Index: oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/NoCugTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/NoCugTest.java (revision 1817984) +++ oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/NoCugTest.java (revision ) @@ -24,7 +24,6 @@ import com.google.common.collect.ImmutableSet; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.commons.PathUtils; -import org.apache.jackrabbit.oak.plugins.tree.factories.RootFactory; import org.apache.jackrabbit.oak.plugins.tree.TreeLocation; import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions; import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission; @@ -124,7 +123,7 @@ @Test public void testHiddenProperty() { - Root immutableRoot = RootFactory.createReadOnlyRoot(root); + Root immutableRoot = getRootProvider().createReadOnlyRoot(root); assertFalse(immutableRoot.getTree(PathUtils.ROOT_PATH).hasProperty(HIDDEN_NESTED_CUGS)); } } \ No newline at end of file Index: oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/NestedCugHookRootSupportedTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/NestedCugHookRootSupportedTest.java (revision 1817984) +++ oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/NestedCugHookRootSupportedTest.java (revision ) @@ -44,7 +44,7 @@ createCug("/content2", EveryonePrincipal.getInstance()); root.commit(); - assertNestedCugs(root, ROOT_PATH, true, "/content", "/content2"); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, true, "/content", "/content2"); } @Test @@ -53,13 +53,13 @@ createCug("/content2", EveryonePrincipal.getInstance()); root.commit(); - assertNestedCugs(root, ROOT_PATH, false, "/content", "/content2"); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, "/content", "/content2"); createCug(ROOT_PATH, EveryonePrincipal.getInstance()); root.commit(); - assertNestedCugs(root, ROOT_PATH, false); - assertNestedCugs(root, ROOT_PATH, true, "/content", "/content2"); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, true, "/content", "/content2"); } @Test @@ -69,7 +69,7 @@ createCug("/content2", EveryonePrincipal.getInstance()); root.commit(); - assertNestedCugs(root, ROOT_PATH, true, "/content", "/content2"); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, true, "/content", "/content2"); } @Test @@ -81,13 +81,13 @@ root.commit(); assertTrue(removeCug(ROOT_PATH, true)); - assertNestedCugs(root, ROOT_PATH, false, "/content", "/content2"); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, "/content", "/content2"); assertTrue(removeCug("/content", true)); - assertNestedCugs(root, ROOT_PATH, false, "/content2"); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, "/content2"); assertTrue(removeCug("/content2", true)); - assertNestedCugs(root, ROOT_PATH, false); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false); } @Test @@ -99,13 +99,13 @@ root.commit(); removeCug("/content", true); - assertNestedCugs(root, ROOT_PATH, true, "/content2"); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, true, "/content2"); removeCug("/", true); - assertNestedCugs(root, ROOT_PATH, false, "/content2"); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, "/content2"); removeCug("/content2", true); - assertNestedCugs(root, ROOT_PATH, false); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false); } @Test @@ -117,13 +117,13 @@ root.commit(); assertTrue(removeCug("/content", true)); - assertNestedCugs(root, ROOT_PATH, true, "/content2"); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, true, "/content2"); assertTrue(removeCug("/content2", true)); - assertNestedCugs(root, ROOT_PATH, true); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, true); assertTrue(removeCug(ROOT_PATH, true)); - assertNestedCugs(root, ROOT_PATH, false); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false); } @Test @@ -139,6 +139,6 @@ assertTrue(removeCug("/", false)); root.commit(); - assertNestedCugs(root, "/", false); + assertNestedCugs(root, getRootProvider(), "/", false); } } \ No newline at end of file Index: oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java (revision 1817984) +++ oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java (revision ) @@ -16,8 +16,6 @@ */ package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl; -import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME; - import java.io.IOException; import java.io.InputStream; import java.security.Principal; @@ -45,11 +43,9 @@ import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.plugins.memory.MemoryNodeStore; import org.apache.jackrabbit.oak.plugins.name.NamespaceEditorProvider; -import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager; import org.apache.jackrabbit.oak.plugins.nodetype.TypeEditorProvider; import org.apache.jackrabbit.oak.plugins.nodetype.write.NodeTypeRegistry; -import org.apache.jackrabbit.oak.plugins.tree.factories.RootFactory; import org.apache.jackrabbit.oak.spi.commit.CommitHook; import org.apache.jackrabbit.oak.spi.commit.CompositeEditorProvider; import org.apache.jackrabbit.oak.spi.commit.EditorHook; @@ -58,6 +54,7 @@ import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer; import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider; import org.apache.jackrabbit.oak.spi.mount.Mounts; +import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; import org.apache.jackrabbit.oak.spi.security.CompositeConfiguration; import org.apache.jackrabbit.oak.spi.security.ConfigurationBase; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; @@ -74,6 +71,8 @@ import org.apache.jackrabbit.oak.spi.state.NodeStore; import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter; +import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME; + @Component(metatype = true, label = "Apache Jackrabbit Oak CUG Configuration", description = "Authorization configuration dedicated to setup and evaluate 'Closed User Group' permissions.", @@ -143,7 +142,7 @@ if (!enabled || supportedPaths.isEmpty() || getExclude().isExcluded(principals)) { return EmptyPermissionProvider.getInstance(); } else { - return new CugPermissionProvider(root, workspaceName, principals, supportedPaths, getSecurityProvider().getConfiguration(AuthorizationConfiguration.class).getContext()); + return new CugPermissionProvider(root, workspaceName, principals, supportedPaths, getSecurityProvider().getConfiguration(AuthorizationConfiguration.class).getContext(), getRootProvider(), getTreeProvider()); } } @@ -160,9 +159,8 @@ NodeState base = builder.getNodeState(); NodeStore store = new MemoryNodeStore(base); - Root root = RootFactory.createSystemRoot(store, - new EditorHook(new CompositeEditorProvider(new NamespaceEditorProvider(), new TypeEditorProvider())), - null, null, null); + Root root = getRootProvider().createSystemRoot(store, + new EditorHook(new CompositeEditorProvider(new NamespaceEditorProvider(), new TypeEditorProvider()))); if (registerCugNodeTypes(root)) { NodeState target = store.getRoot(); target.compareAgainstBaseState(base, new ApplyDiff(builder)); \ No newline at end of file Index: oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/HiddenTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/HiddenTest.java (revision 1817984) +++ oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/HiddenTest.java (revision ) @@ -26,7 +26,6 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.commons.PathUtils; -import org.apache.jackrabbit.oak.plugins.tree.factories.RootFactory; import org.apache.jackrabbit.oak.plugins.tree.TreeLocation; import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration; import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider; @@ -59,7 +58,7 @@ createCug(SUPPORTED_PATH, EveryonePrincipal.getInstance()); root.commit(); - readOnlyRoot = RootFactory.createReadOnlyRoot(root); + readOnlyRoot = getRootProvider().createReadOnlyRoot(root); hiddenTree = readOnlyRoot.getTree("/oak:index/acPrincipalName/:index"); assertTrue(hiddenTree.exists()); @@ -158,4 +157,4 @@ root.commit(); } } -} \ No newline at end of file +} Index: oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java (revision 1817984) +++ oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java (revision ) @@ -25,7 +25,6 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; -import org.apache.jackrabbit.oak.AbstractSecurityTest; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.commit.CommitHook; import org.apache.jackrabbit.oak.spi.commit.MoveTracker; @@ -47,13 +46,11 @@ import static org.junit.Assert.assertSame; import static org.junit.Assert.assertTrue; -public class CugConfigurationTest extends AbstractSecurityTest { +public class CugConfigurationTest extends AbstractCugTest { private static CugConfiguration createConfiguration(ConfigurationParameters params) { - SecurityProvider sp = CugSecurityProvider.newTestSecurityProvider(ConfigurationParameters.EMPTY); - CugConfiguration cugConfiguration = new CugConfiguration(); - cugConfiguration.setSecurityProvider(sp); - cugConfiguration.activate(params); + SecurityProvider sp = CugSecurityProvider.newTestSecurityProvider(ConfigurationParameters.of(AuthorizationConfiguration.NAME, params)); + CugConfiguration cugConfiguration = CugSecurityProvider.getCugConfiguration(sp); return cugConfiguration; } @@ -203,7 +200,7 @@ @Test public void testActivate() throws Exception { - CugConfiguration cugConfiguration = new CugConfiguration(getSecurityProvider()); + CugConfiguration cugConfiguration = createConfiguration(ConfigurationParameters.EMPTY); cugConfiguration.activate(ImmutableMap.of( CugConstants.PARAM_CUG_ENABLED, false, CugConstants.PARAM_CUG_SUPPORTED_PATHS, new String[] {"/content", "/anotherContent"} @@ -213,7 +210,7 @@ @Test public void testModified() throws Exception { - CugConfiguration cugConfiguration = new CugConfiguration(getSecurityProvider()); + CugConfiguration cugConfiguration = createConfiguration(ConfigurationParameters.EMPTY); cugConfiguration.modified(ImmutableMap.of( CugConstants.PARAM_CUG_SUPPORTED_PATHS, new String[]{"/changed"} )); @@ -224,4 +221,4 @@ Set expected = ImmutableSet.copyOf(paths); assertEquals(expected, configuration.getParameters().getConfigValue(CugConstants.PARAM_CUG_SUPPORTED_PATHS, ImmutableSet.of())); } -} \ No newline at end of file +} Index: oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest.java (revision 1817984) +++ oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest.java (revision ) @@ -39,6 +39,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.commons.PathUtils; +import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; @@ -49,7 +50,6 @@ import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants; import org.apache.jackrabbit.oak.util.NodeUtil; -import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.apache.jackrabbit.util.Text; import static org.junit.Assert.assertTrue; @@ -148,7 +148,7 @@ } CugPermissionProvider createCugPermissionProvider(@Nonnull Set supportedPaths, @Nonnull Principal... principals) { - return new CugPermissionProvider(root, root.getContentSession().getWorkspaceName(), ImmutableSet.copyOf(principals), supportedPaths, getConfig(AuthorizationConfiguration.class).getContext()); + return new CugPermissionProvider(root, root.getContentSession().getWorkspaceName(), ImmutableSet.copyOf(principals), supportedPaths, getConfig(AuthorizationConfiguration.class).getContext(), getRootProvider(), getTreeProvider()); } void setupCugsAndAcls() throws Exception { \ No newline at end of file Index: oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/TopLevelPathTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/TopLevelPathTest.java (revision 1817984) +++ oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/TopLevelPathTest.java (revision ) @@ -23,11 +23,10 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.commons.PathUtils; -import org.apache.jackrabbit.oak.plugins.tree.factories.RootFactory; +import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission; import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal; -import org.apache.jackrabbit.oak.util.NodeUtil; import org.apache.jackrabbit.util.Text; import org.junit.Test; @@ -43,25 +42,25 @@ @Test public void