);
- Set<? extends Principal> everyoneMembers =
ImmutableSet.copyOf(Collections.list(((java.security.acl.Group) ep).members()));
+ Set<? extends Principal> everyoneMembers =
ImmutableSet.copyOf(Collections.list(((GroupPrincipal) ep).members()));
Iterator<? extends Principal> all =
principalProvider.findPrincipals(PrincipalManager.SEARCH_TYPE_ALL);
while (all.hasNext()) {
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipalTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipalTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipalTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipalTest.java
Mon Mar 19 20:08:56 2018
@@ -152,16 +152,6 @@ public class AbstractGroupPrincipalTest
assertFalse(everyoneAgp.isMember(member));
}
- @Test(expected = UnsupportedOperationException.class)
- public void testAddMember() {
- agp.addMember(new PrincipalImpl("name"));
- }
-
- @Test(expected = UnsupportedOperationException.class)
- public void testRemoveMember() {
- agp.removeMember(new PrincipalImpl("name"));
- }
-
private class AGP extends AbstractGroupPrincipal {
private Authorizable member;
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ImpersonationImplEmptyTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ImpersonationImplEmptyTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ImpersonationImplEmptyTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ImpersonationImplEmptyTest.java
Mon Mar 19 20:08:56 2018
@@ -23,6 +23,8 @@ import java.util.UUID;
import javax.security.auth.Subject;
import com.google.common.collect.ImmutableSet;
+
+import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
@@ -39,17 +41,7 @@ import static org.junit.Assert.assertTru
public class ImpersonationImplEmptyTest extends AbstractSecurityTest {
- final java.security.acl.Group groupPrincipal = new
java.security.acl.Group() {
- @Override
- public boolean addMember(Principal user) {
- throw new UnsupportedOperationException();
- }
-
- @Override
- public boolean removeMember(Principal user) {
- throw new UnsupportedOperationException();
- }
-
+ final GroupPrincipal groupPrincipal = new GroupPrincipal() {
@Override
public boolean isMember(Principal member) {
throw new UnsupportedOperationException();
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderTest.java
Mon Mar 19 20:08:56 2018
@@ -21,6 +21,7 @@ import java.util.Enumeration;
import java.util.Set;
import java.util.UUID;
+import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
@@ -150,9 +151,9 @@ public class UserPrincipalProviderTest e
Principal ep =
principalProvider.getPrincipal(EveryonePrincipal.NAME);
- assertTrue(ep instanceof java.security.acl.Group);
- ((java.security.acl.Group) ep).members();
- ((java.security.acl.Group)
ep).isMember(getTestUser().getPrincipal());
+ assertTrue(ep instanceof GroupPrincipal);
+ //((GroupPrincipal) ep).members();
+ //assertTrue(((GroupPrincipal)
ep).isMember(getTestUser().getPrincipal()));
} finally {
if (everyoneGroup != null) {
@@ -171,10 +172,10 @@ public class UserPrincipalProviderTest e
try {
Principal principal =
principalProvider.getPrincipal(group.getPrincipal().getName());
- assertTrue(principal instanceof java.security.acl.Group);
+ assertTrue(principal instanceof GroupPrincipal);
boolean found = false;
- Enumeration<? extends Principal> members =
((java.security.acl.Group) principal).members();
+ Enumeration<? extends Principal> members = ((GroupPrincipal)
principal).members();
while (members.hasMoreElements() && !found) {
found =
members.nextElement().equals(getTestUser().getPrincipal());
}
@@ -194,8 +195,8 @@ public class UserPrincipalProviderTest e
try {
Principal principal =
principalProvider.getPrincipal(group.getPrincipal().getName());
- assertTrue(principal instanceof java.security.acl.Group);
- ((java.security.acl.Group)
principal).isMember(getTestUser().getPrincipal());
+ assertTrue(principal instanceof GroupPrincipal);
+ assertTrue(((GroupPrincipal)
principal).isMember(getTestUser().getPrincipal()));
} finally {
group.remove();
root.commit();
Modified:
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java
(original)
+++
jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java
Mon Mar 19 20:08:56 2018
@@ -32,6 +32,7 @@ import com.google.common.base.Predicate;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import org.apache.jackrabbit.JcrConstants;
+import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Group;
@@ -171,7 +172,7 @@ public class UserPrincipalProviderWithCa
public void testGetGroupMembershipPopulatesCache() throws Exception {
PrincipalProvider pp = createPrincipalProvider(systemRoot);
- Set<? extends Principal> principals =
pp.getGroupMembership(getTestUser().getPrincipal());
