JCR-2887 : Split PrivilegeRegistry in a per-session manager instance …

…and a repository level registry [work in progress] git-svn-id: https://svn.apache.org/repos/asf/jackrabbit/trunk@1081433 13f79535-47bb-0310-9956-ffa450edef68
uwej711 · Mar 14, 2011 · d24bec2 · d24bec2
1 parent 3ad6d67
commit d24bec2
Show file tree

Hide file tree

Showing 9 changed files with 617 additions and 112 deletions.
diff --git a/...src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImpl.java b/...src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeManagerImpl.java
@@ -84,10 +84,10 @@ public PrivilegeManagerImpl(PrivilegeRegistry registry, NameResolver nameResolve
      * @return all registered privileges.
      */
     public Privilege[] getRegisteredPrivileges() throws RepositoryException {
-        PrivilegeRegistry.PrivilegeDefinition[] allDefs = registry.getAll();
+        PrivilegeRegistry.Definition[] allDefs = registry.getAll();
         if (allDefs.length != cache.size()) {
             synchronized (cache) {
-                for (PrivilegeRegistry.PrivilegeDefinition def : allDefs) {
+                for (PrivilegeRegistry.Definition def : allDefs) {
                     if (!cache.containsKey(def.getName())) {
                         cache.put(def.getName(), new PrivilegeImpl(def));
                     }
@@ -204,7 +204,7 @@ public int getBits(String[] privilegeNames) throws AccessControlException {
         int bits = PrivilegeRegistry.NO_PRIVILEGE;
         for (String privName : privilegeNames) {
             try {
-                PrivilegeRegistry.PrivilegeDefinition def = registry.get(resolver.getQName(privName));
+                PrivilegeRegistry.Definition def = registry.get(resolver.getQName(privName));
                 if (def == null) {
                     throw new AccessControlException("Unknown privilege name '" + privName + "'.");
                 } else {
@@ -257,7 +257,7 @@ private Privilege getPrivilege(Name name) throws AccessControlException, Reposit
             if (cache.containsKey(name)) {
                 privilege = cache.get(name);
             } else {
-                PrivilegeRegistry.PrivilegeDefinition def = registry.get(name);
+                PrivilegeRegistry.Definition def = registry.get(name);
                 if (def != null) {
                     privilege = new PrivilegeImpl(def);
                     cache.put(name, privilege);
@@ -288,12 +288,12 @@ public void privilegeRegistered(Name privilegeName) {
      */
     private class PrivilegeImpl implements Privilege {
 
-        private final PrivilegeRegistry.PrivilegeDefinition definition;
+        private final PrivilegeRegistry.Definition definition;
 
         private final Privilege[] declaredAggregates;
         private final Privilege[] aggregates;
 
-        private PrivilegeImpl(PrivilegeRegistry.PrivilegeDefinition definition) throws RepositoryException {
+        private PrivilegeImpl(PrivilegeRegistry.Definition definition) throws RepositoryException {
             this.definition = definition;
 
             Name[] aggrNames = definition.getDeclaredAggregateNames();

diff --git a/...re/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java b/...re/src/main/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistry.java
diff --git a/...rc/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java b/...rc/test/java/org/apache/jackrabbit/core/security/authorization/PrivilegeRegistryTest.java
@@ -27,7 +27,6 @@
 import org.apache.jackrabbit.spi.commons.name.NameConstants;
 import org.apache.jackrabbit.test.AbstractJCRTest;
 
-import javax.jcr.NamespaceException;
 import javax.jcr.RepositoryException;
 import javax.jcr.security.AccessControlException;
 import javax.jcr.security.Privilege;
@@ -60,9 +59,9 @@ protected void setUp() throws Exception {
 
     public void testGetAll() throws RepositoryException {
 
-        PrivilegeRegistry.PrivilegeDefinition[] defs = privilegeRegistry.getAll();
+        PrivilegeRegistry.Definition[] defs = privilegeRegistry.getAll();
 