testHasAnyNoCug() { - TopLevelPaths tlp = new TopLevelPaths(RootFactory.createReadOnlyRoot(root)); + TopLevelPaths tlp = new TopLevelPaths(getRootProvider().createReadOnlyRoot(root)); assertFalse(tlp.hasAny()); assertFalse(tlp.hasAny()); } @Test public void testHasAnyWithCug() throws Exception { - Tree tree = new NodeUtil(root.getTree(SUPPORTED_PATH3)).addChild("child", NodeTypeConstants.NT_OAK_UNSTRUCTURED).getTree(); + Tree tree = TreeUtil.addChild(root.getTree(SUPPORTED_PATH3), "child", NodeTypeConstants.NT_OAK_UNSTRUCTURED); createCug(tree.getPath(), EveryonePrincipal.getInstance()); root.commit(); - TopLevelPaths tlp = new TopLevelPaths(RootFactory.createReadOnlyRoot(root)); + TopLevelPaths tlp = new TopLevelPaths(getRootProvider().createReadOnlyRoot(root)); assertTrue(tlp.hasAny()); assertTrue(tlp.hasAny()); } @Test public void testContainsNoCug() throws Exception { - TopLevelPaths tlp = new TopLevelPaths(RootFactory.createReadOnlyRoot(root)); + TopLevelPaths tlp = new TopLevelPaths(getRootProvider().createReadOnlyRoot(root)); for (String p : PATHS) { assertFalse(tlp.contains(p)); } @@ -69,11 +68,12 @@ @Test public void testContainsWithCug() throws Exception { - String cugPath = new NodeUtil(root.getTree(SUPPORTED_PATH3)).addChild("child", NodeTypeConstants.NT_OAK_UNSTRUCTURED).getTree().getPath(); + String cugPath = TreeUtil + .addChild(root.getTree(SUPPORTED_PATH3), "child", NodeTypeConstants.NT_OAK_UNSTRUCTURED).getPath(); createCug(cugPath, EveryonePrincipal.getInstance()); root.commit(); - TopLevelPaths tlp = new TopLevelPaths(RootFactory.createReadOnlyRoot(root)); + TopLevelPaths tlp = new TopLevelPaths(getRootProvider().createReadOnlyRoot(root)); assertTrue(tlp.contains(ROOT_PATH)); assertTrue(tlp.contains(SUPPORTED_PATH3)); @@ -89,7 +89,7 @@ createCug(root, ROOT_PATH, EveryonePrincipal.NAME); root.commit(); - TopLevelPaths tlp = new TopLevelPaths(RootFactory.createReadOnlyRoot(root)); + TopLevelPaths tlp = new TopLevelPaths(getRootProvider().createReadOnlyRoot(root)); assertTrue(tlp.contains(ROOT_PATH)); @@ -101,14 +101,14 @@ @Test public void testContainsMany() throws Exception { - NodeUtil n = new NodeUtil(root.getTree(SUPPORTED_PATH3)); + Tree n = root.getTree(SUPPORTED_PATH3); for (int i = 0; i <= TopLevelPaths.MAX_CNT; i++) { - Tree c = n.addChild("c" + i, NT_OAK_UNSTRUCTURED).getTree(); + Tree c = TreeUtil.addChild(n, "c" + i, NT_OAK_UNSTRUCTURED); createCug(c.getPath(), EveryonePrincipal.getInstance()); } root.commit(); - TopLevelPaths tlp = new TopLevelPaths(RootFactory.createReadOnlyRoot(root)); + TopLevelPaths tlp = new TopLevelPaths(getRootProvider().createReadOnlyRoot(root)); assertTrue(tlp.contains(ROOT_PATH)); assertTrue(tlp.contains(SUPPORTED_PATH)); assertTrue(tlp.contains(SUPPORTED_PATH2)); @@ -120,11 +120,12 @@ @Test public void testMayContainWithCug() throws Exception { - String cugPath = new NodeUtil(root.getTree(SUPPORTED_PATH3)).addChild("child", NodeTypeConstants.NT_OAK_UNSTRUCTURED).getTree().getPath(); + String cugPath = TreeUtil + .addChild(root.getTree(SUPPORTED_PATH3), "child", NodeTypeConstants.NT_OAK_UNSTRUCTURED).getPath(); createCug(cugPath, EveryonePrincipal.getInstance()); root.commit(); - Root readOnlyRoot = RootFactory.createReadOnlyRoot(root); + Root readOnlyRoot = getRootProvider().createReadOnlyRoot(root); TopLevelPaths tlp = new TopLevelPaths(readOnlyRoot); for (String p : PATHS) { assertEquals(p, Text.isDescendantOrEqual(p, cugPath), tlp.contains(p)); @@ -160,7 +161,7 @@ createCug(cugPath, EveryonePrincipal.getInstance()); root.commit(); - Root readOnlyRoot = RootFactory.createReadOnlyRoot(root); + Root readOnlyRoot = getRootProvider().createReadOnlyRoot(root); TopLevelPaths tlp = new TopLevelPaths(readOnlyRoot); assertTrue(tlp.contains(PathUtils.ROOT_PATH)); @@ -191,4 +192,4 @@ assertSame(p, TreePermission.NO_RECOURSE, tp); } } -} \ No newline at end of file +} Index: oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/NestedCugHookTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/NestedCugHookTest.java (revision 