+ Set<? extends Principal> principals =
pp.getMembershipPrincipals(getTestUser().getPrincipal());
assertPrincipals(principals, EveryonePrincipal.getInstance(),
testGroup.getPrincipal());
root.refresh();
@@ -234,10 +235,10 @@ public class UserPrincipalProviderWithCa
public void testGetGroupMembershipForGroups() throws Exception {
PrincipalProvider pp = createPrincipalProvider(systemRoot);
- Set<? extends Principal> principals =
pp.getGroupMembership(testGroup.getPrincipal());
+ Set<? extends Principal> principals =
pp.getMembershipPrincipals(testGroup.getPrincipal());
assertPrincipals(principals, EveryonePrincipal.getInstance());
- principals = pp.getGroupMembership(testGroup2.getPrincipal());
+ principals = pp.getMembershipPrincipals(testGroup2.getPrincipal());
assertPrincipals(principals, EveryonePrincipal.getInstance(),
testGroup.getPrincipal());
root.refresh();
@@ -273,7 +274,7 @@ public class UserPrincipalProviderWithCa
for (Principal p : principals) {
String className = p.getClass().getName();
-
assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$GroupPrincipal",
className);
+
assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$GroupPrincipalImpl",
className);
}
Principal testPrincipal = getTestUser().getPrincipal();
@@ -288,7 +289,7 @@ public class UserPrincipalProviderWithCa
assertTrue(p instanceof TreeBasedPrincipal);
assertEquals(testGroup.getPath(), ((TreeBasedPrincipal)
p).getPath());
- java.security.acl.Group principalGroup = (java.security.acl.Group)
p;
+ GroupPrincipal principalGroup = (GroupPrincipal) p;
assertTrue(principalGroup.isMember(testPrincipal));
Enumeration<? extends Principal> members =
principalGroup.members();
@@ -307,7 +308,7 @@ public class UserPrincipalProviderWithCa
for (Principal p : principals) {
String className = p.getClass().getName();
-
assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$GroupPrincipal",
className);
+
assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$GroupPrincipalImpl",
className);
}
testGroup.remove();
@@ -326,7 +327,7 @@ public class UserPrincipalProviderWithCa
assertTrue(p instanceof TreeBasedPrincipal);
assertNull(((TreeBasedPrincipal) p).getPath());
- java.security.acl.Group principalGroup = (java.security.acl.Group)
p;
+ GroupPrincipal principalGroup = (GroupPrincipal) p;
assertFalse(principalGroup.isMember(getTestUser().getPrincipal()));
Enumeration<? extends Principal> members =
principalGroup.members();
@@ -520,7 +521,7 @@ public class UserPrincipalProviderWithCa
root.refresh();
- List<PropertyState> props = new ArrayList();
+ List<PropertyState> props = new ArrayList<>();
props.add(PropertyStates.createProperty(CacheConstants.REP_EXPIRATION,
25));
props.add(PropertyStates.createProperty(CacheConstants.REP_GROUP_PRINCIPAL_NAMES,
EveryonePrincipal.NAME));
props.add(PropertyStates.createProperty(JcrConstants.JCR_PRIMARYTYPE,
JcrConstants.NT_UNSTRUCTURED));
@@ -603,7 +604,7 @@ public class UserPrincipalProviderWithCa
private static final class GroupPredicate implements Predicate<Principal> {
@Override
public boolean apply(@Nullable Principal input) {
- return (input instanceof java.security.acl.Group) &&
!EveryonePrincipal.getInstance().equals(input);
+ return (input instanceof GroupPrincipal) &&
!EveryonePrincipal.getInstance().equals(input);
}
}
}
\ No newline at end of file
Modified:
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/principal/CustomPrincipalProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/principal/CustomPrincipalProvider.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/principal/CustomPrincipalProvider.java
(original)
+++
jackrabbit/oak/trunk/oak-exercise/src/main/java/org/apache/jackrabbit/oak/exercise/security/principal/CustomPrincipalProvider.java
Mon Mar 19 20:08:56 2018
@@ -17,7 +17,6 @@
package org.apache.jackrabbit.oak.exercise.security.principal;
import java.security.Principal;
-import java.security.acl.Group;
import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
@@ -50,7 +49,7 @@ class CustomPrincipalProvider implements
@Nonnull
@Override
- public Set<Group> getGroupMembership(@Nonnull Principal principal) {
+ public Set<Principal> getMembershipPrincipals(@Nonnull Principal
principal) {
// EXERCISE : expose the group membership of your known Principals
// EXERCISE : add every other principal into one of your
known-principal-groups to establish dynamic group membership
return Collections.EMPTY_SET;
Modified:
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L3_PrecedenceRulesTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L3_PrecedenceRulesTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L3_PrecedenceRulesTest.java
