Details

      Issue Links

        Activity

        Hide
        Lukas Kahwe Smith added a comment -

        i know the dev focus is on oak these days .. but this is one of the two (the other one being transactions) missing pieces in order for us to finish the reference implementation of PHPCR. i don't know how much work it is .. but i urge the dev team to consider this for 2.x

        Show
        Lukas Kahwe Smith added a comment - i know the dev focus is on oak these days .. but this is one of the two (the other one being transactions) missing pieces in order for us to finish the reference implementation of PHPCR. i don't know how much work it is .. but i urge the dev team to consider this for 2.x
        Hide
        Chris added a comment -

        Will this be addressed for 2.x or will we have to wait for a stable release of oak?

        Show
        Chris added a comment - Will this be addressed for 2.x or will we have to wait for a stable release of oak?
        Hide
        David Buchmann added a comment -

        there is alfusaney yallow working on this as a master thesis for university: http://mail-archives.apache.org/mod_mbox/jackrabbit-dev/201405.mbox/%3CCFA273D5.1D90A%25anchela@adobe.com%3E

        hopefully this can be merged at some point, but i guess its going to take some time until it hits a production ready jackrabbit.

        Show
        David Buchmann added a comment - there is alfusaney yallow working on this as a master thesis for university: http://mail-archives.apache.org/mod_mbox/jackrabbit-dev/201405.mbox/%3CCFA273D5.1D90A%25anchela@adobe.com%3E hopefully this can be merged at some point, but i guess its going to take some time until it hits a production ready jackrabbit.
        Hide
        ASF GitHub Bot added a comment -

        GitHub user Alfusainey opened a pull request:

        https://github.com/apache/jackrabbit/pull/21

        JCR-2113: add access control mgt support for jcr remoting

        This patch provides acm support for the jcr remoting client. in this patch, the implementation of the following has been realized:

        1. implementatiion of javax.jcr.security.AccessControlManager api for jcr2spi jackrabbit client that allows for the creation, retrieval and removal of access control policies.
        2. jackrabbit.api.security.JackrabbitAccessControlList as the default acl policy implementation for the client.
        3. jackrabbit.api.security.JackrabbitAccessControlEntry: the entries that goes in the acl.
        4. extensible access control manager implementation. creation of an access control manager is done via an AccessControlProvider, which is dynamically loaded and instantiated from a configured properties file. See SessionImpl#getAccessControlManager() for details.

        /cc @anchela @tripodsan @dbu @alexparvulescu @mduerig

        You can merge this pull request into a Git repository by running:

        $ git pull https://github.com/Alfusainey/jackrabbit JCR-2113

        Alternatively you can review and apply these changes as the patch at:

        https://github.com/apache/jackrabbit/pull/21.patch

        To close this pull request, make a commit to your master/trunk branch
        with (at least) the following in the commit message:

        This closes #21


        commit 38037aa645c9d88cefda1ae014dca27492f11dc9
        Author: Alfusainey <alf.jallow@gmail.com>
        Date: 2014-09-25T13:07:40Z

        add access control mgt support for jcr2spi


        Show
        ASF GitHub Bot added a comment - GitHub user Alfusainey opened a pull request: https://github.com/apache/jackrabbit/pull/21 JCR-2113 : add access control mgt support for jcr remoting This patch provides acm support for the jcr remoting client. in this patch, the implementation of the following has been realized: 1. implementatiion of javax.jcr.security.AccessControlManager api for jcr2spi jackrabbit client that allows for the creation, retrieval and removal of access control policies. 2. jackrabbit.api.security.JackrabbitAccessControlList as the default acl policy implementation for the client. 3. jackrabbit.api.security.JackrabbitAccessControlEntry: the entries that goes in the acl. 4. extensible access control manager implementation. creation of an access control manager is done via an AccessControlProvider, which is dynamically loaded and instantiated from a configured properties file. See SessionImpl#getAccessControlManager() for details. /cc @anchela @tripodsan @dbu @alexparvulescu @mduerig You can merge this pull request into a Git repository by running: $ git pull https://github.com/Alfusainey/jackrabbit JCR-2113 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/jackrabbit/pull/21.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #21 commit 38037aa645c9d88cefda1ae014dca27492f11dc9 Author: Alfusainey <alf.jallow@gmail.com> Date: 2014-09-25T13:07:40Z add access control mgt support for jcr2spi
        Hide
        angela added a comment - - edited

        Revision 1640892: committed the first chunk of the huge patch provided by Alfusainey Jallow. Note that the ac-related test-cases both form jcr2spi and from the TCK are still excluded from the integration test run as the configuration for the AccessControlProvider is still missing.

