Examples with PrivilegeConfiguration org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration used on opensource projects

Example 1 with PrivilegeConfiguration

use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration in project jackrabbit-oak by apache.

the class SecurityProviderImplTest method testBindPrivilegeConfiguration.

@Test
public void testBindPrivilegeConfiguration() {
    PrivilegeConfiguration pc = Mockito.mock(PrivilegeConfiguration.class);
    securityProvider.bindPrivilegeConfiguration(pc);
    assertSame(pc, securityProvider.getConfiguration(PrivilegeConfiguration.class));
    for (SecurityConfiguration sc : securityProvider.getConfigurations()) {
        if (sc instanceof PrivilegeConfiguration) {
            assertSame(pc, sc);
        }
    }
}

Example 2 with PrivilegeConfiguration

use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration in project jackrabbit-oak by apache.

the class SecurityProviderImplTest method testUnBindPrivilegeConfiguration.

@Test
public void testUnBindPrivilegeConfiguration() {
    PrivilegeConfiguration pc = Mockito.mock(PrivilegeConfiguration.class);
    securityProvider.bindPrivilegeConfiguration(pc);
    securityProvider.unbindPrivilegeConfiguration(pc);
    assertNull(securityProvider.getConfiguration(PrivilegeConfiguration.class));
    for (SecurityConfiguration sc : securityProvider.getConfigurations()) {
        if (sc instanceof PrivilegeConfiguration) {
            fail();
        }
    }
}

Example 3 with PrivilegeConfiguration

use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration in project jackrabbit-oak by apache.

the class AbstractAccessControlManagerTest method before.

@Before
public void before() throws Exception {
    testPrivileges = new Privilege[] { mockPrivilege("priv1"), mockPrivilege("priv2") };
    allPrivileges = new Privilege[] { mockPrivilege(PrivilegeConstants.JCR_ALL) };
    cs = Mockito.mock(ContentSession.class);
    when(cs.getWorkspaceName()).thenReturn(WSP_NAME);
    when(cs.getAuthInfo()).thenReturn(new AuthInfoImpl(null, ImmutableMap.of(), testPrincipals));
    when(root.getContentSession()).thenReturn(cs);
    Tree nonExistingTree = Mockito.mock(Tree.class);
    when(nonExistingTree.exists()).thenReturn(false);
    when(root.getTree(nonExistingPath)).thenReturn(nonExistingTree);
    Tree existingTree = Mockito.mock(Tree.class);
    when(existingTree.exists()).thenReturn(true);
    when(root.getTree(testPath)).thenReturn(existingTree);
    Tree rootTree = Mockito.mock(Tree.class);
    when(rootTree.exists()).thenReturn(true);
    when(root.getTree("/")).thenReturn(rootTree);
    privilegeManager = Mockito.mock(PrivilegeManager.class);
    when(privilegeManager.getRegisteredPrivileges()).thenReturn(testPrivileges);
    when(privilegeManager.getPrivilege("priv1")).thenReturn(testPrivileges[0]);
    when(privilegeManager.getPrivilege("priv2")).thenReturn(testPrivileges[1]);
    when(privilegeManager.getPrivilege(PrivilegeConstants.JCR_ALL)).thenReturn(allPrivileges[0]);
    PrivilegeConfiguration privilegeConfiguration = Mockito.mock(PrivilegeConfiguration.class);
    when(privilegeConfiguration.getPrivilegeManager(root, getNamePathMapper())).thenReturn(privilegeManager);
    authorizationConfiguration = Mockito.mock(AuthorizationConfiguration.class);
    when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, getEveryonePrincipalSet())).thenReturn(EmptyPermissionProvider.getInstance());
    when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, testPrincipals)).thenReturn(OpenPermissionProvider.getInstance());
    when(authorizationConfiguration.getPermissionProvider(root, WSP_NAME, ImmutableSet.of())).thenReturn(EmptyPermissionProvider.getInstance());
    when(authorizationConfiguration.getContext()).thenReturn(Context.DEFAULT);
    securityProvider = Mockito.mock(SecurityProvider.class);
    when(securityProvider.getConfiguration(PrivilegeConfiguration.class)).thenReturn(privilegeConfiguration);
    when(securityProvider.getConfiguration(AuthorizationConfiguration.class)).thenReturn(authorizationConfiguration);
    acMgr = createAccessControlManager(root, getNamePathMapper());
}

Example 4 with PrivilegeConfiguration

use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration in project jackrabbit-oak by apache.

the class RepositoryUpgrade method copy.

