Examples with SecurityConfiguration org.apache.jackrabbit.oak.spi.security.SecurityConfiguration used on opensource projects

Example 11 with SecurityConfiguration

use of org.apache.jackrabbit.oak.spi.security.SecurityConfiguration in project jackrabbit-oak by apache.

the class InternalSecurityProviderTest method testSetPrincipalConfiguration.

@Test
public void testSetPrincipalConfiguration() {
    PrincipalConfiguration pc = Mockito.mock(PrincipalConfiguration.class);
    when(pc.getParameters()).thenReturn(PARAMS);
    securityProvider.setPrincipalConfiguration(pc);
    assertSame(pc, securityProvider.getConfiguration(PrincipalConfiguration.class));
    for (SecurityConfiguration sc : securityProvider.getConfigurations()) {
        if (sc instanceof PrincipalConfiguration) {
            assertSame(pc, sc);
        }
    }
    assertTrue(Iterables.contains(securityProvider.getConfigurations(), pc));
    assertEquals(PARAMS, securityProvider.getParameters(PrincipalConfiguration.NAME));
}

Example 12 with SecurityConfiguration

use of org.apache.jackrabbit.oak.spi.security.SecurityConfiguration in project jackrabbit-oak by apache.

the class MutableRoot method getCommitHook.

/**
     * Combine the globally defined commit hook(s) and the hooks and validators defined by the
     * various security related configurations.
     *
     * @return A commit hook combining repository global commit hook(s) with the pluggable hooks
     *         defined with the security modules and the padded {@code hooks}.
     */
private CommitHook getCommitHook() {
    List<CommitHook> hooks = newArrayList();
    hooks.add(ResetCommitAttributeHook.INSTANCE);
    hooks.add(hook);
    List<CommitHook> postValidationHooks = new ArrayList<CommitHook>();
    for (SecurityConfiguration sc : securityProvider.getConfigurations()) {
        for (CommitHook ch : sc.getCommitHooks(workspaceName)) {
            if (ch instanceof PostValidationHook) {
                postValidationHooks.add(ch);
            } else if (ch != EmptyHook.INSTANCE) {
                hooks.add(ch);
            }
        }
        List<? extends ValidatorProvider> validators = sc.getValidators(workspaceName, subject.getPrincipals(), moveTracker);
        if (!validators.isEmpty()) {
            hooks.add(new EditorHook(CompositeEditorProvider.compose(validators)));
        }
    }
    hooks.addAll(postValidationHooks);
    return CompositeHook.compose(hooks);
}

Example 13 with SecurityConfiguration

use of org.apache.jackrabbit.oak.spi.security.SecurityConfiguration in project jackrabbit-oak by apache.

the class SecurityProviderImplTest method testBindPrincipalConfiguration.

@Test
public void testBindPrincipalConfiguration() {
    PrincipalConfiguration defaultConfig = securityProvider.getConfiguration(PrincipalConfiguration.class);
    assertTrue(defaultConfig instanceof CompositePrincipalConfiguration);
    CompositePrincipalConfiguration cpc = (CompositePrincipalConfiguration) defaultConfig;
    PrincipalConfiguration pc = Mockito.mock(PrincipalConfiguration.class);
    when(pc.getParameters()).thenReturn(ConfigurationParameters.EMPTY);
    securityProvider.bindPrincipalConfiguration(pc);
    assertNotSame(pc, securityProvider.getConfiguration(PrincipalConfiguration.class));
    assertSame(defaultConfig, securityProvider.getConfiguration(PrincipalConfiguration.class));
    for (SecurityConfiguration sc : securityProvider.getConfigurations()) {
        if (sc instanceof PrincipalConfiguration) {
            assertSame(defaultConfig, sc);
        }
    }
    assertTrue(cpc.getConfigurations().contains(pc));
}

Example 14 with SecurityConfiguration

use of org.apache.jackrabbit.oak.spi.security.SecurityConfiguration in project jackrabbit-oak by apache.

the class RepositoryUpgrade method copy.