(original)
+++
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/permission/L3_PrecedenceRulesTest.java
Mon Mar 19 20:08:56 2018
@@ -25,6 +25,7 @@ import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
+import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
@@ -162,7 +163,7 @@ public class L3_PrecedenceRulesTest exte
public void testGroupMembership() throws RepositoryException {
assertFalse(testSession.nodeExists(testRoot));
- assertTrue(((java.security.acl.Group)
testGroupPrincipal).isMember(testPrincipal));
+ assertTrue(((GroupPrincipal)
testGroupPrincipal).isMember(testPrincipal));
AccessControlUtils.addAccessControlEntry(superuser, testRoot,
testGroupPrincipal, AccessControlUtils.privilegesFromNames(superuser,
Privilege.JCR_READ), true);
superuser.save();
Modified:
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/principal/L3_EveryoneTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/principal/L3_EveryoneTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/principal/L3_EveryoneTest.java
(original)
+++
jackrabbit/oak/trunk/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/principal/L3_EveryoneTest.java
Mon Mar 19 20:08:56 2018
@@ -20,6 +20,7 @@ import java.security.Principal;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
@@ -41,10 +42,10 @@ import org.apache.jackrabbit.test.Abstra
*
* - {@link #testEveryoneExists()}
* Test to illustrate the that everyone principal always exists and always is
- * an instanceof {@link java.security.acl.Group} even if there is no
corresponding
- * authorizable.
+ * an instanceof {@link
org.apache.jackrabbit.api.security.principal.GroupPrincipal} even if
+ * there is no corresponding authorizable.
* Discuss the meaning of the everyone principal and why having a
corresponding authorizable is optional.
- * Note the difference between java.security.acl.Group and
org.apache.jackrabbit.api.security.user.Group.
+ * Note the difference between GroupPrincipal and
org.apache.jackrabbit.api.security.user.Group.
*
* - {@link #testEveryoneName()}
* Test to illustrate that the name of the everyone principal is constant.
@@ -104,7 +105,7 @@ public class L3_EveryoneTest extends Abs
Principal everyone = principalManager.getEveryone();
assertNotNull(everyone);
- assertTrue(everyone instanceof java.security.acl.Group);
+ assertTrue(everyone instanceof GroupPrincipal);
Authorizable everyoneAuthorizable = ((JackrabbitSession)
superuser).getUserManager().getAuthorizable(everyone);
assertNull(everyoneAuthorizable);
@@ -127,7 +128,7 @@ public class L3_EveryoneTest extends Abs
}
public void testEveryoneIsMemberofEveryone() throws RepositoryException {
- java.security.acl.Group everyone = (java.security.acl.Group)
principalManager.getEveryone();
+ GroupPrincipal everyone = (GroupPrincipal)
principalManager.getEveryone();
PrincipalIterator it =
principalManager.getPrincipals(PrincipalManager.SEARCH_TYPE_ALL);
// EXERCISE: discuss the dynamic nature of the everyone group principal
@@ -147,7 +148,7 @@ public class L3_EveryoneTest extends Abs
superuser.save();
try {
- java.security.acl.Group everyone = (java.security.acl.Group)
principalManager.getEveryone();
+ GroupPrincipal everyone = (GroupPrincipal)
principalManager.getEveryone();
assertEquals(everyone, everyoneAuthorizable.getPrincipal());
Modified:
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerTest.java
(original)
+++
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/principal/PrincipalManagerTest.java
Mon Mar 19 20:08:56 2018
@@ -17,7 +17,6 @@
package org.apache.jackrabbit.oak.jcr.security.principal;
import java.security.Principal;
-import java.security.acl.Group;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
@@ -26,6 +25,7 @@ import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import org.apache.jackrabbit.api.JackrabbitSession;
+import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
@@ -42,7 +42,7 @@ import org.junit.Test;
public class PrincipalManagerTest extends AbstractJCRTest {
private PrincipalManager principalMgr;
- private Group everyone;
+ private GroupPrincipal everyone;
private Principal[] adminPrincipals;
@@ -55,7 +55,7 @@ public class PrincipalManagerTest extend
throw new NotExecutableException();
}
principalMgr = ((JackrabbitSession) superuser).getPrincipalManager();
- everyone = (Group) principalMgr.getEveryone();
+ everyone = (GroupPrincipal) principalMgr.getEveryone();
adminPrincipals = getPrincipals(getHelper().getSuperuserCredentials());
}
@@ -76,7 +76,7 @@ public class PrincipalManagerTest extend
}
private static boolean isGroup(Principal p) {
- return p instanceof java.security.acl.Group;
+ return p instanceof GroupPrincipal;
}
@Test
