Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlValidator.java (revision ) @@ -19,6 +19,7 @@ import java.util.Collection; import java.util.Collections; import java.util.Set; +import java.util.function.Predicate; import javax.annotation.Nonnull; import javax.jcr.RepositoryException; import javax.jcr.security.AccessControlException; @@ -33,7 +34,7 @@ import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; -import org.apache.jackrabbit.oak.plugins.nodetype.TypePredicate; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManagementProvider; import org.apache.jackrabbit.oak.plugins.tree.TreeConstants; import org.apache.jackrabbit.oak.plugins.tree.TreeProvider; import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; @@ -66,8 +67,8 @@ private final PrivilegeManager privilegeManager; private final RestrictionProvider restrictionProvider; - private final TypePredicate isRepoAccessControllable; - private final TypePredicate isAccessControllable; + private final Predicate isRepoAccessControllable; + private final Predicate isAccessControllable; AccessControlValidator(@Nonnull NodeState parentAfter, @Nonnull PrivilegeManager privilegeManager, @@ -79,8 +80,9 @@ this.privilegeBitsProvider = privilegeBitsProvider; this.privilegeManager = privilegeManager; this.restrictionProvider = restrictionProvider; - this.isRepoAccessControllable = new TypePredicate(parentAfter, MIX_REP_REPO_ACCESS_CONTROLLABLE); - this.isAccessControllable = new TypePredicate(parentAfter, MIX_REP_ACCESS_CONTROLLABLE); + NodeTypeManagementProvider nodeTypeManagementProvider = providerCtx.getNodeTypeManagementProvider(); + this.isRepoAccessControllable = nodeTypeManagementProvider.getNodeTypePredicate(parentAfter, MIX_REP_REPO_ACCESS_CONTROLLABLE); + this.isAccessControllable = nodeTypeManagementProvider.getNodeTypePredicate(parentAfter, MIX_REP_ACCESS_CONTROLLABLE); } private AccessControlValidator(AccessControlValidator parent, Tree parentAfter) { @@ -207,13 +209,13 @@ } private static void checkValidAccessControlledNode(@Nonnull Tree accessControlledTree, - @Nonnull TypePredicate requiredMixin, + @Nonnull Predicate requiredMixin, @Nonnull TreeProvider treeProvider) throws CommitFailedException { if (AC_NODETYPE_NAMES.contains(TreeUtil.getPrimaryTypeName(accessControlledTree))) { throw accessViolation(5, "Access control policy within access control content (" + accessControlledTree.getPath() + ')'); } - if (!requiredMixin.apply(treeProvider.asNodeState(accessControlledTree))) { + if (!requiredMixin.test(treeProvider.asNodeState(accessControlledTree))) { String msg = "Isolated policy node (" + accessControlledTree.getPath() + "). Parent is not of type " + requiredMixin; throw accessViolation(6, msg); } Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java (revision ) @@ -26,7 +26,7 @@ import com.google.common.collect.ImmutableList; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.namepath.NamePathMapper; -import org.apache.jackrabbit.oak.security.authorization.permission.VersionablePathHook; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManagementProvider; import org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlImporter; import org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlManagerImpl; import org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlValidatorProvider; @@ -35,6 +35,7 @@ import org.apache.jackrabbit.oak.security.authorization.permission.PermissionProviderImpl; import org.apache.jackrabbit.oak.security.authorization.permission.PermissionStoreValidatorProvider; import org.apache.jackrabbit.oak.security.authorization.permission.PermissionValidatorProvider; +import org.apache.jackrabbit.oak.security.authorization.permission.VersionablePathHook; import org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionProviderImpl; import org.apache.jackrabbit.oak.spi.commit.CommitHook; import org.apache.jackrabbit.oak.spi.commit.MoveTracker; @@ -56,6 +57,7 @@ import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants; import org.apache.jackrabbit.oak.spi.xml.ImportBehavior; import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter; +import org.apache.jackrabbit.oak.version.VersionManagementProvider; import org.osgi.service.component.annotations.Activate; import org.osgi.service.component.annotations.Component; import org.osgi.service.component.annotations.Reference; @@ -75,7 +77,7 @@ property = OAK_SECURITY_NAME + "=org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl") @Designate(ocd = AuthorizationConfigurationImpl.Configuration.class) public class AuthorizationConfigurationImpl extends ConfigurationBase implements AuthorizationConfiguration, ProviderCtx { - + @ObjectClassDefinition(name = "Apache Jackrabbit Oak AuthorizationConfiguration") @interface Configuration { @AttributeDefinition( @@ -119,6 +121,11 @@ private MountInfoProvider mountInfoProvider = Mounts.defaultMountInfoProvider(); + private VersionManagementProvider versionManagementProvider; + + private NodeTypeManagementProvider nodeTypeManagementProvider; + + public AuthorizationConfigurationImpl() { super(); } @@ -158,7 +165,7 @@ public List getCommitHooks(@Nonnull String workspaceName) { return ImmutableList.of( new VersionablePathHook(workspaceName, this), - new PermissionHook(workspaceName, getRestrictionProvider(), mountInfoProvider, getRootProvider(), getTreeProvider())); + new PermissionHook(workspaceName, getRestrictionProvider(), this)); } @Nonnull @@ -173,14 +180,14 @@ @Nonnull @Override public List getProtectedItemImporters() { - return ImmutableList.of(new AccessControlImporter()); + return ImmutableList.of(new AccessControlImporter(nodeTypeManagementProvider)); } //-----------------------------------------< AccessControlConfiguration >--- @Nonnull @Override public AccessControlManager getAccessControlManager(@Nonnull Root root, @Nonnull NamePathMapper namePathMapper) { - return new AccessControlManagerImpl(root, namePathMapper, getSecurityProvider()); + return new AccessControlManagerImpl(root, namePathMapper, getSecurityProvider(), getNodeTypeManagementProvider()); } @Nonnull @@ -197,22 +204,31 @@ @Nonnull @Override public PermissionProvider getPermissionProvider(@Nonnull Root root, @Nonnull String workspaceName, - @Nonnull Set principals) { + @Nonnull Set principals) { Context ctx = getSecurityProvider().getConfiguration(AuthorizationConfiguration.class).getContext(); if (mountInfoProvider.hasNonDefaultMounts()) { - return new MountPermissionProvider(root, workspaceName, principals, getRestrictionProvider(), - getParameters(), ctx, this); + return new MountPermissionProvider(root, workspaceName, principals, getRestrictionProvider(), getParameters(), ctx, this); } else { - return new PermissionProviderImpl(root, workspaceName, principals, getRestrictionProvider(), - getParameters(), ctx, this); + return new PermissionProviderImpl(root, workspaceName, principals, getRestrictionProvider(), getParameters(), ctx, this); } } //--------------------------------------------------------< ProviderCtx >--- + @Nonnull + @Override + public NodeTypeManagementProvider getNodeTypeManagementProvider() { + return nodeTypeManagementProvider; + } @Nonnull @Override + public VersionManagementProvider getVersionManagementProvider() { + return versionManagementProvider; + } + + @Nonnull + @Override public MountInfoProvider getMountInfoProvider() { return mountInfoProvider; } @@ -225,5 +241,23 @@ public void unbindMountInfoProvider(MountInfoProvider mountInfoProvider) { this.mountInfoProvider = null; + } + + @Reference(name = "versionManagementProvider", cardinality = ReferenceCardinality.MANDATORY) + public void bindVersionManagementProvider(VersionManagementProvider versionManagementProvider) { + this.versionManagementProvider = versionManagementProvider; + } + + public void unbindVersionManagementProvider(VersionManagementProvider versionManagementProvider) { + this.versionManagementProvider = null; + } + + @Reference(name = "nodeTypeManagementProvider", cardinality = ReferenceCardinality.MANDATORY) + public void bindNodeTypeManagementProvider(NodeTypeManagementProvider nodeTypeManagementProvider) { + this.nodeTypeManagementProvider = nodeTypeManagementProvider; + } + + public void unbindNodeTypeManagementProvider(NodeTypeManagementProvider nodeTypeManagementProvider) { + this.nodeTypeManagementProvider = null; } } Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.java (revision ) @@ -48,7 +48,6 @@ import com.google.common.collect.ImmutableSet; import com.google.common.collect.Iterables; import com.google.common.collect.Lists; - import org.apache.jackrabbit.JcrConstants; import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry; import org.apache.jackrabbit.api.security.JackrabbitAccessControlList; @@ -61,14 +60,15 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; -import org.apache.jackrabbit.oak.namepath.impl.GlobalNameMapper; -import org.apache.jackrabbit.oak.namepath.impl.LocalNameMapper; import org.apache.jackrabbit.oak.namepath.NameMapper; import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.namepath.impl.GlobalNameMapper; +import org.apache.jackrabbit.oak.namepath.impl.LocalNameMapper; import org.apache.jackrabbit.oak.namepath.impl.NamePathMapperImpl; import org.apache.jackrabbit.oak.plugins.name.ReadWriteNamespaceRegistry; -import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; +import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.apache.jackrabbit.oak.plugins.value.jcr.ValueFactoryImpl; +import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration; import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE; import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlList; @@ -82,7 +82,6 @@ import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants; import org.apache.jackrabbit.oak.util.NodeUtil; -import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.junit.After; import org.junit.Before; import org.junit.Test; @@ -128,7 +127,7 @@ NameMapper nameMapper = new GlobalNameMapper(root); npMapper = new NamePathMapperImpl(nameMapper); - acMgr = new AccessControlManagerImpl(root, npMapper, getSecurityProvider()); + acMgr = new AccessControlManagerImpl(root, npMapper, getSecurityProvider(), getNodeTypeManagementProvider()); NodeUtil rootNode = new NodeUtil(root.getTree("/"), getNamePathMapper()); rootNode.addChild(testName, JcrConstants.NT_UNSTRUCTURED); @@ -172,7 +171,7 @@ } private AccessControlManagerImpl createAccessControlManager(@Nonnull Root root, @Nonnull NamePathMapper namePathMapper) { - return new AccessControlManagerImpl(root, namePathMapper, getSecurityProvider()); + return new AccessControlManagerImpl(root, namePathMapper, getSecurityProvider(), getNodeTypeManagementProvider()); } private RestrictionProvider getRestrictionProvider() { @@ -184,7 +183,7 @@ } private AccessControlManagerImpl getTestAccessControlManager() throws Exception { - return new AccessControlManagerImpl(getTestRoot(), getNamePathMapper(), getSecurityProvider()); + return new AccessControlManagerImpl(getTestRoot(), getNamePathMapper(), getSecurityProvider(), getNodeTypeManagementProvider()); } private Root getTestRoot() throws Exception { Index: oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugValidatorProvider.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugValidatorProvider.java (revision 1831704) +++ oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugValidatorProvider.java (revision ) @@ -16,19 +16,20 @@ */ package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl; +import java.util.function.Predicate; import javax.annotation.Nonnull; import org.apache.jackrabbit.JcrConstants; import org.apache.jackrabbit.oak.api.CommitFailedException; import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Type; -import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; -import org.apache.jackrabbit.oak.plugins.nodetype.TypePredicate; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManagementProvider; import org.apache.jackrabbit.oak.spi.commit.CommitInfo; import org.apache.jackrabbit.oak.spi.commit.DefaultValidator; import org.apache.jackrabbit.oak.spi.commit.Validator; import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; import org.apache.jackrabbit.oak.spi.commit.VisibleValidator; +import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; import org.apache.jackrabbit.oak.spi.state.NodeState; import org.apache.jackrabbit.oak.spi.state.NodeStateUtils; @@ -36,11 +37,16 @@ class CugValidatorProvider extends ValidatorProvider implements CugConstants { - private TypePredicate isMixCug; + private NodeTypeManagementProvider ntMgtProvider; + private Predicate isMixCug; + CugValidatorProvider(@Nonnull NodeTypeManagementProvider ntMgtProvider) { + this.ntMgtProvider = ntMgtProvider; + } + @Override - protected Validator getRootValidator(NodeState before, NodeState after, CommitInfo info) { - this.isMixCug = new TypePredicate(after, MIX_REP_CUG_MIXIN); + protected Validator getRootValidator(@Nonnull NodeState before, @Nonnull NodeState after, @Nonnull CommitInfo info) { + this.isMixCug = ntMgtProvider.getNodeTypePredicate(after, MIX_REP_CUG_MIXIN); return new CugValidator("", after, false); } @@ -52,7 +58,7 @@ if (!NT_REP_CUG_POLICY.equals(NodeStateUtils.getPrimaryTypeName(nodeState))) { throw accessViolation(21, "Reserved name 'rep:cugPolicy' must only be used for nodes of type 'rep:CugPolicy'."); } - if (!isMixCug.apply(parent)) { + if (!isMixCug.test(parent)) { throw accessViolation(22, "Parent node not of mixin type 'rep:CugMixin'."); } } \ No newline at end of file Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderBuilder.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderBuilder.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderBuilder.java (revision ) @@ -22,10 +22,16 @@ import javax.annotation.Nonnull; +import org.apache.jackrabbit.oak.identifier.IdentifierManagementProvider; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManagementProvider; +import org.apache.jackrabbit.oak.version.VersionManagementProvider; +import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagementProviderService; +import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeManagementProviderService; import org.apache.jackrabbit.oak.plugins.tree.RootProvider; import org.apache.jackrabbit.oak.plugins.tree.TreeProvider; import org.apache.jackrabbit.oak.plugins.tree.impl.RootProviderService; import org.apache.jackrabbit.oak.plugins.tree.impl.TreeProviderService; +import org.apache.jackrabbit.oak.plugins.version.VersionManagementProviderService; import org.apache.jackrabbit.oak.security.authentication.AuthenticationConfigurationImpl; import org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl; import org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl; @@ -59,6 +65,10 @@ private RootProvider rootProvider; private TreeProvider treeProvider; + private VersionManagementProvider versionManagementProvider; + private NodeTypeManagementProvider nodeTypeManagementProvider; + private IdentifierManagementProvider identifierManagementProvider; + private ConfigurationParameters authenticationParams = EMPTY; private AuthenticationConfiguration authenticationConfiguration; @@ -160,6 +170,18 @@ treeProvider = new TreeProviderService(); } + if (nodeTypeManagementProvider == null) { + nodeTypeManagementProvider = new NodeTypeManagementProviderService(); + } + + if (versionManagementProvider == null) { + versionManagementProvider = new VersionManagementProviderService(); + } + + if (identifierManagementProvider == null) { + identifierManagementProvider = new IdentifierManagementProviderService(); + } + // authentication if (authenticationConfiguration == null) { authenticationConfiguration = new AuthenticationConfigurationImpl(); @@ -176,7 +198,10 @@ // user if (userConfiguration == null) { - userConfiguration = new UserConfigurationImpl(); + UserConfigurationImpl uc = new UserConfigurationImpl(); + uc.bindNodeTypeManagementProvider(nodeTypeManagementProvider); + uc.bindIdentifierManagementProvider(identifierManagementProvider); + userConfiguration = uc; } securityProvider.setUserConfiguration( initializeConfiguration(userConfiguration, securityProvider, userParams, rootProvider, treeProvider)); @@ -185,8 +210,12 @@ if (authorizationConfiguration == null) { CompositeAuthorizationConfiguration ac = new CompositeAuthorizationConfiguration(); ac.withCompositionType(configuration.getConfigValue("authorizationCompositionType", CompositeAuthorizationConfiguration.CompositionType.AND.toString())); - ac.setDefaultConfig(initializeConfiguration(new AuthorizationConfigurationImpl(), - securityProvider, rootProvider, treeProvider)); + + AuthorizationConfigurationImpl defaultConfig = new AuthorizationConfigurationImpl(); + defaultConfig.bindVersionManagementProvider(versionManagementProvider); + defaultConfig.bindNodeTypeManagementProvider(nodeTypeManagementProvider); + + ac.setDefaultConfig(initializeConfiguration(defaultConfig, securityProvider, rootProvider, treeProvider)); authorizationConfiguration = ac; } @@ -214,7 +243,11 @@ // token if (tokenConfiguration == null) { CompositeTokenConfiguration tc = new CompositeTokenConfiguration(); - tc.setDefaultConfig(initializeConfiguration(new TokenConfigurationImpl(), securityProvider, rootProvider, treeProvider)); + + TokenConfigurationImpl defaultTokenConfiguration = new TokenConfigurationImpl(); + defaultTokenConfiguration.bindIdentifierManagementProvider(identifierManagementProvider); + + tc.setDefaultConfig(initializeConfiguration(defaultTokenConfiguration, securityProvider, rootProvider, treeProvider)); tokenConfiguration = tc; } @@ -248,4 +281,18 @@ return this; } + public SecurityProviderBuilder withVersionManagementProvider(@Nonnull VersionManagementProvider versionManagementProvider) { + this.versionManagementProvider = versionManagementProvider; + return this; + } + + public SecurityProviderBuilder withNodeTypeMangementProvider(@Nonnull NodeTypeManagementProvider nodeTypeManagementProvider) { + this.nodeTypeManagementProvider = nodeTypeManagementProvider; + return this; + } + + public SecurityProviderBuilder withIdentifierManagementProvider(@Nonnull IdentifierManagementProvider identifierManagementProvider) { + this.identifierManagementProvider = identifierManagementProvider; + return this; + } } Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserImporterImpersonationIgnoreTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserImporterImpersonationIgnoreTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserImporterImpersonationIgnoreTest.java (revision ) @@ -104,7 +104,7 @@ Tree folder = root.getTree(getUserConfiguration().getParameters().getConfigValue(PARAM_USER_PATH, DEFAULT_USER_PATH)); Tree impersonatorTree = folder.addChild("impersonatorTree"); impersonatorTree.setProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_USER, Type.NAME); - impersonatorTree.setProperty(JcrConstants.JCR_UUID, new UserProvider(root, ConfigurationParameters.EMPTY).getContentID("impersonator1")); + impersonatorTree.setProperty(JcrConstants.JCR_UUID, createUserProvider(root, ConfigurationParameters.EMPTY).getContentID("impersonator1")); assertTrue(importer.handlePropInfo(userTree, createPropInfo(REP_IMPERSONATORS, "impersonator1"), mockPropertyDefinition(NT_REP_USER, true))); assertTrue(importer.handlePropInfo(impersonatorTree, createPropInfo(REP_PRINCIPAL_NAME, "impersonator1"), mockPropertyDefinition(NT_REP_AUTHORIZABLE, false))); @@ -121,7 +121,7 @@ Tree folder = root.getTree(getUserConfiguration().getParameters().getConfigValue(PARAM_USER_PATH, DEFAULT_USER_PATH)); Tree impersonatorTree = folder.addChild("impersonatorTree"); impersonatorTree.setProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_USER, Type.NAME); - impersonatorTree.setProperty(JcrConstants.JCR_UUID, new UserProvider(root, ConfigurationParameters.EMPTY).getContentID("impersonator1")); + impersonatorTree.setProperty(JcrConstants.JCR_UUID, createUserProvider(root, ConfigurationParameters.EMPTY).getContentID("impersonator1")); // NOTE: reversed over of import compared to 'testNewImpersonator' assertTrue(importer.handlePropInfo(impersonatorTree, createPropInfo(REP_PRINCIPAL_NAME, "impersonator1"), mockPropertyDefinition(NT_REP_AUTHORIZABLE, false))); \ No newline at end of file Index: oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/VersionTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/VersionTest.java (revision 1831704) +++ oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/VersionTest.java (revision ) @@ -31,15 +31,15 @@ import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.version.VersionManager; import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager; -import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; import org.apache.jackrabbit.oak.plugins.tree.TreeType; -import org.apache.jackrabbit.oak.plugins.version.ReadOnlyVersionManager; -import org.apache.jackrabbit.oak.spi.version.VersionConstants; +import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; +import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions; import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission; import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal; -import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; +import org.apache.jackrabbit.oak.spi.version.VersionConstants; import org.junit.Before; import org.junit.Test; @@ -59,7 +59,7 @@ private ContentSession testSession; private Root testRoot; - private ReadOnlyVersionManager versionManager; + private VersionManager versionManager; private List readAccess = new ArrayList(); private List noReadAccess = new ArrayList(); @@ -95,7 +95,7 @@ testSession = createTestSession(); testRoot = testSession.getLatestRoot(); - versionManager = ReadOnlyVersionManager.getInstance(root, NamePathMapper.DEFAULT); + versionManager = createVersionManager(root); } @Override @@ -109,6 +109,10 @@ } } + private VersionManager createVersionManager(@Nonnull Root root) { + return getVersionManagementProvider().getReadOnlyVersionManager(root, NamePathMapper.DEFAULT); + } + private Tree addVersionContent(@Nonnull String path) throws Exception { Tree t = root.getTree(path); @@ -132,7 +136,7 @@ @Test public void testReadVersionContent() throws Exception { IdentifierManager idMgr = new IdentifierManager(testRoot); - ReadOnlyVersionManager vMgr = ReadOnlyVersionManager.getInstance(testRoot, NamePathMapper.DEFAULT); + VersionManager vMgr = createVersionManager(testRoot); for (String path : readAccess) { Tree t = testRoot.getTree(path); @@ -276,7 +280,7 @@ t = t.getChild(segm); tp = pp.getTreePermission(t, tp); - if (JCR_SYSTEM.equals(segm) || ReadOnlyVersionManager.isVersionStoreTree(t)) { + if (JCR_SYSTEM.equals(segm) || versionManager.isVersionStorageTree(t)) { assertTrue(t.getPath(), tp instanceof EmptyCugTreePermission); } else { assertTrue(t.getPath(), tp instanceof CugTreePermission); @@ -300,7 +304,7 @@ t = t.getChild(segm); tp = pp.getTreePermission(t, tp); - if (JCR_SYSTEM.equals(segm) || ReadOnlyVersionManager.isVersionStoreTree(t)) { + if (JCR_SYSTEM.equals(segm) || versionManager.isVersionStorageTree(t)) { assertTrue(t.getPath(), tp instanceof EmptyCugTreePermission); } else { assertTrue(t.getPath(), tp instanceof CugTreePermission); @@ -322,7 +326,7 @@ t = t.getChild(segm); tp = pp.getTreePermission(t, tp); - if (JCR_SYSTEM.equals(segm) || ReadOnlyVersionManager.isVersionStoreTree(t)) { + if (JCR_SYSTEM.equals(segm) || versionManager.isVersionStorageTree(t)) { assertTrue(t.getPath(), tp instanceof EmptyCugTreePermission); } else { assertSame(t.getPath(), TreePermission.NO_RECOURSE, tp); \ No newline at end of file Index: oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationOsgiTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationOsgiTest.java (revision 1831704) +++ oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationOsgiTest.java (revision ) @@ -71,6 +71,10 @@ MountInfoProviderService mip = new MountInfoProviderService(); context.registerInjectActivateService(mip); + + context.registerInjectActivateService(getVersionManagementProvider()); + context.registerInjectActivateService(getNodeTypeManagementProvider()); + context.registerInjectActivateService(getNamespaceManagementProvider()); } @Test(expected = ReferenceViolationException.class) \ No newline at end of file Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserManagerImpl.java (revision ) @@ -41,7 +41,9 @@ import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.namepath.NamePathMapper; -import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager; +import org.apache.jackrabbit.oak.identifier.IdentifierManagementProvider; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManagementProvider; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManager; import org.apache.jackrabbit.oak.security.user.query.UserQueryManager; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; @@ -71,6 +73,7 @@ private final Root root; private final NamePathMapper namePathMapper; private final SecurityProvider securityProvider; + private final NodeTypeManagementProvider nodeTypeManagementProvider; private final UserProvider userProvider; private final MembershipProvider membershipProvider; @@ -78,18 +81,21 @@ private final AuthorizableActionProvider actionProvider; private UserQueryManager queryManager; - private ReadOnlyNodeTypeManager ntMgr; + private NodeTypeManager ntMgr; public UserManagerImpl(@Nonnull Root root, @Nonnull NamePathMapper namePathMapper, - @Nonnull SecurityProvider securityProvider) { + @Nonnull SecurityProvider securityProvider, + @Nonnull NodeTypeManagementProvider nodeTypeManagementProvider, + @Nonnull IdentifierManagementProvider identifierManagementProvider) { this.root = root; this.namePathMapper = namePathMapper; this.securityProvider = securityProvider; + this.nodeTypeManagementProvider = nodeTypeManagementProvider; UserConfiguration uc = securityProvider.getConfiguration(UserConfiguration.class); this.config = uc.getParameters(); - this.userProvider = new UserProvider(root, config); - this.membershipProvider = new MembershipProvider(root, config); + this.userProvider = new UserProvider(root, config, identifierManagementProvider); + this.membershipProvider = new MembershipProvider(root, config, identifierManagementProvider); this.actionProvider = getActionProvider(config); } @@ -378,9 +384,9 @@ } @Nonnull - ReadOnlyNodeTypeManager getNodeTypeManager() { + NodeTypeManager getNodeTypeManager() { if (ntMgr == null) { - ntMgr = ReadOnlyNodeTypeManager.getInstance(root, NamePathMapper.DEFAULT); + ntMgr = nodeTypeManagementProvider.getReadOnlyNodeTypeManager(root, NamePathMapper.DEFAULT); } return ntMgr; } \ No newline at end of file Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImpl.java (revision ) @@ -37,9 +37,9 @@ import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.version.VersionManager; import org.apache.jackrabbit.oak.plugins.tree.TreeType; import org.apache.jackrabbit.oak.plugins.tree.TreeTypeProvider; -import org.apache.jackrabbit.oak.plugins.version.ReadOnlyVersionManager; import org.apache.jackrabbit.oak.security.authorization.ProviderCtx; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.Context; @@ -48,6 +48,7 @@ import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions; import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission; import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission; +import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider; import org.apache.jackrabbit.oak.spi.security.principal.GroupPrincipals; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider; @@ -80,7 +81,7 @@ private final ProviderCtx providerCtx; private Root root; - private ReadOnlyVersionManager versionManager; + private VersionManager versionManager; private PrivilegeBitsProvider bitsProvider; private CompiledPermissionImpl(@Nonnull Set