/**
 * Copies the full content from the source to the target repository.
 * <p>
 * The source repository <strong>must not be modified</strong> while
 * the copy operation is running to avoid an inconsistent copy.
 * <p>
 * Note that both the source and the target repository must be closed
 * during the copy operation as this method requires exclusive access
 * to the repositories.
 *
 * @param initializer optional extra repository initializer to use
 * @throws RepositoryException if the copy operation fails
 */
public void copy(RepositoryInitializer initializer) throws RepositoryException {
    if (checkLongNames) {
        assertNoLongNames();
    }
    RepositoryConfig config = source.getRepositoryConfig();
    logger.info("Copying repository content from {} to Oak", config.getHomeDir());
    try {
        NodeBuilder targetBuilder = target.getRoot().builder();
        if (VersionHistoryUtil.getVersionStorage(targetBuilder).exists() && !versionCopyConfiguration.skipOrphanedVersionsCopy()) {
            logger.warn("The version storage on destination already exists. Orphaned version histories will be skipped.");
            versionCopyConfiguration.setCopyOrphanedVersions(null);
        }
        final Root upgradeRoot = new UpgradeRoot(targetBuilder);
        String workspaceName = source.getRepositoryConfig().getDefaultWorkspaceName();
        SecurityProvider security = SecurityProviderBuilder.newBuilder().with(mapSecurityConfig(config.getSecurityConfig())).build();
        if (skipInitialization) {
            logger.info("Skipping the repository initialization");
        } else {
            // init target repository first
            logger.info("Initializing initial repository content from {}", config.getHomeDir());
            new InitialContent().initialize(targetBuilder);
            if (initializer != null) {
                initializer.initialize(targetBuilder);
            }
            logger.debug("InitialContent completed from {}", config.getHomeDir());
            for (SecurityConfiguration sc : security.getConfigurations()) {
                RepositoryInitializer ri = sc.getRepositoryInitializer();
                ri.initialize(targetBuilder);
                logger.debug("Repository initializer '" + ri.getClass().getName() + "' completed", config.getHomeDir());
            }
            for (SecurityConfiguration sc : security.getConfigurations()) {
                WorkspaceInitializer wi = sc.getWorkspaceInitializer();
                wi.initialize(targetBuilder, workspaceName);
                logger.debug("Workspace initializer '" + wi.getClass().getName() + "' completed", config.getHomeDir());
            }
        }
        HashBiMap<String, String> uriToPrefix = HashBiMap.create();
        logger.info("Copying registered namespaces");
        copyNamespaces(targetBuilder, uriToPrefix);
        logger.debug("Namespace registration completed.");
        if (skipInitialization) {
            logger.info("Skipping registering node types and privileges");
        } else {
            logger.info("Copying registered node types");
            NodeTypeManager ntMgr = new ReadWriteNodeTypeManager() {

                @Override
                protected Tree getTypes() {
                    return upgradeRoot.getTree(NODE_TYPES_PATH);
                }