1817984) +++ oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/NestedCugHookTest.java (revision ) @@ -27,10 +27,10 @@ import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.commons.PathUtils; -import org.apache.jackrabbit.oak.plugins.tree.factories.RootFactory; +import org.apache.jackrabbit.oak.plugins.tree.RootProvider; +import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy; import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal; -import org.apache.jackrabbit.oak.util.NodeUtil; import org.junit.Test; import static org.junit.Assert.assertEquals; @@ -39,12 +39,11 @@ import static org.junit.Assert.assertTrue; import static org.apache.jackrabbit.oak.commons.PathUtils.ROOT_PATH; - public class NestedCugHookTest extends AbstractCugTest { - protected static void assertNestedCugs(@Nonnull Root root, @Nonnull String cugHoldingPath, - boolean hasCugPolicy, @Nonnull String... expectedNestedPaths) { - Root immutableRoot = RootFactory.createReadOnlyRoot(root); + protected static void assertNestedCugs(@Nonnull Root root, @Nonnull RootProvider rootProvider, + @Nonnull String cugHoldingPath, boolean hasCugPolicy, @Nonnull String... expectedNestedPaths) { + Root immutableRoot = rootProvider.createReadOnlyRoot(root); Tree tree = immutableRoot.getTree(cugHoldingPath); if (hasCugPolicy) { @@ -102,8 +101,8 @@ createCug("/content", getTestGroupPrincipal()); root.commit(); - assertNestedCugs(root, "/", false, "/content"); - assertNestedCugs(root, "/content", true); + assertNestedCugs(root, getRootProvider(), "/", false, "/content"); + assertNestedCugs(root, getRootProvider(), "/content", true); } @Test @@ -115,41 +114,41 @@ // - /content2 : allow everyone, deny testGroup (isolated) setupCugsAndAcls(); - assertNestedCugs(root, ROOT_PATH, false, "/content/a", "/content/aa/bb", "/content2"); - assertNestedCugs(root, "/content/a", true, "/content/a/b/c"); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, "/content/a", "/content/aa/bb", "/content2"); + assertNestedCugs(root, getRootProvider(), "/content/a", true, "/content/a/b/c"); // add CUG at /content after having created CUGs in the subtree createCug("/content", EveryonePrincipal.getInstance()); root.commit(); - assertNestedCugs(root, ROOT_PATH, false, "/content", "/content2"); - assertNestedCugs(root, "/content", true, "/content/a", "/content/aa/bb"); - assertNestedCugs(root, "/content/a", true, "/content/a/b/c"); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, "/content", "/content2"); + assertNestedCugs(root, getRootProvider(), "/content", true, "/content/a", "/content/aa/bb"); + assertNestedCugs(root, getRootProvider(), "/content/a", true, "/content/a/b/c"); } @Test public void testAddNodeWithCug() throws Exception { createCug(SUPPORTED_PATH2, EveryonePrincipal.getInstance()); - Tree newTree = new NodeUtil(root.getTree(SUPPORTED_PATH2)).addChild("child", NT_OAK_UNSTRUCTURED).getTree(); + Tree newTree = TreeUtil.addChild(root.getTree(SUPPORTED_PATH2), "child", NT_OAK_UNSTRUCTURED); String path = newTree.getPath(); createCug(path, getTestGroupPrincipal()); root.commit(); - assertNestedCugs(root, ROOT_PATH, false, SUPPORTED_PATH2); - assertNestedCugs(root, SUPPORTED_PATH2, true, path); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, SUPPORTED_PATH2); + assertNestedCugs(root, getRootProvider(), SUPPORTED_PATH2, true, path); } @Test public void testAddNodeWithCugManually() throws Exception { createCug(root, SUPPORTED_PATH3, EveryonePrincipal.NAME); - Tree newTree = new NodeUtil(root.getTree(SUPPORTED_PATH3)).addChild("child", NT_OAK_UNSTRUCTURED).getTree(); + Tree newTree = TreeUtil.addChild(root.getTree(SUPPORTED_PATH3), "child", NT_OAK_UNSTRUCTURED); String path = newTree.getPath(); createCug(root, path, getTestGroupPrincipal().getName()); root.commit(); - assertNestedCugs(root, ROOT_PATH, false, SUPPORTED_PATH3); - assertNestedCugs(root, SUPPORTED_PATH3, true, path); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, SUPPORTED_PATH3); + assertNestedCugs(root, getRootProvider(), SUPPORTED_PATH3, true, path); } @Test @@ -159,7 +158,7 @@ createCug(root, unsupportedPath, EveryonePrincipal.NAME); root.commit(); - assertNestedCugs(root, ROOT_PATH, false, unsupportedPath); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, unsupportedPath); } @Test @@ -173,7 +172,7 @@ createCug("/content2", EveryonePrincipal.getInstance()); root.commit(); - assertNestedCugs(root, ROOT_PATH, true, "/content", "/content2"); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, true, "/content", "/content2"); } @Test @@ -184,7 +183,7 @@ // remove CUG at /content assertTrue(removeCug("/content", true)); - assertNestedCugs(root, ROOT_PATH, false); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false); } @Test @@ -199,8 +198,8 @@ // remove CUG at /content/a/b/c assertTrue(removeCug("/content/a/b/c", true)); - assertNestedCugs(root, ROOT_PATH, false, "/content/a", "/content/aa/bb", "/content2"); - assertNestedCugs(root, "/content/a", true); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, "/content/a", "/content/aa/bb", "/content2"); + assertNestedCugs(root, getRootProvider(), "/content/a", true); } @Test @@ -215,7 +214,7 @@ // remove CUG at /content/a assertTrue(removeCug("/content/a", true)); - assertNestedCugs(root, ROOT_PATH, false, "/content/aa/bb", "/content2", "/content/a/b/c"); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, "/content/aa/bb", "/content2", "/content/a/b/c"); assertFalse(root.getTree("/content/a").hasChild(REP_CUG_POLICY)); } @@ -232,7 +231,7 @@ assertTrue(removeCug("/content/aa/bb", false)); root.commit(); - assertNestedCugs(root, ROOT_PATH, false, "/content2", "/content/a/b/c"); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, "/content2", "/content/a/b/c"); } @Test @@ -248,7 +247,7 @@ assertTrue(removeCug("/content/a/b/c", false)); root.commit(); - assertNestedCugs(root, ROOT_PATH, false, "/content/aa/bb", "/content2"); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, "/content/aa/bb", "/content2"); } @Test @@ -263,7 +262,7 @@ root.getTree("/content").remove(); root.commit(); - assertNestedCugs(root, ROOT_PATH, false, "/content2"); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, "/content2"); } @Test @@ -278,7 +277,7 @@ root.getTree("/content/a").remove(); root.commit(); - assertNestedCugs(root, ROOT_PATH, false, "/content2", "/content/aa/bb"); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, "/content2", "/content/aa/bb"); } @Test @@ -292,39 +291,39 @@ assertTrue(root.getTree(PathUtils.concat(ROOT_PATH, REP_CUG_POLICY)).remove()); root.commit(); - assertNestedCugs(root, ROOT_PATH, false, "/content", "/content2"); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, "/content", "/content2"); assertTrue(removeCug("/content", true)); - assertNestedCugs(root, ROOT_PATH, false, "/content2"); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, "/content2"); assertTrue(removeCug("/content2", true)); - assertNestedCugs(root, ROOT_PATH, false); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false); } @Test public void testRemoveAndReadd() throws Exception { createCug(root, SUPPORTED_PATH3, EveryonePrincipal.NAME); - Tree newTree = new NodeUtil(root.getTree(SUPPORTED_PATH3)).addChild("child", NT_OAK_UNSTRUCTURED).getTree(); + Tree newTree = TreeUtil.addChild(root.getTree(SUPPORTED_PATH3), "child", NT_OAK_UNSTRUCTURED); String path = newTree.getPath(); createCug(path, getTestGroupPrincipal()); root.commit(); - assertNestedCugs(root, ROOT_PATH, false, SUPPORTED_PATH3); - assertNestedCugs(root, SUPPORTED_PATH3, true, path); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, SUPPORTED_PATH3); + assertNestedCugs(root, getRootProvider(), SUPPORTED_PATH3, true, path); removeCug(path, false); createCug(path, EveryonePrincipal.getInstance()); root.commit(); - assertNestedCugs(root, SUPPORTED_PATH3, true, path); + assertNestedCugs(root, getRootProvider(), SUPPORTED_PATH3, true, path); } @Test public void testMoveToUnsupportedPath() throws Exception { createCug(root, SUPPORTED_PATH3, EveryonePrincipal.NAME); - Tree newTree = new