principals, @@ -177,7 +178,7 @@ case HIDDEN: return ALL; case VERSION: - if (ReadOnlyVersionManager.isVersionStoreTree(tree)) { + if (getVersionManager().isVersionStorageTree(tree)) { return new TreePermissionImpl(tree, TreeType.VERSION, parentPermission); } else { Tree versionableTree = getVersionManager().getVersionable(tree, workspaceName); @@ -423,7 +424,7 @@ @CheckForNull private Tree getEvaluationTree(@Nonnull Tree versionStoreTree) { - if (ReadOnlyVersionManager.isVersionStoreTree(versionStoreTree)) { + if (getVersionManager().isVersionStorageTree(versionStoreTree)) { return versionStoreTree; } else { return getVersionManager().getVersionable(versionStoreTree, workspaceName); @@ -431,9 +432,9 @@ } @Nonnull - private ReadOnlyVersionManager getVersionManager() { + private VersionManager getVersionManager() { if (versionManager == null) { - versionManager = ReadOnlyVersionManager.getInstance(root, NamePathMapper.DEFAULT); + versionManager = providerCtx.getVersionManagementProvider().getReadOnlyVersionManager(root, NamePathMapper.DEFAULT); } return versionManager; } Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidatorProvider.java (revision ) @@ -18,6 +18,7 @@ import java.security.Principal; import java.util.Set; +import java.util.function.Predicate; import javax.annotation.Nonnull; import org.apache.jackrabbit.oak.api.Root; @@ -115,5 +116,9 @@ Tree createReadOnlyTree(@Nonnull NodeState nodeState) { return providerCtx.getTreeProvider().createReadOnlyTree(nodeState); + } + + Predicate createPredicate(@Nonnull NodeState state, @Nonnull String typeName) { + return providerCtx.getNodeTypeManagementProvider().getNodeTypePredicate(state, typeName); } } Index: oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java (revision 1831704) +++ oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationTest.java (revision ) @@ -16,6 +16,7 @@ */ package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl; +import java.lang.reflect.Field; import java.security.Principal; import java.util.List; import java.util.Set; @@ -26,6 +27,9 @@ import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.namespace.NamespaceManagementProvider; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManagementProvider; +import org.apache.jackrabbit.oak.version.VersionManagementProvider; import org.apache.jackrabbit.oak.spi.commit.CommitHook; import org.apache.jackrabbit.oak.spi.commit.MoveTracker; import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; @@ -43,6 +47,7 @@ import org.junit.Test; import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; import static org.junit.Assert.assertSame; import static org.junit.Assert.assertTrue; @@ -217,8 +222,44 @@ assertSupportedPaths(cugConfiguration, "/changed"); } + @Test + public void testBindVersionManagementProvider() throws Exception { + CugConfiguration cugConfiguration = new CugConfiguration(); + assertNull(inspect(cugConfiguration, "versionManagementProvider")); + cugConfiguration.bindVersionManagementProvider(getVersionManagementProvider()); + assertTrue(inspect(cugConfiguration, "versionManagementProvider") instanceof VersionManagementProvider); + cugConfiguration.unbindVersionManagementProvider(getVersionManagementProvider()); + assertNull(inspect(cugConfiguration, "versionManagementProvider")); + } + + @Test + public void testBindNodeTypeManagementProvider() throws Exception { + CugConfiguration cugConfiguration = new CugConfiguration(); + assertNull(inspect(cugConfiguration, "nodeTypeManagementProvider")); + cugConfiguration.bindNodeTypeManagementProvider(getNodeTypeManagementProvider()); + assertTrue(inspect(cugConfiguration, "nodeTypeManagementProvider") instanceof NodeTypeManagementProvider); + cugConfiguration.unbindNodeTypeManagementProvider(getNodeTypeManagementProvider()); + assertNull(inspect(cugConfiguration, "nodeTypeManagementProvider")); + } + + @Test + public void testBindNamespaceManagementProvider() throws Exception { + CugConfiguration cugConfiguration = new CugConfiguration(); + assertNull(inspect(cugConfiguration, "namespaceManagementProvider")); + cugConfiguration.bindNamespaceManagementProvider(getNamespaceManagementProvider()); + assertTrue(inspect(cugConfiguration, "namespaceManagementProvider") instanceof NamespaceManagementProvider); + cugConfiguration.unbindNamespaceManagementProvider(getNamespaceManagementProvider()); + assertNull(inspect(cugConfiguration, "namespaceManagementProvider")); + } + private static void assertSupportedPaths(@Nonnull CugConfiguration configuration, @Nonnull String... paths) throws Exception { Set expected = ImmutableSet.copyOf(paths); assertEquals(expected, configuration.getParameters().getConfigValue(CugConstants.PARAM_CUG_SUPPORTED_PATHS, ImmutableSet.of())); + } + + private static Object inspect(@Nonnull CugConfiguration cugConfiguration, @Nonnull String name) throws Exception { + Field f = CugConfiguration.class.getDeclaredField(name); + f.setAccessible(true); + return f.get(cugConfiguration); } } Index: oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest.java (revision 1831704) +++ oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest.java (revision ) @@ -148,7 +148,7 @@ } CugPermissionProvider createCugPermissionProvider(@Nonnull Set supportedPaths, @Nonnull Principal... principals) { - return new CugPermissionProvider(root, root.getContentSession().getWorkspaceName(), ImmutableSet.copyOf(principals), supportedPaths, getConfig(AuthorizationConfiguration.class).getContext(), getRootProvider(), getTreeProvider()); + return new CugPermissionProvider(root, root.getContentSession().getWorkspaceName(), ImmutableSet.copyOf(principals), supportedPaths, getConfig(AuthorizationConfiguration.class).getContext(), getRootProvider(), getTreeProvider(), getVersionManagementProvider()); } void setupCugsAndAcls() throws Exception { \ No newline at end of file Index: oak-authorization-cug/pom.xml IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/pom.xml (revision 1831704) +++ oak-authorization-cug/pom.xml (revision ) @@ -78,9 +78,10 @@ org.apache.jackrabbit - oak-core + oak-plugins ${project.version} + com.google.guava @@ -142,6 +143,12 @@ junit junit + test + + + org.apache.jackrabbit + oak-core + ${project.version} test \ No newline at end of file Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImplTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImplTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/principal/PrincipalConfigurationImplTest.java (revision ) @@ -21,6 +21,7 @@ import com.google.common.collect.ImmutableList; import org.apache.jackrabbit.api.security.principal.PrincipalManager; +import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.jackrabbit.oak.AbstractSecurityTest; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.namepath.NamePathMapper; @@ -32,7 +33,6 @@ import org.apache.jackrabbit.oak.spi.security.Context; import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; -import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration; import org.apache.jackrabbit.oak.spi.security.principal.EmptyPrincipalProvider; import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration; import org.apache.jackrabbit.oak.spi.security.principal.PrincipalManagerImpl; @@ -136,13 +136,22 @@ @Override public T getConfiguration(@Nonnull Class configClass) { if (configClass.equals(UserConfiguration.class)) { - return (T) new UserConfigurationImpl(this) { + UserConfigurationImpl uc = new UserConfigurationImpl() { + @Nonnull + @Override + public UserManager getUserManager(Root root, NamePathMapper namePathMapper) { + return getUserConfiguration().getUserManager(root, namePathMapper); + } + @Nullable @Override public PrincipalProvider getUserPrincipalProvider(@Nonnull Root root, @Nonnull NamePathMapper namePathMapper) { return null; } }; + uc.bindIdentifierManagementProvider(getIdentifierManagementProvider()); + uc.bindNodeTypeManagementProvider(getNodeTypeManagementProvider()); + return (T) uc; } else { throw new IllegalArgumentException(); } \ No newline at end of file Index: oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java (revision 1831704) +++ oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugSecurityProvider.java (revision ) @@ -18,6 +18,9 @@ import javax.annotation.Nonnull; +import org.apache.jackrabbit.oak.plugins.name.NamespaceManagementProviderService; +import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeManagementProviderService; +import org.apache.jackrabbit.oak.plugins.version.VersionManagementProviderService; import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration; import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder; import org.apache.jackrabbit.oak.security.internal.SecurityProviderHelper; @@ -29,8 +32,10 @@ private CugSecurityProvider() {} - public static SecurityProvider newTestSecurityProvider(@Nonnull ConfigurationParameters configuration) { - CugConfiguration cugConfiguration = new CugConfiguration(); + public static SecurityProvider newTestSecurityProvider(@Nonnull ConfigurationParameters configuration) {CugConfiguration cugConfiguration = new CugConfiguration(); + cugConfiguration.bindNodeTypeManagementProvider(new NodeTypeManagementProviderService()); + cugConfiguration.bindVersionManagementProvider(new VersionManagementProviderService()); + cugConfiguration.bindNamespaceManagementProvider(new NamespaceManagementProviderService()); ConfigurationParameters params = configuration.getConfigValue(AuthorizationConfiguration.NAME, ConfigurationParameters.EMPTY); cugConfiguration.setParameters(params); \ No newline at end of file Index: oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/EmptyCugTreePermissionTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/EmptyCugTreePermissionTest.java (revision 1831704) +++ oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/EmptyCugTreePermissionTest.java (revision ) @@ -22,14 +22,13 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; -import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; import org.apache.jackrabbit.oak.plugins.tree.TreeType; -import org.apache.jackrabbit.oak.plugins.tree.impl.AbstractTree; -import org.apache.jackrabbit.oak.spi.version.VersionConstants; +import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions; import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission; import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal; import org.apache.jackrabbit.oak.spi.state.NodeState; +import org.apache.jackrabbit.oak.spi.version.VersionConstants; import org.apache.jackrabbit.util.Text; import org.junit.Test; Index: oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugTreePermissionTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugTreePermissionTest.java (revision 1831704) +++ oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugTreePermissionTest.java (revision ) @@ -25,7 +25,6 @@ import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; import org.apache.jackrabbit.oak.plugins.tree.TreeProvider; -import org.apache.jackrabbit.oak.plugins.tree.impl.AbstractTree; import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions; import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission; import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal; \ No newline at end of file Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleTest.java (revision ) @@ -181,7 +181,7 @@ @Test public void testTokenProviderCallback() throws Exception { - TokenProvider tp = new TokenProviderImpl(root, ConfigurationParameters.EMPTY, getUserConfiguration()); + TokenProvider tp = new TokenProviderImpl(root, ConfigurationParameters.EMPTY, getUserConfiguration(), getIdentifierManagementProvider()); TokenLoginModule lm = new TokenLoginModule(); lm.initialize(new Subject(), new TestCallbackHandler(tp), ImmutableMap.of(), ImmutableMap.of()); \ No newline at end of file Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserValidatorTest.java (revision ) @@ -61,7 +61,7 @@ } private UserValidatorProvider createValidatorProvider() { - return new UserValidatorProvider(getConfig(), getRootProvider(), getTreeProvider()); + return new UserValidatorProvider(getConfig(), getRootProvider(), getTreeProvider(), getIdentifierManagementProvider()); } @Test @@ -269,7 +269,7 @@ invalid.add(userPath); invalid.add(userPath + "/folder"); - UserProvider up = new UserProvider(root, getUserConfiguration().getParameters()); + UserProvider up = new UserProvider(root, getUserConfiguration().getParameters(), getIdentifierManagementProvider()); for (String path : invalid) { try { Tree parent = root.getTree(path); \ No newline at end of file Index: oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java (revision ) @@ -16,12 +16,9 @@ */ package org.apache.jackrabbit.oak; -import static com.google.common.collect.Lists.newArrayList; - import java.util.Arrays; import java.util.List; import java.util.UUID; - import javax.annotation.Nonnull; import javax.annotation.Nullable; import javax.jcr.Credentials; @@ -43,13 +40,20 @@ import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.identifier.IdentifierManagementProvider; +import org.apache.jackrabbit.oak.namespace.NamespaceManagementProvider; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManagementProvider; +import org.apache.jackrabbit.oak.version.VersionManagementProvider; import org.apache.jackrabbit.oak.plugins.commit.ConflictValidatorProvider; import org.apache.jackrabbit.oak.plugins.commit.JcrConflictHandler; +import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagementProviderService; import org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexEditorProvider; import org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexProvider; import org.apache.jackrabbit.oak.plugins.index.reference.ReferenceEditorProvider; import org.apache.jackrabbit.oak.plugins.index.reference.ReferenceIndexProvider; import org.apache.jackrabbit.oak.plugins.name.NamespaceEditorProvider; +import