Skip to content

Commit

Permalink
OAK-2008 : authorization setup for closed user groups (wip)
Browse files Browse the repository at this point in the history 
git-svn-id: https://svn.apache.org/repos/asf/jackrabbit/oak/trunk@1637174 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
@anchela
anchela committed Nov 6, 2014
1 parent be49be7 commit dd825fd
Show file tree
Hide file tree
Showing 3 changed files with 62 additions and 57 deletions.
16 changes: 0 additions & 16 deletions .../java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,11 +61,8 @@
import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.ControlFlag;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.OpenPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
import org.apache.jackrabbit.oak.spi.state.ApplyDiff;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.oak.spi.state.NodeState;
Expand Down Expand Up @@ -130,10 +127,6 @@ public RestrictionProvider getRestrictionProvider() {

@Override
public PermissionProvider getPermissionProvider(Root root, String workspaceName, Set<Principal> principals) {
if (principals.contains(SystemPrincipal.INSTANCE) || isAdmin(principals)) {
return OpenPermissionProvider.getInstance();
}

ConfigurationParameters params = getParameters();
boolean enabled = params.getConfigValue(CugConstants.PARAM_CUG_ENABLED, false);

Expand Down Expand Up @@ -209,13 +202,4 @@ public ContentSession run() throws LoginException, RepositoryException {
private CugExclude getExclude() {
return (exclude == null) ? new CugExclude.Default() : exclude;
}

private static boolean isAdmin(@Nonnull Set<Principal> principals) {
for (Principal p : principals) {
if (p instanceof AdminPrincipal) {
return true;
}
}
return false;
}
}
43 changes: 32 additions & 11 deletions ...t/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,14 @@
import java.util.Iterator;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;

import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.CompositeAuthorizationConfiguration;

/**
* Base class for CUG related test that setup the authorization configuration
Expand All @@ -37,42 +38,62 @@ public class AbstractCugTest extends AbstractSecurityTest {
@Override
protected SecurityProvider getSecurityProvider() {
if (securityProvider == null) {
securityProvider = new CugSecurityProvider(getSecurityConfigParameters());
securityProvider = new CugSecurityProvider(getSecurityConfigParameters(), super.getSecurityProvider());
}
return securityProvider;
}

private final class CugSecurityProvider extends SecurityProviderImpl {
final class CugSecurityProvider implements SecurityProvider {

private AuthorizationConfiguration cugConfiguration;
private final ConfigurationParameters configuration;
private final SecurityProvider base;

private final CugConfiguration cugConfiguration;

private CugSecurityProvider(@Nonnull ConfigurationParameters configuration, @Nonnull SecurityProvider base) {
this.configuration = configuration;
this.base = base;

private CugSecurityProvider(@Nonnull ConfigurationParameters configuration) {
super(configuration);
cugConfiguration = new CugConfiguration(this);
}

@Nonnull
@Override
public ConfigurationParameters getParameters(@Nullable String name) {
return base.getParameters(name);
}

@Nonnull
@Override
public Iterable<? extends SecurityConfiguration> getConfigurations() {
Set<SecurityConfiguration> configs = (Set<SecurityConfiguration>) super.getConfigurations();
Set<SecurityConfiguration> configs = (Set<SecurityConfiguration>) base.getConfigurations();

CompositeAuthorizationConfiguration composite = new CompositeAuthorizationConfiguration(this);
Iterator<SecurityConfiguration> it = configs.iterator();
while (it.hasNext()) {
if (it.next() instanceof AuthorizationConfiguration) {
SecurityConfiguration sc = it.next();
if (sc instanceof AuthorizationConfiguration) {
composite.addConfiguration((AuthorizationConfiguration) sc);
it.remove();
}
}
configs.add(cugConfiguration);
composite.addConfiguration(new CugConfiguration(this));
configs.add(composite);

return configs;
}

@Nonnull
@Override
public <T> T getConfiguration(@Nonnull Class<T> configClass) {
T c = base.getConfiguration(configClass);
if (AuthorizationConfiguration.class == configClass) {
return (T) cugConfiguration;
CompositeAuthorizationConfiguration composite = new CompositeAuthorizationConfiguration(this);
composite.addConfiguration((AuthorizationConfiguration) c);
composite.addConfiguration(new CugConfiguration(this));
return (T) composite;
} else {
return super.getConfiguration(configClass);
return c;
}
}
}
Expand Down
60 changes: 30 additions & 30 deletions ...a/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,35 +123,35 @@ public void testGetAccessControlManagerSupportedPaths() {
assertTrue(acMgr instanceof CugAccessControlManager);
}

// @Test
// public void testExcludedPrincipals() {
// Map<String, Object> params = ImmutableMap.<String, Object>of(
// CugConstants.PARAM_CUG_ENABLED, true,
// CugConstants.PARAM_CUG_SUPPORTED_PATHS, "/content");
//
// CugConfiguration cc = createConfiguration(ConfigurationParameters.of(params));
//
// List<Principal> excluded = ImmutableList.of(
// SystemPrincipal.INSTANCE,
// new AdminPrincipal() {
// @Override
// public String getName() {
// return "admin";
// }
// },
// new SystemUserPrincipal() {
// @Override
// public String getName() {
// return "systemUser";
// }
// });
//
// for (Principal p : excluded) {
// Set<Principal> principals = ImmutableSet.of(p, EveryonePrincipal.getInstance());
// PermissionProvider pp = cc.getPermissionProvider(root, "default", principals);
//
// assertSame(EmptyPermissionProvider.getInstance(), pp);
// }
// }
@Test
public void testExcludedPrincipals() {
Map<String, Object> params = ImmutableMap.<String, Object>of(
CugConstants.PARAM_CUG_ENABLED, true,
CugConstants.PARAM_CUG_SUPPORTED_PATHS, "/content");

CugConfiguration cc = createConfiguration(ConfigurationParameters.of(params));

List<Principal> excluded = ImmutableList.of(
SystemPrincipal.INSTANCE,
new AdminPrincipal() {
@Override
public String getName() {
return "admin";
}
},
new SystemUserPrincipal() {
@Override
public String getName() {
return "systemUser";
}
});

for (Principal p : excluded) {
Set<Principal> principals = ImmutableSet.of(p, EveryonePrincipal.getInstance());
PermissionProvider pp = cc.getPermissionProvider(root, "default", principals);

assertSame(EmptyPermissionProvider.getInstance(), pp);
}
}

}

0 comments on commit dd825fd

Please sign in to comment.