Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java (revision 1831769) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationConfigurationImpl.java (revision ) @@ -44,6 +44,7 @@ import org.apache.jackrabbit.oak.spi.mount.Mounts; import org.apache.jackrabbit.oak.spi.namespace.NamespaceConstants; import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; +import org.apache.jackrabbit.oak.spi.query.QueryIndexCreator; import org.apache.jackrabbit.oak.spi.security.ConfigurationBase; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.Context; @@ -118,6 +119,7 @@ } private MountInfoProvider mountInfoProvider = Mounts.defaultMountInfoProvider(); + private QueryIndexCreator queryIndexCreator; public AuthorizationConfigurationImpl() { super(); @@ -150,7 +152,7 @@ @Nonnull @Override public WorkspaceInitializer getWorkspaceInitializer() { - return new AuthorizationInitializer(mountInfoProvider); + return new AuthorizationInitializer(mountInfoProvider, queryIndexCreator); } @Nonnull @@ -225,5 +227,14 @@ public void unbindMountInfoProvider(MountInfoProvider mountInfoProvider) { this.mountInfoProvider = null; + } + + @Reference(name = "queryIndexCreator", cardinality = ReferenceCardinality.MANDATORY) + public void bindQueryIndexCreator(QueryIndexCreator queryIndexCreator) { + this.queryIndexCreator = queryIndexCreator; + } + + public void unbindQueryIndexCreator(QueryIndexCreator queryIndexCreator) { + this.queryIndexCreator = null; } } Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java (revision 1831769) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserConfigurationImpl.java (revision ) @@ -34,6 +34,7 @@ import org.apache.jackrabbit.oak.spi.commit.ThreeWayConflictHandler; import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer; +import org.apache.jackrabbit.oak.spi.query.QueryIndexCreator; import org.apache.jackrabbit.oak.spi.security.ConfigurationBase; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.Context; @@ -48,6 +49,8 @@ import org.apache.jackrabbit.oak.spi.xml.ProtectedItemImporter; import org.osgi.service.component.annotations.Activate; import org.osgi.service.component.annotations.Component; +import org.osgi.service.component.annotations.Reference; +import org.osgi.service.component.annotations.ReferenceCardinality; import org.osgi.service.metatype.annotations.AttributeDefinition; import org.osgi.service.metatype.annotations.Designate; import org.osgi.service.metatype.annotations.ObjectClassDefinition; @@ -158,6 +161,8 @@ private static final UserAuthenticationFactory DEFAULT_AUTH_FACTORY = new UserAuthenticationFactoryImpl(); + private QueryIndexCreator queryIndexCreator; + public UserConfigurationImpl() { super(); } @@ -177,6 +182,15 @@ setParameters(ConfigurationParameters.of(properties)); } + @Reference(name = "queryIndexCreator", cardinality = ReferenceCardinality.MANDATORY) + public void bindQueryIndexCreator(QueryIndexCreator queryIndexCreator) { + this.queryIndexCreator = queryIndexCreator; + } + + public void unbindQueryIndexCreator(QueryIndexCreator queryIndexCreator) { + this.queryIndexCreator = null; + } + //----------------------------------------------< SecurityConfiguration >--- @Nonnull @Override @@ -200,7 +214,7 @@ @Nonnull @Override public WorkspaceInitializer getWorkspaceInitializer() { - return new UserInitializer(getSecurityProvider()); + return new UserInitializer(getSecurityProvider(), queryIndexCreator); } @Nonnull Index: oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java (revision 1831769) +++ oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java (revision ) @@ -30,6 +30,7 @@ import org.apache.jackrabbit.api.JackrabbitRepository; import org.apache.jackrabbit.oak.jcr.Jcr; +import org.apache.jackrabbit.oak.plugins.index.IndexCreatorService; import org.apache.jackrabbit.oak.query.QueryEngineSettings; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; @@ -70,8 +71,10 @@ ""; private Repository createRepo() throws Exception { - SecurityProvider securityProvider = TestSecurityProvider.newTestSecurityProvider(ConfigurationParameters.EMPTY, - new ExternalPrincipalConfiguration()); + ExternalPrincipalConfiguration epc = new ExternalPrincipalConfiguration(); + epc.bindQueryIndexCreator(new IndexCreatorService()); + + SecurityProvider securityProvider = TestSecurityProvider.newTestSecurityProvider(ConfigurationParameters.EMPTY, epc); QueryEngineSettings queryEngineSettings = new QueryEngineSettings(); queryEngineSettings.setFailTraversal(true); \ No newline at end of file Index: oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java (revision 1831769) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/AbstractSecurityTest.java (revision ) @@ -16,12 +16,9 @@ */ package org.apache.jackrabbit.oak; -import static com.google.common.collect.Lists.newArrayList; - import java.util.Arrays; import java.util.List; import java.util.UUID; - import javax.annotation.Nonnull; import javax.annotation.Nullable; import javax.jcr.Credentials; @@ -45,6 +42,7 @@ import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.plugins.commit.ConflictValidatorProvider; import org.apache.jackrabbit.oak.plugins.commit.JcrConflictHandler; +import org.apache.jackrabbit.oak.plugins.index.IndexCreatorService; import