org.apache.jackrabbit.oak.plugins.name.NamespaceManagementProviderService; +import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeManagementProviderService; import org.apache.jackrabbit.oak.plugins.nodetype.TypeEditorProvider; import org.apache.jackrabbit.oak.plugins.tree.RootProvider; import org.apache.jackrabbit.oak.plugins.tree.TreeProvider; @@ -57,6 +61,7 @@ import org.apache.jackrabbit.oak.plugins.tree.impl.TreeProviderService; import org.apache.jackrabbit.oak.plugins.value.jcr.ValueFactoryImpl; import org.apache.jackrabbit.oak.plugins.version.VersionHook; +import org.apache.jackrabbit.oak.plugins.version.VersionManagementProviderService; import org.apache.jackrabbit.oak.query.QueryEngineSettings; import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; @@ -70,6 +75,8 @@ import org.junit.After; import org.junit.Before; +import static com.google.common.collect.Lists.newArrayList; + /** * AbstractOakTest is the base class for oak test execution. */ @@ -87,6 +94,10 @@ protected QueryEngineSettings querySettings; private final RootProvider rootProvider = new RootProviderService(); private final TreeProvider treeProvider = new TreeProviderService(); + private final VersionManagementProvider versionManagementProvider = new VersionManagementProviderService(); + private final NodeTypeManagementProvider nodeTypeManagementProvider = new NodeTypeManagementProviderService(); + private final NamespaceManagementProvider namespaceManagementProvider = new NamespaceManagementProviderService(); + private final IdentifierManagementProvider identifierManagementProvider = new IdentifierManagementProviderService(); @Before public void before() throws Exception { @@ -142,6 +153,9 @@ return SecurityProviderBuilder.newBuilder().with(getSecurityConfigParameters()) .withRootProvider(rootProvider) .withTreeProvider(treeProvider) + .withNodeTypeMangementProvider(nodeTypeManagementProvider) + .withVersionManagementProvider(versionManagementProvider) + .withIdentifierManagementProvider(identifierManagementProvider) .build(); } @@ -263,5 +277,21 @@ public TreeProvider getTreeProvider() { return treeProvider; + } + + public VersionManagementProvider getVersionManagementProvider() { + return versionManagementProvider; + } + + public NodeTypeManagementProvider getNodeTypeManagementProvider() { + return nodeTypeManagementProvider; + } + + public NamespaceManagementProvider getNamespaceManagementProvider() { + return namespaceManagementProvider; + } + + public IdentifierManagementProvider getIdentifierManagementProvider() { + return identifierManagementProvider; } } Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImpl.java (revision ) @@ -27,6 +27,7 @@ import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.identifier.IdentifierManagementProvider; import org.apache.jackrabbit.oak.spi.commit.MoveTracker; import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; import org.apache.jackrabbit.oak.spi.security.ConfigurationBase; @@ -105,6 +106,8 @@ private final Map credentialsSupport = new ConcurrentHashMap<>( ImmutableMap.of(SimpleCredentialsSupport.class.getName(), SimpleCredentialsSupport.getInstance())); + private IdentifierManagementProvider identifierManagementProvider; + @SuppressWarnings("UnusedDeclaration") public TokenConfigurationImpl() { super(); @@ -135,6 +138,15 @@ this.credentialsSupport.remove(credentialsSupport.getClass().getName()); } + @Reference(name = "identifierManagementProvider", cardinality = ReferenceCardinality.MANDATORY) + public void bindIdentifierManagementProvider(IdentifierManagementProvider identifierManagementProvider) { + this.identifierManagementProvider = identifierManagementProvider; + } + + public void unbindIdentifierManagementProvider(IdentifierManagementProvider identifierManagementProvider) { + this.identifierManagementProvider = null; + } + //----------------------------------------------< SecurityConfiguration >--- @Nonnull @Override @@ -160,7 +172,7 @@ @Override public TokenProvider getTokenProvider(Root root) { UserConfiguration uc = getSecurityProvider().getConfiguration(UserConfiguration.class); - return new TokenProviderImpl(root, getParameters(), uc, newCredentialsSupport()); + return new TokenProviderImpl(root, getParameters(), uc, identifierManagementProvider, newCredentialsSupport()); } private CredentialsSupport newCredentialsSupport() { \ No newline at end of file Index: oak-auth-ldap/pom.xml IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-auth-ldap/pom.xml (revision 1831704) +++ oak-auth-ldap/pom.xml (revision ) @@ -153,12 +153,7 @@ ${project.version} - org.apache.jackrabbit + org.apache.jackrabbit - oak-core - ${project.version} - - - org.apache.jackrabbit oak-commons ${project.version} @@ -225,6 +220,12 @@ test + + org.apache.jackrabbit + oak-core + ${project.version} + test + org.apache.jackrabbit oak-core Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/PolicyOwnerImplTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/PolicyOwnerImplTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/PolicyOwnerImplTest.java (revision ) @@ -37,7 +37,7 @@ public void before() throws Exception { super.before(); - acMgr = new AccessControlManagerImpl(root, getNamePathMapper(), getSecurityProvider()); + acMgr = new AccessControlManagerImpl(root, getNamePathMapper(), getSecurityProvider(), getNodeTypeManagementProvider()); AccessControlList policy = AccessControlUtils.getAccessControlList(acMgr, TEST_PATH); policy.addAccessControlEntry(testPrincipal, testPrivileges); \ No newline at end of file Index: oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java (revision 1831704) +++ oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfiguration.java (revision ) @@ -39,13 +39,12 @@ import org.apache.felix.scr.annotations.ReferenceCardinality; import org.apache.felix.scr.annotations.Service; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.namespace.NamespaceManagementProvider; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManagementProvider; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManager; +import org.apache.jackrabbit.oak.version.VersionManagementProvider; import org.apache.jackrabbit.oak.plugins.memory.MemoryNodeStore; -import org.apache.jackrabbit.oak.plugins.name.NamespaceEditorProvider; -import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager; -import org.apache.jackrabbit.oak.plugins.nodetype.TypeEditorProvider; -import org.apache.jackrabbit.oak.plugins.nodetype.write.NodeTypeRegistry; import org.apache.jackrabbit.oak.spi.commit.CommitHook; import org.apache.jackrabbit.oak.spi.commit.CompositeEditorProvider; import org.apache.jackrabbit.oak.spi.commit.EditorHook; @@ -54,7 +53,6 @@ import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer; import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider; import org.apache.jackrabbit.oak.spi.mount.Mounts; -import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; import org.apache.jackrabbit.oak.spi.security.CompositeConfiguration; import org.apache.jackrabbit.oak.spi.security.ConfigurationBase; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; @@ -110,6 +108,15 @@ @Reference private MountInfoProvider mountInfoProvider = Mounts.defaultMountInfoProvider(); + @Reference + private VersionManagementProvider versionManagementProvider; + + @Reference + private NamespaceManagementProvider namespaceManagementProvider; + + @Reference + private NodeTypeManagementProvider nodeTypeManagementProvider; + private Set supportedPaths = ImmutableSet.of(); @SuppressWarnings("UnusedDeclaration") @@ -142,7 +149,7 @@ if (!enabled || supportedPaths.isEmpty() || getExclude().isExcluded(principals)) { return EmptyPermissionProvider.getInstance(); } else { - return new CugPermissionProvider(root, workspaceName, principals, supportedPaths, getSecurityProvider().getConfiguration(AuthorizationConfiguration.class).getContext(), getRootProvider(), getTreeProvider()); + return new CugPermissionProvider(root, workspaceName, principals, supportedPaths, getSecurityProvider().getConfiguration(AuthorizationConfiguration.class).getContext(), getRootProvider(), getTreeProvider(), versionManagementProvider); } } @@ -160,7 +167,7 @@ NodeStore store = new MemoryNodeStore(base); Root root = getRootProvider().createSystemRoot(store, - new EditorHook(new CompositeEditorProvider(new NamespaceEditorProvider(), new TypeEditorProvider()))); + new EditorHook(new CompositeEditorProvider(namespaceManagementProvider.getEditorProvider(), nodeTypeManagementProvider.getEditorProvider(true)))); if (registerCugNodeTypes(root)) { NodeState target = store.getRoot(); target.compareAgainstBaseState(base, new ApplyDiff(builder)); @@ -177,7 +184,7 @@ @Nonnull @Override public List getValidators(@Nonnull String workspaceName, @Nonnull Set principals, @Nonnull MoveTracker moveTracker) { - return ImmutableList.of(new CugValidatorProvider()); + return ImmutableList.of(new CugValidatorProvider(nodeTypeManagementProvider)); } @Nonnull @@ -221,6 +228,30 @@ this.mountInfoProvider = null; } + public void bindVersionManagementProvider(VersionManagementProvider versionManagementProvider) { + this.versionManagementProvider = versionManagementProvider; + } + + public void unbindVersionManagementProvider(VersionManagementProvider versionManagementProvider) { + this.versionManagementProvider = null; + } + + public void bindNamespaceManagementProvider(NamespaceManagementProvider namespaceManagementProvider) { + this.namespaceManagementProvider = namespaceManagementProvider; + } + + public void unbindNamespaceManagementProvider(NamespaceManagementProvider namespaceManagementProvider) { + this.namespaceManagementProvider = null; + } + + public void bindNodeTypeManagementProvider(NodeTypeManagementProvider nodeTypeManagementProvider) { + this.nodeTypeManagementProvider = nodeTypeManagementProvider; + } + + public void unbindNodeTypeManagementProvider(NodeTypeManagementProvider nodeTypeManagementProvider) { + this.nodeTypeManagementProvider = null; + } + public void bindExclude(CugExclude exclude) { this.exclude = exclude; } @@ -235,17 +266,12 @@ return (exclude == null) ? new CugExclude.Default() : exclude; } - static boolean registerCugNodeTypes(@Nonnull final Root root) { + boolean registerCugNodeTypes(@Nonnull final Root root) { try { - ReadOnlyNodeTypeManager ntMgr = new ReadOnlyNodeTypeManager() { - @Override - protected Tree getTypes() { - return root.getTree(NodeTypeConstants.NODE_TYPES_PATH); - } - }; + NodeTypeManager ntMgr = nodeTypeManagementProvider.getReadOnlyNodeTypeManager(root, NamePathMapper.DEFAULT); if (!ntMgr.hasNodeType(NT_REP_CUG_POLICY)) { try (InputStream stream = CugConfiguration.class.getResourceAsStream("cug_nodetypes.cnd")) { - NodeTypeRegistry.register(root, stream, "cug node types"); + nodeTypeManagementProvider.registerNodeTypes(root, stream, "cug node types"); return true; } } \ No newline at end of file Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidatorProvider.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidatorProvider.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserValidatorProvider.java (revision ) @@ -18,6 +18,7 @@ import javax.annotation.Nonnull; +import org.apache.jackrabbit.oak.identifier.IdentifierManagementProvider; import org.apache.jackrabbit.oak.plugins.tree.RootProvider; import org.apache.jackrabbit.oak.plugins.tree.TreeProvider; import org.apache.jackrabbit.oak.spi.commit.CommitInfo; @@ -34,13 +35,17 @@ private final ConfigurationParameters config; private final RootProvider rootProvider; private final TreeProvider treeProvider; + private final IdentifierManagementProvider identifierManagementProvider; private MembershipProvider membershipProvider; - UserValidatorProvider(@Nonnull ConfigurationParameters config, @Nonnull RootProvider rootProvider, @Nonnull TreeProvider treeProvider) { + UserValidatorProvider(@Nonnull ConfigurationParameters config, + @Nonnull RootProvider rootProvider, @Nonnull TreeProvider treeProvider, + @Nonnull IdentifierManagementProvider identifierManagementProvider) { this.config = config; this.rootProvider = rootProvider; this.treeProvider = treeProvider; + this.identifierManagementProvider = identifierManagementProvider; } //--------------------------------------------------< ValidatorProvider >--- @@ -48,7 +53,7 @@ @Override @Nonnull public Validator getRootValidator( NodeState before, NodeState after, CommitInfo info) { - membershipProvider = new MembershipProvider(rootProvider.createReadOnlyRoot(after), config); + membershipProvider = new MembershipProvider(rootProvider.createReadOnlyRoot(after), config, identifierManagementProvider); return new UserValidator(treeProvider.createReadOnlyTree(before), treeProvider.createReadOnlyTree(after), this); } \ No newline at end of file Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplReadOnlyTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplReadOnlyTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplReadOnlyTest.java (revision ) @@ -53,7 +53,7 @@ cs = login(new GuestCredentials()); readOnlyRoot = cs.getLatestRoot(); - readOnlyTp = new TokenProviderImpl(readOnlyRoot, getTokenConfig(), getUserConfiguration()); + readOnlyTp = new TokenProviderImpl(readOnlyRoot, getTokenConfig(), getUserConfiguration(), getIdentifierManagementProvider()); } private String generateToken() throws Exception { \ No newline at end of file Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java (revision ) @@ -45,7 +45,8 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.namepath.NamePathMapper; -import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager; +import org.apache.jackrabbit.oak.identifier.IdentifierManagementProvider; +import org.apache.jackrabbit.oak.identifier.IdentifierManager; import org.apache.jackrabbit.oak.spi.namespace.NamespaceConstants; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials; @@ -64,7 +65,6 @@ import static org.apache.jackrabbit.oak.api.Type.DATE; import static