-        List<PrivilegeRegistry.PrivilegeDefinition> l = new ArrayList<PrivilegeRegistry.PrivilegeDefinition>(Arrays.asList(defs));
+        List<PrivilegeRegistry.Definition> l = new ArrayList<PrivilegeRegistry.Definition>(Arrays.asList(defs));
         assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_READ)));
         assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_ADD_CHILD_NODES)));
         assertTrue(l.remove(privilegeRegistry.get(NameConstants.JCR_REMOVE_CHILD_NODES)));
@@ -85,9 +84,9 @@ public void testGetAll() throws RepositoryException {
 
     public void testGet() throws RepositoryException {
 
-        for (PrivilegeRegistry.PrivilegeDefinition def : privilegeRegistry.getAll()) {
+        for (PrivilegeRegistry.Definition def : privilegeRegistry.getAll()) {
 
-            PrivilegeRegistry.PrivilegeDefinition d = privilegeRegistry.get(def.name);
+            PrivilegeRegistry.Definition d = privilegeRegistry.get(def.name);
             assertEquals(def, d);
 
             assertNotNull(d.name);
@@ -107,14 +106,14 @@ public void testGet() throws RepositoryException {
 
     public void testAggregates() throws RepositoryException {
 
-        for (PrivilegeRegistry.PrivilegeDefinition def : privilegeRegistry.getAll()) {
+        for (PrivilegeRegistry.Definition def : privilegeRegistry.getAll()) {
             if (def.declaredAggregateNames.isEmpty()) {
                 continue; // ignore non aggregate
             }
 
             List<Name> l = Arrays.asList(def.getDeclaredAggregateNames());
             for (Name n : l) {
-                PrivilegeRegistry.PrivilegeDefinition d = privilegeRegistry.get(n);
+                PrivilegeRegistry.Definition d = privilegeRegistry.get(n);
                 assertNotNull(d);
                 Name[] names = privilegeRegistry.getNames(d.getBits());
                 assertNotNull(names);
@@ -126,7 +125,7 @@ public void testAggregates() throws RepositoryException {
 
     public void testPrivilegeDefinition() throws RepositoryException {
 
-        for (PrivilegeRegistry.PrivilegeDefinition def : privilegeRegistry.getAll()) {
+        for (PrivilegeRegistry.Definition def : privilegeRegistry.getAll()) {
 
             assertNotNull(def.name);
             assertEquals(def.name, def.getName());
@@ -144,7 +143,7 @@ public void testPrivilegeDefinition() throws RepositoryException {
     }
 
     public void testJcrAll() throws RepositoryException {
-        PrivilegeRegistry.PrivilegeDefinition p = privilegeRegistry.get(NameConstants.JCR_ALL);
+        PrivilegeRegistry.Definition p = privilegeRegistry.get(NameConstants.JCR_ALL);
         assertEquals(p.getName(), NameConstants.JCR_ALL);
         assertFalse(p.declaredAggregateNames.isEmpty());
         assertFalse(p.isAbstract());
@@ -165,7 +164,7 @@ public void testJcrAll() throws RepositoryException {
 
     public void testJcrWrite() throws RepositoryException {
         Name rw = resolver.getQName(PrivilegeRegistry.REP_WRITE);
-        PrivilegeRegistry.PrivilegeDefinition p = privilegeRegistry.get(rw);
+        PrivilegeRegistry.Definition p = privilegeRegistry.get(rw);
 
         assertEquals(p.getName(), rw);
         assertFalse(p.declaredAggregateNames.isEmpty());
@@ -178,7 +177,7 @@ public void testJcrWrite() throws RepositoryException {
     }
 
     public void testRepWrite() throws RepositoryException {
-        PrivilegeRegistry.PrivilegeDefinition p = privilegeRegistry.get(NameConstants.JCR_WRITE);
+        PrivilegeRegistry.Definition p = privilegeRegistry.get(NameConstants.JCR_WRITE);
         assertEquals(p.getName(), NameConstants.JCR_WRITE);
         assertFalse(p.declaredAggregateNames.isEmpty());
         assertFalse(p.isAbstract());
@@ -436,7 +435,7 @@ public void testInvalidCustomDefinitions() throws RepositoryException, FileSyste
             resource.makeParentDirs();
         }
         StringBuilder sb = new StringBuilder();
-        sb.append("test;;test2\n");
+        sb.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?><privileges><privilege isAbstract=\"false\" name=\"test\"><contains name=\"test2\"/></privilege></privileges>");
 