        TODO

        • enabling tests and verifying that they all pass (-> adjust jcr2dav module and make sure the RepositoryConfig gets a valid ac-provider configuration parameter set)
        • testing AccessControlProviderStub
        • complete privilege discovery (AccessControlManager#hasPrivilege() -> CurrentUserPrivilegeSet property)
        • setPolicy, Batch#setTree, + testing
        • removePolicy, removal of protected items on jcr-server
        • effective policies
        Show
        angela added a comment - - edited Revision 1640892: committed the first chunk of the huge patch provided by Alfusainey Jallow. Note that the ac-related test-cases both form jcr2spi and from the TCK are still excluded from the integration test run as the configuration for the AccessControlProvider is still missing. TODO enabling tests and verifying that they all pass (-> adjust jcr2dav module and make sure the RepositoryConfig gets a valid ac-provider configuration parameter set) testing AccessControlProviderStub complete privilege discovery (AccessControlManager#hasPrivilege() -> CurrentUserPrivilegeSet property) setPolicy, Batch#setTree, + testing removePolicy, removal of protected items on jcr-server effective policies
        Hide
        ASF GitHub Bot added a comment -

        GitHub user Alfusainey opened a pull request:

        https://github.com/apache/jackrabbit/pull/23

        JCR-2113: Writing access control

        This patch addresses the following, as indicated in https://issues.apache.org/jira/browse/JCR-2113
        a. adjust jcr2dav module and make sure the RepositoryConfig gets a valid ac-provider configuration parameter set
        b. complete setPolicy, Batch#setTree, + testing
        c. complete removePolicy for jcr2spi and partial implementation for removal of protected items on jcr-server.

        You can merge this pull request into a Git repository by running:

        $ git pull https://github.com/Alfusainey/jackrabbit JCR-2113-progress

        Alternatively you can review and apply these changes as the patch at:

        https://github.com/apache/jackrabbit/pull/23.patch

        To close this pull request, make a commit to your master/trunk branch
        with (at least) the following in the commit message:

        This closes #23


        commit e48aa0d4bd95ea26dc84621fa13e298bdbde7fb1
        Author: Alfusainey <alf.jallow@gmail.com>
        Date: 2014-11-25T04:44:34Z

        JCR-2113. Add Batch#setTree; implement setPolicy and removePolicy; jcr2dav RepositoryConfig params


        Show
        ASF GitHub Bot added a comment - GitHub user Alfusainey opened a pull request: https://github.com/apache/jackrabbit/pull/23 JCR-2113 : Writing access control This patch addresses the following, as indicated in https://issues.apache.org/jira/browse/JCR-2113 a. adjust jcr2dav module and make sure the RepositoryConfig gets a valid ac-provider configuration parameter set b. complete setPolicy, Batch#setTree, + testing c. complete removePolicy for jcr2spi and partial implementation for removal of protected items on jcr-server. You can merge this pull request into a Git repository by running: $ git pull https://github.com/Alfusainey/jackrabbit JCR-2113 -progress Alternatively you can review and apply these changes as the patch at: https://github.com/apache/jackrabbit/pull/23.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #23 commit e48aa0d4bd95ea26dc84621fa13e298bdbde7fb1 Author: Alfusainey <alf.jallow@gmail.com> Date: 2014-11-25T04:44:34Z JCR-2113 . Add Batch#setTree; implement setPolicy and removePolicy; jcr2dav RepositoryConfig params
        Hide
        Marcel Reutegger added a comment -

        Added missing license headers: http://svn.apache.org/r1643812

        Show
        Marcel Reutegger added a comment - Added missing license headers: http://svn.apache.org/r1643812
        Hide
        angela added a comment -

        Committed additional work as provided by https://github.com/apache/jackrabbit/pull/23/files#r20943156 with revision 1646435.
        Alfusainey Jallow, i implemented some of the comments i added on the pull request, however i didn't explicitly test the changes (integration tests pass but i suspect that access control mgt is still disabled due to incomplete configuration).

        some of the modifications as follows:

        • added missing license headers to new files
        • dropped hardcoded paths only valid on your machine
        • dropped TreeImpl and PropertyImpl and replaced it with RepositoryService.createTree which is specific for each service impl
        • the tree handled was lacking the ability to process properties present with the tree itself... only those of the child nodes where respected.
        • the access control manager test used a NamePathResolver... instead you should use the JCR level constants as provided by javax.jcr.security.Privilege (the client must properly resolve the qualified names to Name instances).
        • as far as removal of protected nodes on the jcr-server is concerned i dropped the usage of static methods/fields and just created an instance of ProtectedRemoveManager upon init of the servlet.
        • ...

        thanks a lot for the patch... what i would like you to do in order to properly complete your work, would be that you adjust the test-setup such that all access control related TCK and impl-tests are run upon building the complete jackrabbit project with -PintegrationTesting.

        Show
        angela added a comment - Committed additional work as provided by https://github.com/apache/jackrabbit/pull/23/files#r20943156 with revision 1646435. Alfusainey Jallow , i implemented some of the comments i added on the pull request, however i didn't explicitly test the changes (integration tests pass but i suspect that access control mgt is still disabled due to incomplete configuration). some of the modifications as follows: added missing license headers to new files dropped hardcoded paths only valid on your machine dropped TreeImpl and PropertyImpl and replaced it with RepositoryService.createTree which is specific for each service impl the tree handled was lacking the ability to process properties present with the tree itself... only those of the child nodes where respected. the access control manager test used a NamePathResolver... instead you should use the JCR level constants as provided by javax.jcr.security.Privilege (the client must properly resolve the qualified names to Name instances). as far as removal of protected nodes on the jcr-server is concerned i dropped the usage of static methods/fields and just created an instance of ProtectedRemoveManager upon init of the servlet. ... thanks a lot for the patch... what i would like you to do in order to properly complete your work, would be that you adjust the test-setup such that all access control related TCK and impl-tests are run upon building the complete jackrabbit project with -PintegrationTesting .
        Hide
        angela added a comment -

        rev. 1653976 : further improvements wrt privilege discovery as discussed in f2f meeting with alfusainey jallow and david buchmann on january 21th.