NodeUtil(root.getTree(SUPPORTED_PATH3)).addChild("child", NT_OAK_UNSTRUCTURED).getTree(); + Tree newTree = TreeUtil.addChild(root.getTree(SUPPORTED_PATH3), "child", NT_OAK_UNSTRUCTURED); String path = newTree.getPath(); createCug(path, getTestGroupPrincipal()); root.commit(); @@ -333,15 +332,15 @@ root.move(path, destPath); root.commit(); - assertNestedCugs(root, SUPPORTED_PATH3, true); - assertNestedCugs(root, ROOT_PATH, false, SUPPORTED_PATH3, destPath); + assertNestedCugs(root, getRootProvider(), SUPPORTED_PATH3, true); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, SUPPORTED_PATH3, destPath); } @Test public void testMoveToSupportedPath() throws Exception { createCug(root, SUPPORTED_PATH3, EveryonePrincipal.NAME); - Tree newTree = new NodeUtil(root.getTree(SUPPORTED_PATH3)).addChild("child", NT_OAK_UNSTRUCTURED).getTree(); + Tree newTree = TreeUtil.addChild(root.getTree(SUPPORTED_PATH3), "child", NT_OAK_UNSTRUCTURED); String path = newTree.getPath(); createCug(path, getTestGroupPrincipal()); root.commit(); @@ -350,8 +349,8 @@ root.move(path, destPath); root.commit(); - assertNestedCugs(root, SUPPORTED_PATH3, true); - assertNestedCugs(root, ROOT_PATH, false, SUPPORTED_PATH3, destPath); + assertNestedCugs(root, getRootProvider(), SUPPORTED_PATH3, true); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, SUPPORTED_PATH3, destPath); } @Test @@ -359,7 +358,7 @@ createCug(root, SUPPORTED_PATH2, EveryonePrincipal.NAME); createCug(root, SUPPORTED_PATH3, EveryonePrincipal.NAME); - Tree newTree = new NodeUtil(root.getTree(SUPPORTED_PATH3)).addChild("child", NT_OAK_UNSTRUCTURED).getTree(); + Tree newTree = TreeUtil.addChild(root.getTree(SUPPORTED_PATH3), "child", NT_OAK_UNSTRUCTURED); String path = newTree.getPath(); createCug(path, getTestGroupPrincipal()); root.commit(); @@ -368,8 +367,8 @@ root.move(path, destPath); root.commit(); - assertNestedCugs(root, ROOT_PATH, false, SUPPORTED_PATH3, SUPPORTED_PATH2); - assertNestedCugs(root, SUPPORTED_PATH3, true); - assertNestedCugs(root, SUPPORTED_PATH2, true, destPath); + assertNestedCugs(root, getRootProvider(), ROOT_PATH, false, SUPPORTED_PATH3, SUPPORTED_PATH2); + assertNestedCugs(root, getRootProvider(), SUPPORTED_PATH3, true); + assertNestedCugs(root, getRootProvider(), SUPPORTED_PATH2, true, destPath); } } \ No newline at end of file Index: oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/EmptyCugTreePermissionTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/EmptyCugTreePermissionTest.java (revision 1817984) +++ oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/EmptyCugTreePermissionTest.java (revision ) @@ -23,7 +23,6 @@ import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; -import org.apache.jackrabbit.oak.plugins.tree.factories.RootFactory; import org.apache.jackrabbit.oak.plugins.tree.TreeType; import org.apache.jackrabbit.oak.plugins.tree.impl.AbstractTree; import org.apache.jackrabbit.oak.spi.version.VersionConstants; @@ -54,7 +53,7 @@ pp = createCugPermissionProvider( ImmutableSet.of(SUPPORTED_PATH, SUPPORTED_PATH2), getTestUser().getPrincipal(), EveryonePrincipal.getInstance()); - Root readOnlyRoot = RootFactory.createReadOnlyRoot(root); + Root readOnlyRoot = getRootProvider().createReadOnlyRoot(root); Tree t = readOnlyRoot.getTree("/"); tp = new EmptyCugTreePermission(t, TreeType.DEFAULT, pp); rootState = ((AbstractTree) t).getNodeState(); @@ -143,4 +142,4 @@ assertFalse(tp.isGranted(Permissions.READ, ps)); } -} \ No newline at end of file +} Index: oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java (revision 1817984) +++ oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java (revision ) @@ -16,8 +16,6 @@ */ package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl; -import static com.google.common.base.Preconditions.checkNotNull; - import javax.annotation.Nonnull; import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration; @@ -32,8 +30,23 @@ public static SecurityProvider newTestSecurityProvider(@Nonnull ConfigurationParameters configuration) { CugConfiguration cugConfiguration = new