/**
     * Copies the full content from the source to the target repository.
     * <p>
     * The source repository <strong>must not be modified</strong> while
     * the copy operation is running to avoid an inconsistent copy.
     * <p>
     * Note that both the source and the target repository must be closed
     * during the copy operation as this method requires exclusive access
     * to the repositories.
     *
     * @param initializer optional extra repository initializer to use
     * @throws RepositoryException if the copy operation fails
     */
public void copy(RepositoryInitializer initializer) throws RepositoryException {
    if (checkLongNames) {
        assertNoLongNames();
    }
    RepositoryConfig config = source.getRepositoryConfig();
    logger.info("Copying repository content from {} to Oak", config.getHomeDir());
    try {
        NodeBuilder targetBuilder = target.getRoot().builder();
        if (VersionHistoryUtil.getVersionStorage(targetBuilder).exists() && !versionCopyConfiguration.skipOrphanedVersionsCopy()) {
            logger.warn("The version storage on destination already exists. Orphaned version histories will be skipped.");
            versionCopyConfiguration.setCopyOrphanedVersions(null);
        }
        final Root upgradeRoot = new UpgradeRoot(targetBuilder);
        String workspaceName = source.getRepositoryConfig().getDefaultWorkspaceName();
        SecurityProviderImpl security = new SecurityProviderImpl(mapSecurityConfig(config.getSecurityConfig()));
        if (skipInitialization) {
            logger.info("Skipping the repository initialization");
        } else {
            // init target repository first
            logger.info("Initializing initial repository content from {}", config.getHomeDir());
            new InitialContent().initialize(targetBuilder);
            if (initializer != null) {
                initializer.initialize(targetBuilder);
            }
            logger.debug("InitialContent completed from {}", config.getHomeDir());
            for (SecurityConfiguration sc : security.getConfigurations()) {
                RepositoryInitializer ri = sc.getRepositoryInitializer();
                ri.initialize(targetBuilder);
                logger.debug("Repository initializer '" + ri.getClass().getName() + "' completed", config.getHomeDir());
            }
            for (SecurityConfiguration sc : security.getConfigurations()) {
                WorkspaceInitializer wi = sc.getWorkspaceInitializer();
                wi.initialize(targetBuilder, workspaceName);
                logger.debug("Workspace initializer '" + wi.getClass().getName() + "' completed", config.getHomeDir());
            }
        }
        HashBiMap<String, String> uriToPrefix = HashBiMap.create();
        logger.info("Copying registered namespaces");
        copyNamespaces(targetBuilder, uriToPrefix);
        logger.debug("Namespace registration completed.");
        if (skipInitialization) {
            logger.info("Skipping registering node types and privileges");
        } else {
            logger.info("Copying registered node types");
            NodeTypeManager ntMgr = new ReadWriteNodeTypeManager() {

                @Override
                protected Tree getTypes() {
                    return upgradeRoot.getTree(NODE_TYPES_PATH);
                }

                @Nonnull
                @Override
                protected Root getWriteRoot() {
                    return upgradeRoot;
                }
            };
            copyNodeTypes(ntMgr, new ValueFactoryImpl(upgradeRoot, NamePathMapper.DEFAULT));
            logger.debug("Node type registration completed.");
            // migrate privileges
            logger.info("Copying registered privileges");
            PrivilegeConfiguration privilegeConfiguration = security.getConfiguration(PrivilegeConfiguration.class);
            copyCustomPrivileges(privilegeConfiguration.getPrivilegeManager(upgradeRoot, NamePathMapper.DEFAULT));
            logger.debug("Privilege registration completed.");
            // Triggers compilation of type information, which we need for
            // the type predicates used by the bulk  copy operations below.
            new TypeEditorProvider(false).getRootEditor(targetBuilder.getBaseState(), targetBuilder.getNodeState(), targetBuilder, null);
        }
        final NodeState reportingSourceRoot = ReportingNodeState.wrap(JackrabbitNodeState.createRootNodeState(source, workspaceName, targetBuilder.getNodeState(), uriToPrefix, copyBinariesByReference, skipOnError), new LoggingReporter(logger, "Migrating", LOG_NODE_COPY, -1));
        final NodeState sourceRoot;
        if (filterLongNames) {
            sourceRoot = NameFilteringNodeState.wrap(reportingSourceRoot);
        } else {
            sourceRoot = reportingSourceRoot;
        }
        final Stopwatch watch = Stopwatch.createStarted();
        logger.info("Copying workspace content");
        copyWorkspace(sourceRoot, targetBuilder, workspaceName);
        // on TarMK this does call triggers the actual copy
        targetBuilder.getNodeState();
        logger.info("Upgrading workspace content completed in {}s ({})", watch.elapsed(TimeUnit.SECONDS), watch);
        if (!versionCopyConfiguration.skipOrphanedVersionsCopy()) {
            logger.info("Copying version storage");
            watch.reset().start();
            copyVersionStorage(targetBuilder, getVersionStorage(sourceRoot), getVersionStorage(targetBuilder), versionCopyConfiguration);
            // on TarMK this does call triggers the actual copy
            targetBuilder.getNodeState();
            logger.info("Version storage copied in {}s ({})", watch.elapsed(TimeUnit.SECONDS), watch);
        } else {
            logger.info("Skipping the version storage as the copyOrphanedVersions is set to false");
        }
        watch.reset().start();
        logger.info("Applying default commit hooks");
        // TODO: default hooks?
        List<CommitHook> hooks = newArrayList();
        UserConfiguration userConf = security.getConfiguration(UserConfiguration.class);
        String groupsPath = userConf.getParameters().getConfigValue(UserConstants.PARAM_GROUP_PATH, UserConstants.DEFAULT_GROUP_PATH);
        String usersPath = userConf.getParameters().getConfigValue(UserConstants.PARAM_USER_PATH, UserConstants.DEFAULT_USER_PATH);
        // hooks specific to the upgrade, need to run first
        hooks.add(new EditorHook(new CompositeEditorProvider(new RestrictionEditorProvider(), new GroupEditorProvider(groupsPath), // copy referenced version histories
        new VersionableEditor.Provider(sourceRoot, workspaceName, versionCopyConfiguration), new SameNameSiblingsEditor.Provider(), AuthorizableFolderEditor.provider(groupsPath, usersPath))));
        // this editor works on the VersionableEditor output, so it can't be
        // a part of the same EditorHook
        hooks.add(new EditorHook(new VersionablePropertiesEditor.Provider()));
        // security-related hooks
        for (SecurityConfiguration sc : security.getConfigurations()) {
            hooks.addAll(sc.getCommitHooks(workspaceName));
        }
        if (customCommitHooks != null) {
            hooks.addAll(customCommitHooks);
        }
        // type validation, reference and indexing hooks
        hooks.add(new EditorHook(new CompositeEditorProvider(createTypeEditorProvider(), createIndexEditorProvider())));
        target.merge(targetBuilder, new LoggingCompositeHook(hooks, source, overrideEarlyShutdown()), CommitInfo.EMPTY);
        logger.info("Processing commit hooks completed in {}s ({})", watch.elapsed(TimeUnit.SECONDS), watch);
        logger.debug("Repository upgrade completed.");
    } catch (Exception e) {
        throw new RepositoryException("Failed to copy content", e);
    }
}