                @Nonnull
                @Override
                protected Root getWriteRoot() {
                    return upgradeRoot;
                }
            };
            copyNodeTypes(ntMgr, new ValueFactoryImpl(upgradeRoot, NamePathMapper.DEFAULT));
            logger.debug("Node type registration completed.");
            // migrate privileges
            logger.info("Copying registered privileges");
            PrivilegeConfiguration privilegeConfiguration = security.getConfiguration(PrivilegeConfiguration.class);
            copyCustomPrivileges(privilegeConfiguration.getPrivilegeManager(upgradeRoot, NamePathMapper.DEFAULT));
            logger.debug("Privilege registration completed.");
            // Triggers compilation of type information, which we need for
            // the type predicates used by the bulk  copy operations below.
            new TypeEditorProvider(false).getRootEditor(targetBuilder.getBaseState(), targetBuilder.getNodeState(), targetBuilder, null);
        }
        final NodeState reportingSourceRoot = ReportingNodeState.wrap(JackrabbitNodeState.createRootNodeState(source, workspaceName, targetBuilder.getNodeState(), uriToPrefix, copyBinariesByReference, skipOnError), new LoggingReporter(logger, "Migrating", LOG_NODE_COPY, -1));
        final NodeState sourceRoot;
        if (filterLongNames) {
            sourceRoot = NameFilteringNodeState.wrapRoot(reportingSourceRoot);
        } else {
            sourceRoot = reportingSourceRoot;
        }
        final Stopwatch watch = Stopwatch.createStarted();
        logger.info("Copying workspace content");
        copyWorkspace(sourceRoot, targetBuilder, workspaceName);
        // on TarMK this does call triggers the actual copy
        targetBuilder.getNodeState();
        logger.info("Upgrading workspace content completed in {}s ({})", watch.elapsed(TimeUnit.SECONDS), watch);
        if (!versionCopyConfiguration.skipOrphanedVersionsCopy()) {
            logger.info("Copying version storage");
            watch.reset().start();
            copyVersionStorage(targetBuilder, getVersionStorage(sourceRoot), getVersionStorage(targetBuilder), versionCopyConfiguration);
            // on TarMK this does call triggers the actual copy
            targetBuilder.getNodeState();
            logger.info("Version storage copied in {}s ({})", watch.elapsed(TimeUnit.SECONDS), watch);
        } else {
            logger.info("Skipping the version storage as the copyOrphanedVersions is set to false");
        }
        watch.reset().start();
        logger.info("Applying default commit hooks");
        // TODO: default hooks?
        List<CommitHook> hooks = newArrayList();
        UserConfiguration userConf = security.getConfiguration(UserConfiguration.class);
        String groupsPath = userConf.getParameters().getConfigValue(UserConstants.PARAM_GROUP_PATH, UserConstants.DEFAULT_GROUP_PATH);
        String usersPath = userConf.getParameters().getConfigValue(UserConstants.PARAM_USER_PATH, UserConstants.DEFAULT_USER_PATH);
        // hooks specific to the upgrade, need to run first
        hooks.add(new EditorHook(new CompositeEditorProvider(new RestrictionEditorProvider(), new GroupEditorProvider(groupsPath), // copy referenced version histories
        new VersionableEditor.Provider(sourceRoot, workspaceName, versionCopyConfiguration), new SameNameSiblingsEditor.Provider(), AuthorizableFolderEditor.provider(groupsPath, usersPath))));
        // this editor works on the VersionableEditor output, so it can't be
        // a part of the same EditorHook
        hooks.add(new EditorHook(new VersionablePropertiesEditor.Provider()));
        // security-related hooks
        for (SecurityConfiguration sc : security.getConfigurations()) {
            hooks.addAll(sc.getCommitHooks(workspaceName));
        }
        if (customCommitHooks != null) {
            hooks.addAll(customCommitHooks);
        }
        // type validation, reference and indexing hooks
        hooks.add(new EditorHook(new CompositeEditorProvider(createTypeEditorProvider(), createIndexEditorProvider())));
        target.merge(targetBuilder, new LoggingCompositeHook(hooks, source, overrideEarlyShutdown()), CommitInfo.EMPTY);
        logger.info("Processing commit hooks completed in {}s ({})", watch.elapsed(TimeUnit.SECONDS), watch);
        removeVersions();
        logger.debug("Repository upgrade completed.");
    } catch (Exception e) {
        throw new RepositoryException("Failed to copy content", e);
    }
}

Example 5 with PrivilegeConfiguration

use of org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration in project jackrabbit-oak by apache.

the class SecurityProviderRegistrationTest method testBindUnbindPrivilegeConfiguration.

@Test
public void testBindUnbindPrivilegeConfiguration() throws Exception {
    Field f = registration.getClass().getDeclaredField("privilegeConfiguration");
    f.setAccessible(true);
    assertNull(f.get(registration));
    PrivilegeConfiguration pc = mockConfiguration(PrivilegeConfiguration.class);
    registration.bindPrivilegeConfiguration(pc);
    assertSame(pc, f.get(registration));
    registration.unbindPrivilegeConfiguration(pc);
    assertNull(f.get(registration));
}