CugConfiguration(); - cugConfiguration.activate(configuration.getConfigValue(AuthorizationConfiguration.NAME, ConfigurationParameters.EMPTY)); + ConfigurationParameters params = configuration.getConfigValue(AuthorizationConfiguration.NAME, ConfigurationParameters.EMPTY); + cugConfiguration.activate(params); + return new SecurityProviderBuilder().with(configuration).with(cugConfiguration, AuthorizationConfiguration.class).build(); + } + + public static CugConfiguration getCugConfiguration(@Nonnull SecurityProvider securityProvider) { + AuthorizationConfiguration ac = securityProvider.getConfiguration(AuthorizationConfiguration.class); + if (!(ac instanceof CompositeAuthorizationConfiguration)) { + throw new IllegalStateException(); + } + for (AuthorizationConfiguration config : ((CompositeAuthorizationConfiguration) ac).getConfigurations()) { + if (config instanceof CugConfiguration) { + return (CugConfiguration) config; + } + } + throw new IllegalStateException(); } } \ No newline at end of file Index: oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPermissionProvider.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPermissionProvider.java (revision 1817984) +++ oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPermissionProvider.java (revision ) @@ -31,11 +31,12 @@ import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.namepath.NamePathMapper; -import org.apache.jackrabbit.oak.plugins.tree.factories.RootFactory; -import org.apache.jackrabbit.oak.plugins.tree.factories.TreeFactory; +import org.apache.jackrabbit.oak.plugins.tree.RootProvider; import org.apache.jackrabbit.oak.plugins.tree.TreeLocation; +import org.apache.jackrabbit.oak.plugins.tree.TreeProvider; import org.apache.jackrabbit.oak.plugins.tree.TreeType; import org.apache.jackrabbit.oak.plugins.tree.TreeTypeProvider; +import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.apache.jackrabbit.oak.plugins.version.ReadOnlyVersionManager; import org.apache.jackrabbit.oak.spi.security.Context; import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider; @@ -46,7 +47,6 @@ import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants; import org.apache.jackrabbit.oak.spi.state.NodeState; import org.apache.jackrabbit.oak.spi.state.NodeStateUtils; -import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; class CugPermissionProvider implements AggregatedPermissionProvider, CugConstants { @@ -69,15 +69,22 @@ private ReadOnlyVersionManager versionManager; private TopLevelPaths topPaths; + private final RootProvider rootProvider; + private final TreeProvider treeProvider; + CugPermissionProvider(@Nonnull Root root, @Nonnull String workspaceName, @Nonnull Set principals, @Nonnull Set supportedPaths, - @Nonnull Context ctx) { + @Nonnull Context ctx, + @Nonnull RootProvider rootProvider, + @Nonnull TreeProvider treeProvider) { this.root = root; + this.rootProvider = rootProvider; + this.treeProvider = treeProvider; this.workspaceName = workspaceName; - immutableRoot = RootFactory.createReadOnlyRoot(root); + immutableRoot = rootProvider.createReadOnlyRoot(root); principalNames = new String[principals.size()]; int i = 0; for (Principal p : principals) { @@ -93,7 +100,7 @@ @Nonnull TreePermission getTreePermission(@Nonnull Tree parent, @Nonnull TreeType parentType, @Nonnull String childName, @Nonnull NodeState childState, @Nonnull AbstractTreePermission parentPermission) { - Tree t = TreeFactory.createReadOnlyTree(parent, childName, childState); + Tree t = treeProvider.createReadOnlyTree(parent, childName, childState); TreeType type = typeProvider.getType(t, parentType); return getTreePermission(t, type, parentPermission); } @@ -115,7 +122,7 @@ //-------------------------------------------------< PermissionProvider >--- @Override public void refresh() { - immutableRoot = RootFactory.createReadOnlyRoot(root); + immutableRoot = rootProvider.createReadOnlyRoot(root); versionManager = null; topPaths = new TopLevelPaths(immutableRoot); } @@ -445,4 +452,4 @@ } return versionManager; } -} \ No newline at end of file +}