         Writer writer = new OutputStreamWriter(resource.getOutputStream(), "utf-8");
         writer.write(sb.toString());
@@ -446,7 +445,7 @@ public void testInvalidCustomDefinitions() throws RepositoryException, FileSyste
         try {
             new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
             fail("Invalid names must be detected upon registry startup.");
-        } catch (IllegalArgumentException e) {
+        } catch (RepositoryException e) {
             // success
         } finally {
             fs.deleteFolder("/privileges");
@@ -537,12 +536,13 @@ public void testRegisterCustomPrivileges() throws RepositoryException, FileSyste
 
             Map<Name, Set<Name>> newCustomPrivs = new HashMap<Name, Set<Name>>();
             newCustomPrivs.put(resolver.getQName("new"), Collections.<Name>emptySet());
+            newCustomPrivs.put(resolver.getQName("test:new"), Collections.<Name>emptySet());
 
             for (Name name : newCustomPrivs.keySet()) {
                 boolean isAbstract = true;
                 Set<Name> aggrNames = newCustomPrivs.get(name);
                 pr.registerDefinition(name, isAbstract, aggrNames);
-                PrivilegeRegistry.PrivilegeDefinition definition = pr.get(name);
+                PrivilegeRegistry.Definition definition = pr.get(name);
 
                 assertNotNull(definition);
                 assertEquals(name, definition.getName());
@@ -558,7 +558,7 @@ public void testRegisterCustomPrivileges() throws RepositoryException, FileSyste
 
                 // re-read the filesystem resource and check if definition is correct
                 PrivilegeRegistry registry = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
-                PrivilegeRegistry.PrivilegeDefinition def = registry.get(name);
+                PrivilegeRegistry.Definition def = registry.get(name);
                 assertEquals(isAbstract, def.isAbstract);
                 assertEquals(aggrNames.size(), def.declaredAggregateNames.size());
                 for (Name n : aggrNames) {
@@ -571,12 +571,13 @@ public void testRegisterCustomPrivileges() throws RepositoryException, FileSyste
             newAggregates.put(resolver.getQName("newA1"), createNameSet(NameConstants.JCR_READ, NameConstants.JCR_RETENTION_MANAGEMENT));
             // a new aggregate of custom and built-in privilege
             newAggregates.put(resolver.getQName("newA2"), createNameSet(resolver.getQName("new"), NameConstants.JCR_READ));
+            newAggregates.put(resolver.getQName("newA3"), createNameSet(resolver.getQName("test:new"), resolver.getQName("new")));
 
             for (Name name : newAggregates.keySet()) {
                 boolean isAbstract = false;
                 Set<Name> aggrNames = newAggregates.get(name);
                 pr.registerDefinition(name, isAbstract, aggrNames);
-                PrivilegeRegistry.PrivilegeDefinition definition = pr.get(name);
+                PrivilegeRegistry.Definition definition = pr.get(name);
 
                 assertNotNull(definition);
                 assertEquals(name, definition.getName());
@@ -592,7 +593,7 @@ public void testRegisterCustomPrivileges() throws RepositoryException, FileSyste
 