@@ -187,7 +187,7 @@ public class PrincipalManagerTest extend
continue;
}
if (isGroup(p)) {
- Enumeration<? extends Principal> en =
((java.security.acl.Group) p).members();
+ Enumeration<? extends Principal> en = ((GroupPrincipal)
p).members();
while (en.hasMoreElements()) {
Principal memb = en.nextElement();
assertTrue(principalMgr.hasPrincipal(memb.getName()));
@@ -209,7 +209,7 @@ public class PrincipalManagerTest extend
continue;
}
if (isGroup(p)) {
- Enumeration<? extends Principal> en =
((java.security.acl.Group) p).members();
+ Enumeration<? extends Principal> en = ((GroupPrincipal)
p).members();
while (en.hasMoreElements()) {
Principal memb = en.nextElement();
assertTrue(principalMgr.hasPrincipal(memb.getName()));
@@ -274,7 +274,7 @@ public class PrincipalManagerTest extend
assertTrue(isGroup(p));
- Enumeration<? extends Principal> members =
((java.security.acl.Group) p).members();
+ Enumeration<? extends Principal> members = ((GroupPrincipal)
p).members();
while (members.hasMoreElements()) {
Principal memb = members.nextElement();
Modified:
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java
(original)
+++
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/EveryoneGroupTest.java
Mon Mar 19 20:08:56 2018
@@ -22,6 +22,7 @@ import java.util.Iterator;
import java.util.Set;
import javax.jcr.RepositoryException;
+import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
@@ -68,11 +69,11 @@ public class EveryoneGroupTest extends A
@Test
public void testGroupPrincipal() throws Exception {
Principal everyonePrincipal = everyone.getPrincipal();
- assertTrue(everyonePrincipal instanceof java.security.acl.Group);
+ assertTrue(everyonePrincipal instanceof GroupPrincipal);
assertTrue(everyonePrincipal.equals(EveryonePrincipal.getInstance()));
assertTrue(EveryonePrincipal.getInstance().equals(everyonePrincipal));
- java.security.acl.Group gr = (java.security.acl.Group)
everyonePrincipal;
+ GroupPrincipal gr = (GroupPrincipal) everyonePrincipal;
assertFalse(gr.isMember(everyonePrincipal));
assertTrue(gr.isMember(getTestUser(superuser).getPrincipal()));
assertTrue(gr.isMember(new PrincipalImpl("test")));
Modified:
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java
(original)
+++
jackrabbit/oak/trunk/oak-jcr/src/test/java/org/apache/jackrabbit/oak/jcr/security/user/GroupTest.java
Mon Mar 19 20:08:56 2018
@@ -27,6 +27,7 @@ import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.UnsupportedRepositoryOperationException;
+import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
import org.apache.jackrabbit.api.security.user.Group;
@@ -491,8 +492,8 @@ public class GroupTest extends AbstractU
newGroup2.addMember(auth);
superuser.save();
- java.security.acl.Group ngPrincipal = (java.security.acl.Group)
newGroup.getPrincipal();
- java.security.acl.Group ng2Principal = (java.security.acl.Group)
newGroup2.getPrincipal();
+ GroupPrincipal ngPrincipal = (GroupPrincipal)
newGroup.getPrincipal();
+ GroupPrincipal ng2Principal = (GroupPrincipal)
newGroup2.getPrincipal();
assertFalse(ng2Principal.isMember(ngPrincipal));
Modified: jackrabbit/oak/trunk/oak-security-spi/pom.xml
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/pom.xml?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
--- jackrabbit/oak/trunk/oak-security-spi/pom.xml (original)
+++ jackrabbit/oak/trunk/oak-security-spi/pom.xml Mon Mar 19 20:08:56 2018
@@ -34,7 +34,7 @@
<properties>
<!-- enable execution of jacoco and set minimal line coverage -->
<skip.coverage>false</skip.coverage>
- <minimum.coverage>0.90</minimum.coverage>
+ <minimum.coverage>0.89</minimum.coverage>
</properties>
<build>
Modified:
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
(original)
+++
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java
Mon Mar 19 20:08:56 2018
@@ -492,9 +492,9 @@ public abstract class AbstractLoginModul
log.debug("Cannot retrieve principals. No principal provider
configured.");
return Collections.emptySet();
} else {
- Set<Principal> principals = new HashSet();
+ Set<Principal> principals = new HashSet<>();
principals.add(userPrincipal);
-
principals.addAll(principalProvider.getGroupMembership(userPrincipal));
+
principals.addAll(principalProvider.getMembershipPrincipals(userPrincipal));
return principals;
}
}
Modified:
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java
(original)
+++
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java
Mon Mar 19 20:08:56 2018
@@ -18,6 +18,7 @@ package org.apache.jackrabbit.oak.spi.se
import java.security.Principal;
import java.security.acl.Group;
+import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
@@ -70,9 +71,15 @@ public class CompositePrincipalProvider