        Show
        angela added a comment - rev. 1653976 : further improvements wrt privilege discovery as discussed in f2f meeting with alfusainey jallow and david buchmann on january 21th.
        Hide
        ASF GitHub Bot added a comment -

        GitHub user Alfusainey opened a pull request:

        https://github.com/apache/jackrabbit/pull/27

        JCR-2113: Minor modifications

        1. Fix Jcr2Dav test setup. Execute all access control management related tests upon -PintegrationTesting
        2. Fix the creation of http multiparts for a JsonTree
        etc.

        You can merge this pull request into a Git repository by running:

        $ git pull https://github.com/Alfusainey/jackrabbit JCR2113-minorChanges

        Alternatively you can review and apply these changes as the patch at:

        https://github.com/apache/jackrabbit/pull/27.patch

        To close this pull request, make a commit to your master/trunk branch
        with (at least) the following in the commit message:

        This closes #27


        commit e53f645b5ab9fa3897f4a1151c34be0822a39a6d
        Author: Alfusainey <alf.jallow@gmail.com>
        Date: 2015-01-22T22:11:40Z

        JCR-2113: Minor modifications to the AccessControlManagerImpl; fix jcr2dav test-setup; Use property path as multi-part name for JsonTree properties that can't be serialized to JSON


        Show
        ASF GitHub Bot added a comment - GitHub user Alfusainey opened a pull request: https://github.com/apache/jackrabbit/pull/27 JCR-2113 : Minor modifications 1. Fix Jcr2Dav test setup. Execute all access control management related tests upon -PintegrationTesting 2. Fix the creation of http multiparts for a JsonTree etc. You can merge this pull request into a Git repository by running: $ git pull https://github.com/Alfusainey/jackrabbit JCR2113-minorChanges Alternatively you can review and apply these changes as the patch at: https://github.com/apache/jackrabbit/pull/27.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #27 commit e53f645b5ab9fa3897f4a1151c34be0822a39a6d Author: Alfusainey <alf.jallow@gmail.com> Date: 2015-01-22T22:11:40Z JCR-2113 : Minor modifications to the AccessControlManagerImpl; fix jcr2dav test-setup; Use property path as multi-part name for JsonTree properties that can't be serialized to JSON
        Hide
        angela added a comment - - edited

        Thanks a lot for the patch; committed revision 1656464.

        Note, that along with your patch I made the following additional changes:

        • RepositoryServiceImpl#getPrivilegeNames : wrong prop dav property name used to parse the multistatus response
        • Spi2davexRepositoryServiceFactory.java : always created a repository service with 'null' default workspace name -> added configuration parameter for the default workspace name
        • missing equals/hashCode with jcr2spi access control list and access control entry -> failing tck tests
        • excluding tck tests that are still failed (with comment)
        • fix jcr2spi test that failed
        • removed the redundant JsonTree implementation
        • AccessControlManager#getEffectivePolicies must return 1 policy -> returning fake instead of throwing unsupportedoperationexception to make the tck happy.

        I think we can now resolve this issue fixed and follow up with detailed issues for stuff that is still missing (i.e. support for restrictions and failing RSessionAccessControl* tests)

        Show
        angela added a comment - - edited Thanks a lot for the patch; committed revision 1656464. Note, that along with your patch I made the following additional changes: RepositoryServiceImpl#getPrivilegeNames : wrong prop dav property name used to parse the multistatus response Spi2davexRepositoryServiceFactory.java : always created a repository service with 'null' default workspace name -> added configuration parameter for the default workspace name missing equals/hashCode with jcr2spi access control list and access control entry -> failing tck tests excluding tck tests that are still failed (with comment) fix jcr2spi test that failed removed the redundant JsonTree implementation AccessControlManager#getEffectivePolicies must return 1 policy -> returning fake instead of throwing unsupportedoperationexception to make the tck happy. I think we can now resolve this issue fixed and follow up with detailed issues for stuff that is still missing (i.e. support for restrictions and failing RSessionAccessControl* tests)
        Hide
        angela added a comment -

        A big thank you to Alfusainey Jallow for his contribution.

        Show
        angela added a comment - A big thank you to Alfusainey Jallow for his contribution.
        Hide
        Marcel Reutegger added a comment -

        Bulk close for 2.9.1

        Show
        Marcel Reutegger added a comment - Bulk close for 2.9.1

          People

          • Assignee:
            angela
            Reporter:
            angela
          • Votes:
            3 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development