                 // re-read the filesystem resource and check if definition is correct
                 PrivilegeRegistry registry = new PrivilegeRegistry(superuser.getWorkspace().getNamespaceRegistry(), fs);
-                PrivilegeRegistry.PrivilegeDefinition def = registry.get(name);
+                PrivilegeRegistry.Definition def = registry.get(name);
                 assertEquals(isAbstract, def.isAbstract);
                 assertEquals(isAbstract, def.isAbstract);
                 assertEquals(aggrNames.size(), def.declaredAggregateNames.size());

diff --git a/...bit-jcr-commons/src/main/java/org/apache/jackrabbit/commons/privilege/ParseException.java b/...bit-jcr-commons/src/main/java/org/apache/jackrabbit/commons/privilege/ParseException.java
@@ -0,0 +1,31 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.commons.privilege;
+
+/**
+ * <code>ParseException</code>...
+ */
+public class ParseException extends Exception {
+
+    public ParseException(Throwable throwable) {
+        super(throwable);
+    }
+
+    public ParseException(String s, Throwable throwable) {
+        super(s, throwable);
+    }
+}
diff --git a/...cr-commons/src/main/java/org/apache/jackrabbit/commons/privilege/PrivilegeDefinition.java b/...cr-commons/src/main/java/org/apache/jackrabbit/commons/privilege/PrivilegeDefinition.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.commons.privilege;
+
+/**
+ * <code>PrivilegeDefinition</code>
+ */
+public class PrivilegeDefinition {
+    private final String name;
+    private final boolean isAbstract;
+    private final String[] declaredAggregateNames;
+
+    public PrivilegeDefinition(String name, boolean isAbstract, String[] declaredAggregateNames) {
+        this.name = name;
+        this.isAbstract = isAbstract;
+        this.declaredAggregateNames = declaredAggregateNames;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public boolean isAbstract() {
+        return isAbstract;
+    }
+
+    public String[] getDeclaredAggregateNames() {
+        return declaredAggregateNames;
+    }
+}
diff --git a/...mons/src/main/java/org/apache/jackrabbit/commons/privilege/PrivilegeDefinitionReader.java b/...mons/src/main/java/org/apache/jackrabbit/commons/privilege/PrivilegeDefinitionReader.java
@@ -0,0 +1,72 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.commons.privilege;
+
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Reads privilege definitions for the specified <code>InputStream</code>. Note,
+ * that this reader will not apply any validation.
+ */
+public class PrivilegeDefinitionReader {
+
+    private final PrivilegeDefinition[] privilegeDefinitions;
+    private final Map<String, String> namespaces = new HashMap<String, String>();
+
+    /**
+     * Creates a new <code>PrivilegeDefinitionReader</code> for the given
+     * input stream. The specified content type is used in order to determine
+     * the type of privilege serialization.
+     *
+     * @param in The input stream to read the privilege definitions from.
+     * @param contentType Currently only types supported by
+     * {@link PrivilegeXmlHandler#isSupportedContentType(String)PrivilegeXmlHandler}
+     * are allowed.
+     * @throws ParseException If an error occurs.
+     * @throws IllegalArgumentException if the specified content type is not supported.
+     */
+    public PrivilegeDefinitionReader(InputStream in, String contentType) throws ParseException {
+        if (PrivilegeXmlHandler.isSupportedContentType(contentType)) {
+            PrivilegeHandler pxh = new PrivilegeXmlHandler();
+            privilegeDefinitions = pxh.readDefinitions(in, namespaces);
+        } else {
+            // not yet supported
+            throw new IllegalArgumentException("Unsupported content type " + contentType);
+        }
+    }
+
+    /**
+     * Returns the privilege definitions retrieved from the input stream.
+     *
+     * @return an array of <code>PrivilegeDefinition</code>
+     */
+    public PrivilegeDefinition[] getPrivilegeDefinitions() {
+        return privilegeDefinitions;
+    }
+
+    /**
+     * Returns the namespace mappings such as retrieved during parsing.
+     *
+     * @return a mapping of namespace prefix to uri used by the privilege
+     * definitions.
+     */
+    public Map<String,String> getNamespaces() {
+        return namespaces;
+    }
+}