@Nonnull
@Override
public Set<Group> getGroupMembership(@Nonnull Principal principal) {
- Set<Group> groups = new HashSet<Group>();
+ return Collections.emptySet();
+ }
+
+ @Nonnull
+ @Override
+ public Set<Principal> getMembershipPrincipals(@Nonnull Principal
principal) {
+ Set<Principal> groups = new HashSet<>();
for (PrincipalProvider provider : providers) {
- groups.addAll(provider.getGroupMembership(principal));
+ groups.addAll(provider.getMembershipPrincipals(principal));
}
return groups;
}
Modified:
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EmptyPrincipalProvider.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EmptyPrincipalProvider.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EmptyPrincipalProvider.java
(original)
+++
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EmptyPrincipalProvider.java
Mon Mar 19 20:08:56 2018
@@ -24,8 +24,6 @@ import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
-import com.google.common.collect.ImmutableSet;
-
/**
* Implementation of the {@code PrincipalProvider} interface that never
* returns any principals.
@@ -44,13 +42,19 @@ public final class EmptyPrincipalProvide
@Nonnull
@Override
public Set<Group> getGroupMembership(@Nonnull Principal principal) {
- return ImmutableSet.of();
+ return Collections.emptySet();
+ }
+
+ @Nonnull
+ @Override
+ public Set<Principal> getMembershipPrincipals(@Nonnull Principal
principal) {
+ return Collections.emptySet();
}
@Nonnull
@Override
public Set<? extends Principal> getPrincipals(@Nonnull String userID) {
- return ImmutableSet.of();
+ return Collections.emptySet();
}
@Nonnull
Modified:
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java?rev=1827239&r1=1827238&r2=1827239&view=diff
==============================================================================
---
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java
(original)
+++
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java
Mon Mar 19 20:08:56 2018
@@ -20,12 +20,13 @@ import java.security.Principal;
import java.security.acl.Group;
import java.util.Enumeration;
+import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.principal.JackrabbitPrincipal;
/**
* Built-in principal group that has every other principal as member.
*/
-public final class EveryonePrincipal implements JackrabbitPrincipal,
java.security.acl.Group {
+public final class EveryonePrincipal implements JackrabbitPrincipal, Group,
GroupPrincipal {
public static final String NAME = "everyone";
@@ -54,6 +55,7 @@ public final class EveryonePrincipal imp
throw new UnsupportedOperationException("Cannot remove a member from
the everyone group.");
}
+ //------------------------------------------------------< GroupPrincipal
>---
@Override
public boolean isMember(Principal member) {
return !member.equals(this);
@@ -75,7 +77,7 @@ public final class EveryonePrincipal imp
public boolean equals(Object obj) {
if (obj == this) {
return true;
- } else if (obj instanceof JackrabbitPrincipal && obj instanceof Group)
{
+ } else if (obj instanceof JackrabbitPrincipal &&
GroupPrincipals.isGroup((Principal) obj)) {
JackrabbitPrincipal other = (JackrabbitPrincipal) obj;
return NAME.equals(other.getName());
}
Added:
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/GroupPrincipalWrapper.java
URL:
http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/GroupPrincipalWrapper.java?rev=1827239&view=auto
==============================================================================
---
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/GroupPrincipalWrapper.java
(added)
+++
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/GroupPrincipalWrapper.java
Mon Mar 19 20:08:56 2018
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.oak.spi.security.principal;
+
+import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Enumeration;
+
+import javax.annotation.Nonnull;
+
+import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
+
+@Deprecated
+class GroupPrincipalWrapper extends PrincipalImpl implements GroupPrincipal {
+
+ private final Group group;
+
+ GroupPrincipalWrapper(@Nonnull Group group) {
+ super(group.getName());
+ this.group = group;
+ }
+
+ @Override
+ public String getName() {
+ return group.getName();
+ }
+
+ @Override
+ public boolean isMember(Principal member) {
+ return group.isMember(member);
+ }
+
+ @Override
+ public Enumeration<? extends Principal> members() {
+ return GroupPrincipals.transform(group.members());
+ }
+}
Propchange:
jackrabbit/oak/trunk/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/GroupPrincipalWrapper.java
------------------------------------------------------------------------------
svn:eol-style = native