org.apache.jackrabbit.oak.api.Type.STRING; -import static org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager.getIdentifier; /** * Default implementation of the {@code TokenProvider} interface that keeps login @@ -126,18 +126,23 @@ private final IdentifierManager identifierManager; private final long cleanupThreshold; - TokenProviderImpl(@Nonnull Root root, @Nonnull ConfigurationParameters options, @Nonnull UserConfiguration userConfiguration) { - this(root, options, userConfiguration, SimpleCredentialsSupport.getInstance()); + TokenProviderImpl(@Nonnull Root root, @Nonnull ConfigurationParameters options, + @Nonnull UserConfiguration userConfiguration, + @Nonnull IdentifierManagementProvider identifierManagementProvider) { + this(root, options, userConfiguration, identifierManagementProvider, SimpleCredentialsSupport.getInstance()); } - TokenProviderImpl(@Nonnull Root root, @Nonnull ConfigurationParameters options, @Nonnull UserConfiguration userConfiguration, @Nonnull CredentialsSupport credentialsSupport) { + TokenProviderImpl(@Nonnull Root root, @Nonnull ConfigurationParameters options, + @Nonnull UserConfiguration userConfiguration, + @Nonnull IdentifierManagementProvider identifierManagementProvider, + @Nonnull CredentialsSupport credentialsSupport) { this.root = root; this.options = options; this.credentialsSupport = credentialsSupport; this.tokenExpiration = options.getConfigValue(PARAM_TOKEN_EXPIRATION, DEFAULT_TOKEN_EXPIRATION); this.userManager = userConfiguration.getUserManager(root, NamePathMapper.DEFAULT); - this.identifierManager = new IdentifierManager(root); + this.identifierManager = identifierManagementProvider.getIdentifierManager(root); this.cleanupThreshold = options.getConfigValue(PARAM_TOKEN_CLEANUP_THRESHOLD, NO_TOKEN_CLEANUP); } @@ -427,7 +432,7 @@ tokenNode.setProperty(JcrConstants.JCR_UUID, uuid); String key = generateKey(options.getConfigValue(PARAM_TOKEN_LENGTH, DEFAULT_KEY_SIZE)); - String nodeId = getIdentifier(tokenNode); + String nodeId = identifierManager.getIdentifierFromTree(tokenNode); String token = nodeId + DELIM + key; String keyHash = PasswordUtil.buildPasswordHash(getKeyValue(key, id), options); Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderCustomMixTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderCustomMixTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderCustomMixTest.java (revision ) @@ -233,7 +233,7 @@ return new CompositePermissionProvider(root, composite, config.getContext(), type, getRootProvider(), getTreeProvider()); } - private static class CustomProvider implements AggregatedPermissionProvider { + private static final class CustomProvider implements AggregatedPermissionProvider { private final PrivilegeBitsProvider pbp; Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/Util.java (revision ) @@ -25,7 +25,7 @@ import org.apache.jackrabbit.api.security.principal.PrincipalManager; import org.apache.jackrabbit.oak.api.Tree; -import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManager; import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration; import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE; import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants; @@ -94,12 +94,12 @@ } public static boolean isAccessControlled(@Nullable String oakPath, @Nonnull Tree tree, - @Nonnull ReadOnlyNodeTypeManager ntMgr) { + @Nonnull NodeTypeManager ntMgr) { String mixinName = getMixinName(oakPath); return ntMgr.isNodeType(tree, mixinName); } - public static boolean isACE(@Nonnull Tree tree, @Nonnull ReadOnlyNodeTypeManager ntMgr) { + public static boolean isACE(@Nonnull Tree tree, @Nonnull NodeTypeManager ntMgr) { return tree.exists() && ntMgr.isNodeType(tree, NT_REP_ACE); } \ No newline at end of file Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplOSGiTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplOSGiTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplOSGiTest.java (revision ) @@ -49,6 +49,8 @@ tokenConfiguration.setSecurityProvider(getSecurityProvider()); + context.registerService(getIdentifierManagementProvider()); + context.registerInjectActivateService(tokenConfiguration, ImmutableMap.of( TokenProvider.PARAM_TOKEN_EXPIRATION, 25, TokenProvider.PARAM_TOKEN_LENGTH, 4)); \ No newline at end of file Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProvider.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProvider.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/MembershipProvider.java (revision ) @@ -32,6 +32,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; +import org.apache.jackrabbit.oak.identifier.IdentifierManagementProvider; import org.apache.jackrabbit.oak.plugins.memory.PropertyValues; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType; @@ -114,8 +115,8 @@ * @param root the current root * @param config the security configuration */ - MembershipProvider(@Nonnull Root root, @Nonnull ConfigurationParameters config) { - super(root, config); + MembershipProvider(@Nonnull Root root, @Nonnull ConfigurationParameters config, @Nonnull IdentifierManagementProvider identifierManagementProvider) { + super(root, config, identifierManagementProvider); } /** \ No newline at end of file Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java (revision ) @@ -109,7 +109,7 @@ } private PrincipalProvider createPrincipalProvider(Root root) { - return new UserPrincipalProvider(root, getUserConfiguration(), namePathMapper); + return new UserPrincipalProvider(root, getUserConfiguration(), namePathMapper, getIdentifierManagementProvider()); } private ContentSession getSystemSession() throws Exception { \ No newline at end of file Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizablePropertiesImpl.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizablePropertiesImpl.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizablePropertiesImpl.java (revision ) @@ -34,8 +34,8 @@ import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManager; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; -import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager; import org.apache.jackrabbit.oak.plugins.tree.TreeLocation; import org.apache.jackrabbit.oak.plugins.value.jcr.ValueFactoryImpl; import org.apache.jackrabbit.oak.spi.security.user.UserConstants; @@ -233,7 +233,7 @@ log.debug("Unable to determine definition of authorizable property at " + propertyLocation.getPath()); return null; } - ReadOnlyNodeTypeManager nodeTypeManager = authorizable.getUserManager().getNodeTypeManager(); + NodeTypeManager nodeTypeManager = authorizable.getUserManager().getNodeTypeManager(); PropertyDefinition def = nodeTypeManager.getDefinition(parent, property, true); if (def.isProtected() || (authorizablePath.equals(parent.getPath()) && !def.getDeclaringNodeType().isNodeType(UserConstants.NT_REP_AUTHORIZABLE))) { @@ -244,7 +244,7 @@ } private void checkProtectedProperty(@Nonnull Tree parent, @Nonnull PropertyState property) throws RepositoryException { - ReadOnlyNodeTypeManager nodeTypeManager = authorizable.getUserManager().getNodeTypeManager(); + NodeTypeManager nodeTypeManager = authorizable.getUserManager().getNodeTypeManager(); PropertyDefinition def = nodeTypeManager.getDefinition(parent, property, false); if (def.isProtected()) { throw new ConstraintViolationException( Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java (revision ) @@ -46,6 +46,7 @@ import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.commons.LongUtils; import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.identifier.IdentifierManagementProvider; import org.apache.jackrabbit.oak.security.user.query.QueryUtil; import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal; import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl; @@ -89,13 +90,14 @@ UserPrincipalProvider(@Nonnull Root root, @Nonnull UserConfiguration userConfiguration, - @Nonnull NamePathMapper namePathMapper) { + @Nonnull NamePathMapper namePathMapper, + @Nonnull IdentifierManagementProvider identifierManagementProvider) { this.root = root; this.config = userConfiguration; this.namePathMapper = namePathMapper; - this.userProvider = new UserProvider(root, config.getParameters()); - this.membershipProvider = new MembershipProvider(root, config.getParameters()); + this.userProvider = new UserProvider(root, config.getParameters(), identifierManagementProvider); + this.membershipProvider = new MembershipProvider(root, config.getParameters(), identifierManagementProvider); expiration = config.getParameters().getConfigValue(PARAM_CACHE_EXPIRATION, EXPIRATION_NO_CACHE); cacheEnabled = (expiration > EXPIRATION_NO_CACHE && root.getContentSession().getAuthInfo().getPrincipals().contains(SystemPrincipal.INSTANCE)); Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/AddMembersByIdBestEffortTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/AddMembersByIdBestEffortTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/AddMembersByIdBestEffortTest.java (revision ) @@ -127,7 +127,8 @@ @Test public void testAddByContentID() throws Exception { - AuthorizableBaseProvider provider = new UserProvider(root, ConfigurationParameters.of(getUserConfiguration().getParameters(), ConfigurationParameters.of(UserConstants.PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE, false))); + ConfigurationParameters params = ConfigurationParameters.of(getUserConfiguration().getParameters(), ConfigurationParameters.of(UserConstants.PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE, false)); + AuthorizableBaseProvider provider = new UserProvider(root, params, getIdentifierManagementProvider()); Set failed = testGroup.addMembers(provider.getContentID(getTestUser().getID())); assertTrue(failed.isEmpty()); \ No newline at end of file Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/GroupImplTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/GroupImplTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/GroupImplTest.java (revision ) @@ -44,7 +44,7 @@ public void before() throws Exception { super.before(); - uMgr = new UserManagerImpl(root, getNamePathMapper(), getSecurityProvider()); + uMgr = new UserManagerImpl(root, getNamePathMapper(), getSecurityProvider(), getNodeTypeManagementProvider(), getIdentifierManagementProvider()); Group g = uMgr.createGroup(groupId); group = new GroupImpl(groupId, root.getTree(g.getPath()), uMgr); \ No newline at end of file Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/AbstractTokenTest.java (revision ) @@ -44,7 +44,8 @@ root = adminSession.getLatestRoot(); tokenProvider = new TokenProviderImpl(root, getTokenConfig(), - getUserConfiguration()); + getUserConfiguration(), + getIdentifierManagementProvider()); } @Override \ No newline at end of file Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionablePathHook.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionablePathHook.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/VersionablePathHook.java (revision ) @@ -29,7 +29,7 @@ import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.namepath.NamePathMapper; -import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManager; import org.apache.jackrabbit.oak.plugins.version.ReadWriteVersionManager; import org.apache.jackrabbit.oak.security.authorization.ProviderCtx; import org.apache.jackrabbit.oak.spi.commit.CommitHook; @@ -68,7 +68,7 @@ NodeBuilder vsRoot = rootBuilder.child(NodeTypeConstants.JCR_SYSTEM).child(NodeTypeConstants.JCR_VERSIONSTORAGE); ReadWriteVersionManager vMgr = new ReadWriteVersionManager(vsRoot, rootBuilder); - ReadOnlyNodeTypeManager ntMgr = ReadOnlyNodeTypeManager.getInstance(providerCtx.getRootProvider().createReadOnlyRoot(rootBuilder.getNodeState()), NamePathMapper.DEFAULT); + NodeTypeManager ntMgr = providerCtx.getNodeTypeManagementProvider().getReadOnlyNodeTypeManager(providerCtx.getRootProvider().createReadOnlyRoot(rootBuilder.getNodeState()), NamePathMapper.DEFAULT); List exceptions = new ArrayList(); after.compareAgainstBaseState(before, @@ -87,12 +87,12 @@ private final class Diff extends DefaultNodeStateDiff implements VersionConstants { private final ReadWriteVersionManager versionManager; - private final ReadOnlyNodeTypeManager ntMgr; + private final NodeTypeManager ntMgr; private final Node nodeAfter; private final List exceptions; private Diff(@Nonnull ReadWriteVersionManager versionManager, - @Nonnull ReadOnlyNodeTypeManager ntMgr, + @Nonnull NodeTypeManager ntMgr, @Nonnull Node node, @Nonnull List exceptions) { this.versionManager = versionManager; @@ -169,7 +169,7 @@ this.path = PathUtils.concat(parent.path, name); } - private boolean isVersionable(ReadOnlyNodeTypeManager ntMgr) { + private boolean isVersionable(NodeTypeManager ntMgr) { // this is not 100% correct, because t.getPath() will // not return the correct path for node after, but is // sufficient to check if it is versionable \ No newline at end of file Index: oak-store-document/src/test/java/org/apache/jackrabbit/oak/plugins/document/VisibleChangesTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-store-document/src/test/java/org/apache/jackrabbit/oak/plugins/document/VisibleChangesTest.java (revision 1831704) +++ oak-store-document/src/test/java/org/apache/jackrabbit/oak/plugins/document/VisibleChangesTest.java (revision ) @@ -22,7 +22,9 @@ import com.google.common.collect.Sets; import org.apache.jackrabbit.oak.api.CommitFailedException; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManagementProvider; import org.apache.jackrabbit.oak.plugins.document.memory.MemoryDocumentStore; +import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeManagementProviderService; import org.apache.jackrabbit.oak.plugins.tree.RootProvider; import org.apache.jackrabbit.oak.plugins.tree.TreeProvider; import org.apache.jackrabbit.oak.plugins.tree.impl.RootProviderService; @@ -34,6 +36,7 @@ import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.state.NodeBuilder; +import org.apache.jackrabbit.oak.version.VersionManagementProvider; import org.junit.Test; import static org.apache.jackrabbit.oak.plugins.document.TestUtils.persistToBranch; @@ -88,6 +91,18 @@ @Override public RootProvider getRootProvider() { return new RootProviderService(); + } + + @Nonnull + @Override + public NodeTypeManagementProvider getNodeTypeManagementProvider() { + return new NodeTypeManagementProviderService(); + } + + @Nonnull + @Override + public VersionManagementProvider getVersionManagementProvider() { + throw new UnsupportedOperationException(); } @Nonnull Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderTest.java (revision ) @@ -38,7 +38,7 @@ @Override protected PrincipalProvider createPrincipalProvider() { - return new UserPrincipalProvider(root, getUserConfiguration(), namePathMapper); + return new UserPrincipalProvider(root, getUserConfiguration(), namePathMapper, getIdentifierManagementProvider()); } @Test Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ProviderCtx.