Example 15 with SecurityConfiguration

use of org.apache.jackrabbit.oak.spi.security.SecurityConfiguration in project jackrabbit-oak by apache.

the class Oak method createNewContentRepository.

private ContentRepository createNewContentRepository() {
    final RepoStateCheckHook repoStateCheckHook = new RepoStateCheckHook();
    final List<Registration> regs = Lists.newArrayList();
    regs.add(whiteboard.register(Executor.class, getExecutor(), Collections.emptyMap()));
    IndexEditorProvider indexEditors = CompositeIndexEditorProvider.compose(indexEditorProviders);
    OakInitializer.initialize(store, new CompositeInitializer(initializers), indexEditors);
    QueryIndexProvider indexProvider = CompositeQueryIndexProvider.compose(queryIndexProviders);
    commitHooks.add(repoStateCheckHook);
    List<CommitHook> initHooks = new ArrayList<CommitHook>(commitHooks);
    initHooks.add(new EditorHook(CompositeEditorProvider.compose(editorProviders)));
    if (asyncTasks != null) {
        IndexMBeanRegistration indexRegistration = new IndexMBeanRegistration(whiteboard);
        regs.add(indexRegistration);
        for (Entry<String, Long> t : asyncTasks.entrySet()) {
            AsyncIndexUpdate task = new AsyncIndexUpdate(t.getKey(), store, indexEditors);
            indexRegistration.registerAsyncIndexer(task, t.getValue());
            closer.register(task);
        }
        PropertyIndexAsyncReindex asyncPI = new PropertyIndexAsyncReindex(new AsyncIndexUpdate(IndexConstants.ASYNC_REINDEX_VALUE, store, indexEditors, true), getExecutor());
        regs.add(registerMBean(whiteboard, PropertyIndexAsyncReindexMBean.class, asyncPI, PropertyIndexAsyncReindexMBean.TYPE, "async"));
    }
    regs.add(registerMBean(whiteboard, NodeCounterMBean.class, new NodeCounter(store), NodeCounterMBean.TYPE, "nodeCounter"));
    regs.add(registerMBean(whiteboard, QueryEngineSettingsMBean.class, queryEngineSettings, QueryEngineSettingsMBean.TYPE, "settings"));
    // FIXME: OAK-810 move to proper workspace initialization
    // initialize default workspace
    Iterable<WorkspaceInitializer> workspaceInitializers = Iterables.transform(securityProvider.getConfigurations(), new Function<SecurityConfiguration, WorkspaceInitializer>() {

        @Override
        public WorkspaceInitializer apply(SecurityConfiguration sc) {
            return sc.getWorkspaceInitializer();
        }
    });
    OakInitializer.initialize(workspaceInitializers, store, defaultWorkspaceName, indexEditors);
    // add index hooks later to prevent the OakInitializer to do excessive indexing
    with(new IndexUpdateProvider(indexEditors, failOnMissingIndexProvider));
    withEditorHook();
    // Register observer last to prevent sending events while initialising
    for (Observer observer : observers) {
        regs.add(whiteboard.register(Observer.class, observer, emptyMap()));
    }
    RepositoryManager repositoryManager = new RepositoryManager(whiteboard);
    regs.add(registerMBean(whiteboard, RepositoryManagementMBean.class, repositoryManager, RepositoryManagementMBean.TYPE, repositoryManager.getName()));
    CommitHook composite = CompositeHook.compose(commitHooks);
    regs.add(whiteboard.register(CommitHook.class, composite, Collections.emptyMap()));
    final Tracker<Descriptors> t = whiteboard.track(Descriptors.class);
    return new ContentRepositoryImpl(store, composite, defaultWorkspaceName, queryEngineSettings.unwrap(), indexProvider, securityProvider, new AggregatingDescriptors(t)) {

        @Override
        public void close() throws IOException {
            super.close();
            repoStateCheckHook.close();
            new CompositeRegistration(regs).unregister();
            closer.close();
        }
    };
}