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ProviderCtx.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/ProviderCtx.java (revision ) @@ -18,6 +18,8 @@ import javax.annotation.Nonnull; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManagementProvider; +import org.apache.jackrabbit.oak.version.VersionManagementProvider; import org.apache.jackrabbit.oak.plugins.tree.RootProvider; import org.apache.jackrabbit.oak.plugins.tree.TreeProvider; import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider; @@ -33,7 +35,13 @@ @Nonnull RootProvider getRootProvider(); + + @Nonnull + NodeTypeManagementProvider getNodeTypeManagementProvider(); + + @Nonnull + VersionManagementProvider getVersionManagementProvider(); @Nonnull MountInfoProvider getMountInfoProvider(); -} \ No newline at end of file +} Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java (revision ) @@ -31,8 +31,8 @@ import org.apache.jackrabbit.oak.plugins.index.nodetype.NodeTypeIndexProvider; import org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexProvider; import org.apache.jackrabbit.oak.plugins.memory.MemoryNodeStore; -import org.apache.jackrabbit.oak.plugins.tree.factories.RootFactory; import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; +import org.apache.jackrabbit.oak.plugins.tree.factories.RootFactory; import org.apache.jackrabbit.oak.spi.commit.EmptyHook; import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer; import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider; @@ -48,7 +48,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import static com.google.common.base.Preconditions.checkNotNull; import static com.google.common.base.Preconditions.checkState; import static org.apache.jackrabbit.oak.plugins.memory.ModifiedNodeState.squeeze; Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthenticationTest.java (revision ) @@ -55,7 +55,8 @@ super.before(); tokenProvider = new TokenProviderImpl(root, ConfigurationParameters.EMPTY, - getUserConfiguration()); + getUserConfiguration(), + getIdentifierManagementProvider()); root.commit(); authentication = new TokenAuthentication(tokenProvider); @@ -131,7 +132,8 @@ public void testAuthenticateExpiredToken() throws Exception { TokenProvider tp = new TokenProviderImpl(root, ConfigurationParameters.of(TokenProvider.PARAM_TOKEN_EXPIRATION, 1), - getUserConfiguration()); + getUserConfiguration(), + getIdentifierManagementProvider()); TokenInfo info = tp.createToken(userId, Collections.emptyMap()); waitUntilExpired(info); \ No newline at end of file Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java (revision ) @@ -36,6 +36,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.commons.PathUtils; +import org.apache.jackrabbit.oak.identifier.IdentifierManagementProvider; import org.apache.jackrabbit.oak.plugins.memory.PropertyValues; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.user.AuthorizableNodeName; @@ -170,8 +171,8 @@ private final String groupPath; private final String userPath; - UserProvider(@Nonnull Root root, @Nonnull ConfigurationParameters config) { - super(root, config); + UserProvider(@Nonnull Root root, @Nonnull ConfigurationParameters config, @Nonnull IdentifierManagementProvider identifierManagementProvider) { + super(root, config, identifierManagementProvider); defaultDepth = config.getConfigValue(PARAM_DEFAULT_DEPTH, DEFAULT_DEPTH); groupPath = config.getConfigValue(PARAM_GROUP_PATH, DEFAULT_GROUP_PATH); \ No newline at end of file Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderTest.java (revision ) @@ -29,6 +29,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagementProviderService; import org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexEditorProvider; import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager; import org.apache.jackrabbit.oak.InitialContent; @@ -86,21 +87,25 @@ } private UserProvider createUserProvider() { - return new UserProvider(root, defaultConfig); + return createUserProvider(defaultConfig); } private UserProvider createUserProvider(int defaultDepth) { Map options = new HashMap(customOptions); options.put(UserConstants.PARAM_DEFAULT_DEPTH, defaultDepth); - return new UserProvider(root, ConfigurationParameters.of(options)); + return createUserProvider(ConfigurationParameters.of(options)); } private UserProvider createUserProviderRFC7612() { Map options = new HashMap(customOptions); options.put(UserConstants.PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE, true); - return new UserProvider(root, ConfigurationParameters.of(options)); + return createUserProvider(ConfigurationParameters.of(options)); } + private UserProvider createUserProvider(@Nonnull ConfigurationParameters params) { + return new UserProvider(root, params, new IdentifierManagementProviderService()); + } + @Test public void testCreateUser() throws Exception { UserProvider up = createUserProvider(); @@ -355,7 +360,7 @@ return "aaa"; } }); - UserProvider up = new UserProvider(root, config); + UserProvider up = createUserProvider(config); try { Tree u1 = up.createUser("a", null); Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/token/TokenConfigurationImplTest.java (revision ) @@ -41,6 +41,7 @@ super.before(); tc = new TokenConfigurationImpl(getSecurityProvider()); tc.setTreeProvider(getTreeProvider()); + tc.bindIdentifierManagementProvider(getIdentifierManagementProvider()); } @Override \ No newline at end of file Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionValidator.java (revision ) @@ -16,6 +16,7 @@ */ package org.apache.jackrabbit.oak.security.authorization.permission; +import java.util.function.Predicate; import javax.annotation.CheckForNull; import javax.annotation.Nonnull; import javax.annotation.Nullable; @@ -25,7 +26,6 @@ import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.plugins.index.IndexConstants; -import org.apache.jackrabbit.oak.plugins.nodetype.TypePredicate; import org.apache.jackrabbit.oak.plugins.tree.TreeConstants; import org.apache.jackrabbit.oak.plugins.tree.TreeProvider; import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; @@ -59,8 +59,8 @@ private final PermissionProvider permissionProvider; private final PermissionValidatorProvider provider; - private final TypePredicate isReferenceable; - private final TypePredicate isCreated; + private final Predicate isReferenceable; + private final Predicate isCreated; private final long permission; @@ -75,8 +75,8 @@ this.permissionProvider = permissionProvider; this.provider = provider; - this.isReferenceable = new TypePredicate(rootAfter, MIX_REFERENCEABLE); - this.isCreated = new TypePredicate(rootAfter, MIX_CREATED); + this.isReferenceable = provider.createPredicate(rootAfter, MIX_REFERENCEABLE); + this.isCreated = provider.createPredicate(rootAfter, MIX_CREATED); permission = Permissions.getPermission(PermissionUtil.getPath(parentBefore, parentAfter), Permissions.NO_PERMISSION); } @@ -323,11 +323,11 @@ // doesn't reveal if a given property is expected to be never modified // after creation. NodeState parentNs = provider.getTreeProvider().asNodeState(parent); - if (JcrConstants.JCR_UUID.equals(name) && isReferenceable.apply(parentNs)) { + if (JcrConstants.JCR_UUID.equals(name) && isReferenceable.test(parentNs)) { return true; } else { return (JCR_CREATED.equals(name) || JCR_CREATEDBY.equals(name)) - && isCreated.apply(parentNs); + && isCreated.test(parentNs); } } Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java (revision ) @@ -21,7 +21,6 @@ import java.util.List; import java.util.Map; import java.util.Set; - import javax.annotation.Nonnull; import javax.annotation.Nullable; @@ -29,6 +28,8 @@ import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.identifier.IdentifierManagementProvider; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManagementProvider; import org.apache.jackrabbit.oak.security.user.autosave.AutoSaveEnabledManager; import org.apache.jackrabbit.oak.spi.commit.MoveTracker; import org.apache.jackrabbit.oak.spi.commit.ThreeWayConflictHandler; @@ -48,6 +49,8 @@ import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter; import org.osgi.service.component.annotations.Activate; import org.osgi.service.component.annotations.Component; +import org.osgi.service.component.annotations.Reference; +import org.osgi.service.component.annotations.ReferenceCardinality; import org.osgi.service.metatype.annotations.AttributeDefinition; import org.osgi.service.metatype.annotations.Designate; import org.osgi.service.metatype.annotations.ObjectClassDefinition; @@ -158,6 +161,9 @@ private static final UserAuthenticationFactory DEFAULT_AUTH_FACTORY = new UserAuthenticationFactoryImpl(); + private NodeTypeManagementProvider nodeTypeManagementProvider; + private IdentifierManagementProvider identifierManagementProvider; + public UserConfigurationImpl() { super(); } @@ -177,6 +183,24 @@ setParameters(ConfigurationParameters.of(properties)); } + @Reference(name = "nodeTypeManagementProvider", cardinality = ReferenceCardinality.MANDATORY) + public void bindNodeTypeManagementProvider(NodeTypeManagementProvider nodeTypeManagementProvider) { + this.nodeTypeManagementProvider = nodeTypeManagementProvider; + } + + public void unbindNodeTypeManagementProvider(NodeTypeManagementProvider nodeTypeManagementProvider) { + this.nodeTypeManagementProvider = null; + } + + @Reference(name = "identifierManagementProvider", cardinality = ReferenceCardinality.MANDATORY) + public void bindIdentifierManagementProvider(IdentifierManagementProvider identifierManagementProvider) { + this.identifierManagementProvider = identifierManagementProvider; + } + + public void unbindIdentifierManagementProvider(IdentifierManagementProvider identifierManagementProvider) { + this.identifierManagementProvider = null; + } + //----------------------------------------------< SecurityConfiguration >--- @Nonnull @Override @@ -206,7 +230,7 @@ @Nonnull @Override public List getValidators(@Nonnull String workspaceName, @Nonnull Set principals, @Nonnull MoveTracker moveTracker) { - return ImmutableList.of(new UserValidatorProvider(getParameters(), getRootProvider(), getTreeProvider()), new CacheValidatorProvider(principals, getTreeProvider())); + return ImmutableList.of(new UserValidatorProvider(getParameters(), getRootProvider(), getTreeProvider(), identifierManagementProvider), new CacheValidatorProvider(principals, nodeTypeManagementProvider)); } @Nonnull @@ -218,7 +242,7 @@ @Nonnull @Override public List getProtectedItemImporters() { - return Collections.singletonList(new UserImporter(getParameters())); + return Collections.singletonList(new UserImporter(getParameters(), nodeTypeManagementProvider, identifierManagementProvider)); } @Nonnull @@ -231,7 +255,7 @@ @Nonnull @Override public UserManager getUserManager(Root root, NamePathMapper namePathMapper) { - UserManager umgr = new UserManagerImpl(root, namePathMapper, getSecurityProvider()); + UserManager umgr = new UserManagerImpl(root, namePathMapper, getSecurityProvider(), nodeTypeManagementProvider, identifierManagementProvider); if (getParameters().getConfigValue(UserConstants.PARAM_SUPPORT_AUTOSAVE, false)) { return new AutoSaveEnabledManager(umgr, root); } else { @@ -242,6 +266,6 @@ @Nullable @Override public PrincipalProvider getUserPrincipalProvider(@Nonnull Root root, @Nonnull NamePathMapper namePathMapper) { - return new UserPrincipalProvider(root, this, namePathMapper); + return new UserPrincipalProvider(root, this, namePathMapper, identifierManagementProvider); } } Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditor.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditor.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditor.java (revision ) @@ -20,6 +20,7 @@ import java.util.List; import java.util.Map; import java.util.Set; +import java.util.function.Predicate; import javax.annotation.Nonnull; import com.google.common.base.Objects; @@ -29,7 +30,6 @@ import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; -import org.apache.jackrabbit.oak.plugins.nodetype.TypePredicate; import org.apache.jackrabbit.oak.plugins.tree.TreeProvider; import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants; import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants; @@ -60,7 +60,7 @@ PermissionStoreEditor(@Nonnull String aclPath, @Nonnull String name, @Nonnull NodeState node, @Nonnull NodeBuilder permissionRoot, - @Nonnull TypePredicate isACE, @Nonnull TypePredicate isGrantACE, + @Nonnull Predicate isACE, @Nonnull Predicate isGrantACE, @Nonnull PrivilegeBitsProvider bitsProvider, @Nonnull RestrictionProvider restrictionProvider, @Nonnull TreeProvider treeProvider) { @@ -82,8 +82,8 @@ int index = 0; for (String childName : orderedChildNames) { NodeState ace = node.getChildNode(childName); - if (isACE.apply(ace)) { - boolean isAllow = isGrantACE.apply(ace); + if (isACE.test(ace)) { + boolean isAllow = isGrantACE.test(ace); PrivilegeBits privilegeBits = bitsProvider.getBits(ace.getNames(REP_PRIVILEGES)); Set restrictions = restrictionProvider.readRestrictions(Strings.emptyToNull(accessControlledPath), treeProvider.createReadOnlyTree(ace)); Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserImporter.java (revision ) @@ -49,7 +49,9 @@ import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.namepath.NamePathMapper; -import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager; +import org.apache.jackrabbit.oak.identifier.IdentifierManagementProvider; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManagementProvider; +import org.apache.jackrabbit.oak.identifier.IdentifierManager; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; @@ -131,6 +133,9 @@ private final int importBehavior; + private final NodeTypeManagementProvider nodeTypeManagementProvider; + private final IdentifierManagementProvider identifierManagementProvider; + private Root root; private NamePathMapper namePathMapper; private ReferenceChangeTracker referenceTracker; @@ -162,8 +167,12 @@ */ private Map principals = new HashMap(); - UserImporter(ConfigurationParameters config) { + UserImporter(@Nonnull ConfigurationParameters config, + @Nonnull NodeTypeManagementProvider nodeTypeManagementProvider, + @Nonnull IdentifierManagementProvider identifierManagementProvider) { importBehavior = UserUtil.getImportBehavior(config); + this.nodeTypeManagementProvider = nodeTypeManagementProvider; + this.identifierManagementProvider = identifierManagementProvider; } //----------------------------------------------< ProtectedItemImporter >--- @@ -193,7 +202,7 @@ return false; } - userManager = new UserManagerImpl(root, namePathMapper, securityProvider); + userManager = new UserManagerImpl(root, namePathMapper, securityProvider, nodeTypeManagementProvider, identifierManagementProvider); initialized = true; return initialized; @@ -447,7 +456,7 @@ @Nonnull private IdentifierManager getIdentifierManager() { if (identifierManager == null) { - identifierManager = new IdentifierManager(root); + identifierManager = identifierManagementProvider.getIdentifierManager(root); } return identifierManager; } \ No newline at end of file Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/MembershipBaseTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/MembershipBaseTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/MembershipBaseTest.java (revision ) @@ -61,7 +61,7 @@ @Before public void before() throws Exception { super.before(); - userMgr = new UserManagerImpl(root, namePathMapper, getSecurityProvider()); + userMgr = new UserManagerImpl(root, namePathMapper, getSecurityProvider(), getNodeTypeManagementProvider(), getIdentifierManagementProvider()); mp = userMgr.getMembershipProvider(); // set the threshold low for testing mp.setMembershipSizeThreshold(SIZE_TH); \ No newline at end of file Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/permission/PermissionHook.java (revision ) @@ -18,16 +18,15 @@ import java.util.HashMap; import java.util.Map; +import java.util.function.Predicate; import javax.annotation.Nonnull; import org.apache.jackrabbit.oak.api.CommitFailedException; -import org.apache.jackrabbit.oak.plugins.nodetype.TypePredicate; -import org.apache.jackrabbit.oak.plugins.tree.RootProvider; -import org.apache.jackrabbit.oak.plugins.tree.TreeProvider; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManagementProvider; +import org.apache.jackrabbit.oak.security.authorization.ProviderCtx; import org.apache.jackrabbit.oak.spi.commit.CommitInfo; import org.apache.jackrabbit.oak.spi.commit.PostValidationHook; import org.apache.jackrabbit.oak.spi.mount.Mount; -import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider; import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants; import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants; import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider; @@ -67,28 +66,23 @@ private final RestrictionProvider restrictionProvider; private final String workspaceName; - private final MountInfoProvider mountInfoProvider; - private final RootProvider rootProvider; - private final TreeProvider treeProvider; + private final ProviderCtx providerCtx; private NodeBuilder permissionStore; private PrivilegeBitsProvider bitsProvider; - private TypePredicate isACL; - private TypePredicate isACE; - private TypePredicate isGrantACE; + private Predicate isACL; + private Predicate isACE; + private Predicate isGrantACE; private Map modified = new HashMap(); private Map deleted = new HashMap(); public PermissionHook(@Nonnull String workspaceName, @Nonnull RestrictionProvider restrictionProvider, - @Nonnull MountInfoProvider mountInfoProvider, @Nonnull RootProvider rootProvider, - @Nonnull TreeProvider treeProvider) { + @Nonnull ProviderCtx providerCtx) { this.workspaceName = workspaceName; this.restrictionProvider = restrictionProvider; - this.mountInfoProvider = mountInfoProvider; - this.rootProvider = rootProvider; - this.treeProvider = treeProvider; + this.providerCtx = providerCtx; } //---------------------------------------------------------< CommitHook >--- @@ -100,11 +94,12 @@ NodeBuilder rootAfter = after.builder(); permissionStore = getPermissionStore(rootAfter); - bitsProvider = new PrivilegeBitsProvider(rootProvider.createReadOnlyRoot(after)); + bitsProvider = new PrivilegeBitsProvider(providerCtx.getRootProvider().createReadOnlyRoot(after)); - isACL = new TypePredicate(after, NT_REP_ACL); - isACE = new TypePredicate(after, NT_REP_ACE); - isGrantACE = new TypePredicate(after, NT_REP_GRANT_ACE); + NodeTypeManagementProvider nodeTypeManagementProvider = providerCtx.getNodeTypeManagementProvider(); + isACL = nodeTypeManagementProvider.getNodeTypePredicate(after, NT_REP_ACL); + isACE = nodeTypeManagementProvider.getNodeTypePredicate(after, NT_REP_ACE); + isGrantACE = nodeTypeManagementProvider.getNodeTypePredicate(after, NT_REP_GRANT_ACE); Diff diff = new Diff(""); after.compareAgainstBaseState(before, diff); @@ -139,7 +134,7 @@ @Nonnull private NodeBuilder getPermissionRoot(String path) { - Mount m = mountInfoProvider.getMountByPath(path); + Mount m = providerCtx.getMountInfoProvider().getMountByPath(path); return permissionStore.getChildNode(MountPermissionProvider.getPermissionRootName(m, workspaceName)); } @@ -158,7 +153,7 @@ return true; } String path = parentPath + '/' + name; - if (isACL.apply(after)) { + if (isACL.test(after)) { PermissionStoreEditor psEditor = createPermissionStoreEditor(name, after); modified.put(psEditor.getPath(), psEditor); } else { @@ -174,8 +169,8 @@ return true; } String path = parentPath + '/' + name; - if (isACL.apply(before)) { - if (isACL.apply(after)) { + if (isACL.test(before)) { + if (isACL.test(after)) { PermissionStoreEditor psEditor = createPermissionStoreEditor(name, after); modified.put(psEditor.getPath(), psEditor); @@ -190,7 +185,7 @@ PermissionStoreEditor psEditor = createPermissionStoreEditor(name, before); deleted.put(psEditor.getPath(), psEditor); } - } else if (isACL.apply(after)) { + } else if (isACL.test(after)) { PermissionStoreEditor psEditor = createPermissionStoreEditor(name, after); modified.put(psEditor.getPath(), psEditor); } else { @@ -206,7 +201,7 @@ return true; } String path = parentPath + '/' + name; - if (isACL.apply(before)) { + if (isACL.test(before)) { PermissionStoreEditor psEditor = createPermissionStoreEditor(name, before); deleted.put(psEditor.getPath(), psEditor); } else { @@ -216,7 +211,7 @@ } private PermissionStoreEditor createPermissionStoreEditor(@Nonnull String nodeName, @Nonnull NodeState nodeState) { - return new PermissionStoreEditor(parentPath, nodeName, nodeState, getPermissionRoot(parentPath), isACE, isGrantACE, bitsProvider, restrictionProvider, treeProvider); + return new PermissionStoreEditor(parentPath, nodeName, nodeState, getPermissionRoot(parentPath), isACE, isGrantACE, bitsProvider, restrictionProvider, providerCtx.getTreeProvider()); } } } Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImpl.java (revision ) @@ -16,8 +16,6 @@ */ package org.apache.jackrabbit.oak.security.authorization.accesscontrol; -import static com.google.common.base.Preconditions.checkNotNull; - import java.security.Principal; import java.text.ParseException; import java.util.ArrayList; @@ -29,7 +27,6 @@ import java.util.List; import java.util.Map; import java.util.Set; - import javax.annotation.CheckForNull; import javax.annotation.Nonnull; import javax.annotation.Nullable; @@ -71,8 +68,10 @@ import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManagementProvider; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManager; import org.apache.jackrabbit.oak.plugins.memory.PropertyBuilder; -import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager; +import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.apache.jackrabbit.oak.security.authorization.permission.PermissionUtil; import org.apache.jackrabbit.oak.security.authorization.restriction.PrincipalRestrictionProvider; import org.apache.jackrabbit.oak.spi.query.QueryConstants; @@ -91,12 +90,13 @@ import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits; import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider; import org.apache.jackrabbit.oak.spi.xml.ImportBehavior; -import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.apache.jackrabbit.util.ISO9075; import org.apache.jackrabbit.util.Text; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import static com.google.common.base.Preconditions.checkNotNull; + /** * Default implementation of the {@code JackrabbitAccessControlManager} interface. * This implementation covers both editing access control content by path and @@ -107,7 +107,7 @@ private static final Logger log = LoggerFactory.getLogger(AccessControlManagerImpl.class); private final PrivilegeBitsProvider bitsProvider; - private final ReadOnlyNodeTypeManager ntMgr; + private final NodeTypeManager ntMgr; private final PrincipalManager principalManager; private final RestrictionProvider restrictionProvider; @@ -116,11 +116,11 @@ private final Set readPaths; public AccessControlManagerImpl(@Nonnull Root root, @Nonnull NamePathMapper namePathMapper, - @Nonnull SecurityProvider securityProvider) { + @Nonnull SecurityProvider securityProvider, @Nonnull NodeTypeManagementProvider nodeTypeManagementProvider) { super(root, namePathMapper, securityProvider); bitsProvider = new PrivilegeBitsProvider(root); - ntMgr = ReadOnlyNodeTypeManager.getInstance(root, namePathMapper); + ntMgr = nodeTypeManagementProvider.getReadOnlyNodeTypeManager(root, namePathMapper); principalManager = securityProvider.getConfiguration(PrincipalConfiguration.class).getPrincipalManager(root, namePathMapper); restrictionProvider = getConfig().getRestrictionProvider(); Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporter.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporter.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporter.java (revision ) @@ -41,7 +41,8 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.namepath.NamePathMapper; -import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManagementProvider; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManager; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration; import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants; @@ -70,9 +71,11 @@ private static final int CHILD_STATUS_ACE = 1; private static final int CHILD_STATUS_RESTRICTION = 2; + private final NodeTypeManagementProvider ntMgtProvider; + private AccessControlManager acMgr; private PrincipalManager principalManager; - private ReadOnlyNodeTypeManager ntMgr; + private NodeTypeManager ntMgr; private boolean initialized = false; private int childStatus; @@ -82,6 +85,10 @@ private int importBehavior; + public AccessControlImporter(@Nonnull NodeTypeManagementProvider ntMgtProvider) { + this.ntMgtProvider = ntMgtProvider; + } + //----------------------------------------------< ProtectedItemImporter >--- @Override @@ -106,7 +113,7 @@ acMgr = session.getAccessControlManager(); principalManager = ((JackrabbitSession) session).getPrincipalManager(); } - ntMgr = ReadOnlyNodeTypeManager.getInstance(root, namePathMapper); + ntMgr = ntMgtProvider.getReadOnlyNodeTypeManager(root, namePathMapper); initialized = true; } catch (RepositoryException e) { log.warn("Error while initializing access control importer", e); \ No newline at end of file Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AuthorizableBaseProvider.java (revision ) @@ -22,15 +22,14 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.commons.UUIDUtils; -import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager; +import org.apache.jackrabbit.oak.identifier.IdentifierManagementProvider; +import org.apache.jackrabbit.oak.identifier.IdentifierManager; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType; import org.apache.jackrabbit.oak.spi.security.user.UserConstants; import org.apache.jackrabbit.oak.spi.security.user.util.UserUtil; import static com.google.common.base.Preconditions.checkNotNull; -import static org.apache.jackrabbit.oak.commons.UUIDUtils.generateUUID; -import static org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager.getIdentifier; /** * Base class for {@link UserProvider} and {@link MembershipProvider}. @@ -43,11 +42,11 @@ private final boolean usercaseMappedProfile; - AuthorizableBaseProvider(@Nonnull Root root, @Nonnull ConfigurationParameters config) { + AuthorizableBaseProvider(@Nonnull Root root, @Nonnull ConfigurationParameters config, @Nonnull IdentifierManagementProvider identifierManagementProvider) { this.root = checkNotNull(root); this.config = checkNotNull(config); - identifierManager = new IdentifierManager(root); + identifierManager = identifierManagementProvider.getIdentifierManager(root); usercaseMappedProfile = config.getConfigValue(PARAM_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE, DEFAULT_ENABLE_RFC7613_USERCASE_MAPPED_PROFILE); } @@ -78,7 +77,7 @@ @Nonnull String getContentID(@Nonnull Tree authorizableTree) { - return getIdentifier(authorizableTree); + return identifierManager.getIdentifierFromTree(authorizableTree); } @Nonnull \ No newline at end of file Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProvider.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProvider.java (revision 1831704) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProvider.java (revision ) @@ -20,15 +20,13 @@ import java.util.Collections; import java.util.Map; import java.util.Set; +import java.util.function.Predicate; import javax.annotation.CheckForNull; import javax.annotation.Nonnull; -import javax.annotation.Nullable; import org.apache.jackrabbit.oak.api.CommitFailedException; import org.apache.jackrabbit.oak.api.PropertyState; -import org.apache.jackrabbit.oak.api.Tree; -import org.apache.jackrabbit.oak.plugins.nodetype.TypePredicate; -import org.apache.jackrabbit.oak.plugins.tree.TreeProvider; +import org.apache.jackrabbit.oak.nodetype.NodeTypeManagementProvider; import org.apache.jackrabbit.oak.spi.commit.CommitInfo; import org.apache.jackrabbit.oak.spi.commit.DefaultValidator; import org.apache.jackrabbit.oak.spi.commit.Validator; @@ -37,8 +35,6 @@ import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal; import org.apache.jackrabbit.oak.spi.state.NodeState; -import static com.google.common.base.Preconditions.checkNotNull; - /** * Validator provider to ensure that the principal-cache stored with a given * user is only maintained by the {@link org.apache.jackrabbit.oak.security.user.UserPrincipalProvider} @@ -47,20 +43,21 @@ class CacheValidatorProvider extends ValidatorProvider implements CacheConstants { private final boolean isSystem; - private final TreeProvider treeProvider; + private final NodeTypeManagementProvider nodeTypeManagementProvider; - CacheValidatorProvider(@Nonnull Set principals, @Nonnull TreeProvider treeProvider) { + CacheValidatorProvider(@Nonnull Set principals, + @Nonnull NodeTypeManagementProvider nodeTypeManagementProvider) { super(); isSystem = principals.contains(SystemPrincipal.INSTANCE); - this.treeProvider = treeProvider; + this.nodeTypeManagementProvider = nodeTypeManagementProvider; } @CheckForNull @Override protected Validator getRootValidator(NodeState before, NodeState after, CommitInfo info) { - TypePredicate cachePredicate = new TypePredicate(after, NT_REP_CACHE); + Predicate cachePredicate = nodeTypeManagementProvider.getNodeTypePredicate(after, NT_REP_CACHE); boolean isValidCommitInfo = CommitMarker.isValidCommitInfo(info); - return new CacheValidator(treeProvider.createReadOnlyTree(before), treeProvider.createReadOnlyTree(after), cachePredicate, isValidCommitInfo); + return new CacheValidator(after, "", cachePredicate, isValidCommitInfo); } //-------------------------------------------------------------------------- @@ -89,22 +86,16 @@ //-----------------------------------------------------< CacheValidator >--- private final class CacheValidator extends DefaultValidator { - private final Tree parentBefore; - private final Tree parentAfter; - - private final TypePredicate cachePredicate; + private final Predicate cachePredicate; private final boolean isValidCommitInfo; private final boolean isCache; - private CacheValidator(@Nullable Tree parentBefore, @Nonnull Tree parentAfter, TypePredicate cachePredicate, boolean isValidCommitInfo) { - this.parentBefore = parentBefore; - this.parentAfter = parentAfter; - + private CacheValidator(@Nonnull NodeState parentAfter, @Nonnull String name, Predicate cachePredicate, boolean isValidCommitInfo) { this.cachePredicate = cachePredicate; this.isValidCommitInfo = isValidCommitInfo; - isCache = isCache(parentAfter); + isCache = isCache(parentAfter, name); } @Override @@ -123,27 +114,23 @@ @Override public Validator childNodeChanged(String name, NodeState before, NodeState after) throws CommitFailedException { - Tree beforeTree = (parentBefore == null) ? null : parentBefore.getChild(name); - Tree afterTree = parentAfter.getChild(name); - - if (isCache || isCache(beforeTree) || isCache(afterTree)) { + if (isCache || isCache(before, name) || isCache(after, name)) { checkValidCommit(); } - return new VisibleValidator(new CacheValidator(beforeTree, afterTree, cachePredicate, isValidCommitInfo), true, true); + return new VisibleValidator(new CacheValidator(after, name, cachePredicate, isValidCommitInfo), true, true); } @Override public Validator childNodeAdded(String name, NodeState after) throws CommitFailedException { - Tree tree = checkNotNull(parentAfter.getChild(name)); - if (isCache || isCache(tree)) { + if (isCache || isCache(after, name)) { checkValidCommit(); } - return new VisibleValidator(new CacheValidator(null, tree, cachePredicate, isValidCommitInfo), true, true); + return new VisibleValidator(new CacheValidator(after, name, cachePredicate, isValidCommitInfo), true, true); } - private boolean isCache(@CheckForNull Tree tree) { - return tree != null && (REP_CACHE.equals(tree.getName()) || cachePredicate.apply(tree)); + private boolean isCache(@CheckForNull NodeState tree, @Nonnull String name) { + return tree != null && (REP_CACHE.equals(name) || cachePredicate.test(tree)); } private void checkValidCommit() throws CommitFailedException { \ No newline at end of file Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBaseTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBaseTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBaseTest.java (revision ) @@ -91,7 +91,7 @@ accessControlledTree = root.getTree("/testNode"); aclTree = accessControlledTree.getChild(REP_POLICY); - importer = new AccessControlImporter(); + importer = new AccessControlImporter(getNodeTypeManagementProvider()); principalName = getTestUser().getPrincipal().getName(); principalInfo = new PropInfo(REP_PRINCIPAL_NAME, PropertyType.STRING, createTextValue(principalName)); \ No newline at end of file Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserImporterMembershipIgnoreTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserImporterMembershipIgnoreTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserImporterMembershipIgnoreTest.java (revision ) @@ -50,7 +50,7 @@ public void before() throws Exception { super.before(); - userProvider = new UserProvider(root, ConfigurationParameters.EMPTY); + userProvider = new UserProvider(root, ConfigurationParameters.EMPTY, getIdentifierManagementProvider()); knownMemberContentId = userProvider.getContentID(testUser.getID()); unknownContentId = userProvider.getContentID("member1"); \ No newline at end of file Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserManagerImplTest.java (revision ) @@ -66,7 +66,7 @@ public void before() throws Exception { super.before(); - userMgr = new UserManagerImpl(root, namePathMapper, getSecurityProvider()); + userMgr = new UserManagerImpl(root, namePathMapper, getSecurityProvider(), getNodeTypeManagementProvider(), getIdentifierManagementProvider()); beforeAuthorizables.clear(); Iterator iter = userMgr.findAuthorizables("jcr:primaryType", null, UserManager.SEARCH_TYPE_AUTHORIZABLE); while (iter.hasNext()) { @@ -305,7 +305,7 @@ try { ContentSession admin = login(getAdminCredentials()); Root root = admin.getLatestRoot(); - UserManager userManager = new UserManagerImpl(root, namePathMapper, getSecurityProvider()); + UserManager userManager = new UserManagerImpl(root, namePathMapper, getSecurityProvider(), getNodeTypeManagementProvider(), getIdentifierManagementProvider()); userManager.createUser(userId, "pass"); root.commit(); admin.close(); \ No newline at end of file Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfigurationTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfigurationTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/composite/CompositeAuthorizationConfigurationTest.java (revision ) @@ -56,6 +56,8 @@ AuthorizationConfigurationImpl ac = new AuthorizationConfigurationImpl(getSecurityProvider()); ac.setRootProvider(getRootProvider()); ac.setTreeProvider(getTreeProvider()); + ac.bindNodeTypeManagementProvider(getNodeTypeManagementProvider()); + ac.bindVersionManagementProvider(getVersionManagementProvider()); return ac; } \ No newline at end of file Index: oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPermissionProvider.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPermissionProvider.java (revision 1831704) +++ oak-authorization-cug/src/main/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPermissionProvider.java (revision ) @@ -31,13 +31,14 @@ import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.version.VersionManagementProvider; +import org.apache.jackrabbit.oak.version.VersionManager; import org.apache.jackrabbit.oak.plugins.tree.RootProvider; import org.apache.jackrabbit.oak.plugins.tree.TreeLocation; import org.apache.jackrabbit.oak.plugins.tree.TreeProvider; import org.apache.jackrabbit.oak.plugins.tree.TreeType; import org.apache.jackrabbit.oak.plugins.tree.TreeTypeProvider; import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; -import org.apache.jackrabbit.oak.plugins.version.ReadOnlyVersionManager; import org.apache.jackrabbit.oak.spi.security.Context; import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider; import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions; @@ -66,11 +67,12 @@ private final SupportedPaths supportedPaths; private Root immutableRoot; - private ReadOnlyVersionManager versionManager; + private VersionManager versionManager; private TopLevelPaths topPaths; private final RootProvider rootProvider; private final TreeProvider treeProvider; + private final VersionManagementProvider versionManagementProvider; CugPermissionProvider(@Nonnull Root root, @Nonnull String workspaceName, @@ -78,10 +80,12 @@ @Nonnull Set supportedPaths, @Nonnull Context ctx, @Nonnull RootProvider rootProvider, - @Nonnull TreeProvider treeProvider) { + @Nonnull TreeProvider treeProvider, + @Nonnull VersionManagementProvider versionManagementProvider) { this.root = root; this.rootProvider = rootProvider; this.treeProvider = treeProvider; + this.versionManagementProvider = versionManagementProvider; this.workspaceName = workspaceName; immutableRoot = rootProvider.createReadOnlyRoot(root); @@ -334,7 +338,7 @@ private Tree getCugRoot(@Nonnull Tree immutableTree, @Nonnull TreeType type) { Tree tree = immutableTree; String p = immutableTree.getPath(); - if (TreeType.VERSION == type && !ReadOnlyVersionManager.isVersionStoreTree(tree)) { + if (TreeType.VERSION == type && !getVersionManager().isVersionStorageTree(tree)) { tree = getVersionManager().getVersionable(immutableTree, workspaceName); if (tree == null) { return null; @@ -394,7 +398,7 @@ @Nonnull private TreePermission createVersionPermission(@Nonnull Tree tree, @Nonnull TreeType type, @Nonnull TreePermission parent, boolean parentIsCugPermission) { - if (ReadOnlyVersionManager.isVersionStoreTree(tree)) { + if (getVersionManager().isVersionStorageTree(tree)) { if (parentIsCugPermission) { return new CugTreePermission(tree, type, parent, this); } else { @@ -446,9 +450,9 @@ } @Nonnull - private ReadOnlyVersionManager getVersionManager() { + private VersionManager getVersionManager() { if (versionManager == null) { - versionManager = ReadOnlyVersionManager.getInstance(immutableRoot, NamePathMapper.DEFAULT); + versionManager = versionManagementProvider.getReadOnlyVersionManager(immutableRoot, NamePathMapper.DEFAULT); } return versionManager; } \ No newline at end of file Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserImporterBaseTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserImporterBaseTest.java (revision 1831704) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserImporterBaseTest.java (revision ) @@ -84,7 +84,7 @@ super.before(); testUser = getTestUser(); - importer = new UserImporter(getImportConfig()); + importer = new UserImporter(getImportConfig(), getNodeTypeManagementProvider(), getIdentifierManagementProvider()); } @Override @@ -105,6 +105,10 @@ return ImportBehavior.NAME_IGNORE; } + UserProvider createUserProvider(@Nonnull Root root, @Nonnull ConfigurationParameters params) { + return new UserProvider(root, params, getIdentifierManagementProvider()); + } + @Override protected ConfigurationParameters getSecurityConfigParameters() { ConfigurationParameters userParams = ConfigurationParameters.of( @@ -139,7 +143,7 @@ Tree folder = root.getTree(getUserConfiguration().getParameters().getConfigValue(PARAM_USER_PATH, DEFAULT_USER_PATH)); Tree userTree = folder.addChild("userTree"); userTree.setProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_USER, Type.NAME); - userTree.setProperty(JcrConstants.JCR_UUID, new UserProvider(root, ConfigurationParameters.EMPTY).getContentID(TEST_USER_ID)); + userTree.setProperty(JcrConstants.JCR_UUID, createUserProvider(root, ConfigurationParameters.EMPTY).getContentID(TEST_USER_ID)); return userTree; } @@ -147,7 +151,7 @@ Tree folder = root.getTree(getUserConfiguration().getParameters().getConfigValue(PARAM_USER_PATH, DEFAULT_USER_PATH)); Tree userTree = folder.addChild("systemUserTree"); userTree.setProperty(JcrConstants.JCR_PRIMARYTYPE, NT_REP_SYSTEM_USER, Type.NAME); - userTree.setProperty(JcrConstants.JCR_UUID, new UserProvider(root, ConfigurationParameters.EMPTY).getContentID(TEST_USER_ID)); + userTree.setProperty(JcrConstants.JCR_UUID, createUserProvider(root, ConfigurationParameters.EMPTY).getContentID(TEST_USER_ID)); return userTree; } @@ -158,7 +162,7 @@ NodeUtil groupRoot = node.getOrAddTree(PathUtils.relativize(PathUtils.ROOT_PATH, groupPath), NT_REP_AUTHORIZABLE_FOLDER); Tree groupTree = groupRoot.addChild("testGroup", NT_REP_GROUP).getTree(); - groupTree.setProperty(JcrConstants.JCR_UUID, new UserProvider(root, ConfigurationParameters.EMPTY).getContentID(TEST_GROUP_ID)); + groupTree.setProperty(JcrConstants.JCR_UUID, createUserProvider(root, ConfigurationParameters.EMPTY).getContentID(TEST_GROUP_ID)); return groupTree; } \ No newline at end of file