org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexEditorProvider; import org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexProvider; import org.apache.jackrabbit.oak.plugins.index.reference.ReferenceEditorProvider; @@ -59,6 +57,7 @@ import org.apache.jackrabbit.oak.plugins.version.VersionHook; import org.apache.jackrabbit.oak.query.QueryEngineSettings; import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder; +import org.apache.jackrabbit.oak.spi.query.QueryIndexCreator; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil; @@ -70,6 +69,8 @@ import org.junit.After; import org.junit.Before; +import static com.google.common.collect.Lists.newArrayList; + /** * AbstractOakTest is the base class for oak test execution. */ @@ -85,6 +86,8 @@ protected Root root; protected QueryEngineSettings querySettings; + private QueryIndexCreator queryIndexCreator = new IndexCreatorService(); + private final RootProvider rootProvider = new RootProviderService(); private final TreeProvider treeProvider = new TreeProviderService(); @@ -142,6 +145,7 @@ return SecurityProviderBuilder.newBuilder().with(getSecurityConfigParameters()) .withRootProvider(rootProvider) .withTreeProvider(treeProvider) + .withQueryIndexCreator(queryIndexCreator) .build(); } @@ -263,5 +267,9 @@ public TreeProvider getTreeProvider() { return treeProvider; + } + + public QueryIndexCreator getQueryIndexCreator() { + return queryIndexCreator; } } Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java (revision 1831769) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java (revision ) @@ -150,7 +150,10 @@ userParams.put(UserConstants.PARAM_OMIT_ADMIN_PW, true); ConfigurationParameters params = ConfigurationParameters.of(UserConfiguration.NAME, ConfigurationParameters.of(userParams)); - SecurityProvider sp = SecurityProviderBuilder.newBuilder().with(params).build(); + SecurityProvider sp = SecurityProviderBuilder.newBuilder().with(params) + .withRootProvider(getRootProvider()) + .withTreeProvider(getTreeProvider()) + .withQueryIndexCreator(getQueryIndexCreator()).build(); final ContentRepository repo = new Oak().with(new InitialContent()) .with(new PropertyIndexEditorProvider()) .with(new PropertyIndexProvider()) @@ -201,7 +204,10 @@ userParams.put(UserConstants.PARAM_ANONYMOUS_ID, ""); ConfigurationParameters params = ConfigurationParameters.of(UserConfiguration.NAME, ConfigurationParameters.of(userParams)); - SecurityProvider sp = SecurityProviderBuilder.newBuilder().with(params).build(); + SecurityProvider sp = SecurityProviderBuilder.newBuilder().with(params) + .withRootProvider(getRootProvider()) + .withTreeProvider(getTreeProvider()) + .withQueryIndexCreator(getQueryIndexCreator()).build(); final ContentRepository repo = new Oak().with(new InitialContent()) .with(new PropertyIndexEditorProvider()) .with(new PropertyIndexProvider()) Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java (revision 1831769) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserInitializer.java (revision ) @@ -20,23 +20,19 @@ import javax.jcr.RepositoryException; import com.google.common.base.Strings; -import org.apache.jackrabbit.JcrConstants; +import com.google.common.collect.ImmutableSet; import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.jackrabbit.oak.api.CommitFailedException; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.api.Tree; -import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.namepath.NamePathMapper; -import org.apache.jackrabbit.oak.plugins.index.IndexConstants; -import org.apache.jackrabbit.oak.plugins.index.IndexUtils; import org.apache.jackrabbit.oak.plugins.index.nodetype.NodeTypeIndexProvider; import org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexProvider; import org.apache.jackrabbit.oak.plugins.memory.MemoryNodeStore; -import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.apache.jackrabbit.oak.plugins.tree.factories.RootFactory; import org.apache.jackrabbit.oak.spi.commit.EmptyHook; import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer; import org.apache.jackrabbit.oak.spi.query.CompositeQueryIndexProvider; +import org.apache.jackrabbit.oak.spi.query.QueryIndexCreator; import org.apache.jackrabbit.oak.spi.query.QueryIndexProvider; import org.apache.jackrabbit.oak.spi.query.QueryIndexProviderAware; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; @@ -49,7 +45,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import static com.google.common.base.Preconditions.checkState; import static org.apache.jackrabbit.oak.plugins.memory.ModifiedNodeState.squeeze; /** @@ -84,18 +79,38 @@ private static final Logger log = LoggerFactory.getLogger(UserInitializer.class); private final SecurityProvider securityProvider; + private final QueryIndexCreator queryIndexCreator; private QueryIndexProvider queryIndexProvider = new CompositeQueryIndexProvider(new PropertyIndexProvider(), new NodeTypeIndexProvider()); - UserInitializer(@Nonnull SecurityProvider securityProvider) { + UserInitializer(@Nonnull SecurityProvider securityProvider, @Nonnull QueryIndexCreator queryIndexCreator) { this.securityProvider = securityProvider; + this.queryIndexCreator = queryIndexCreator; } //-----------------------------------------------< WorkspaceInitializer >--- @Override public void initialize(NodeBuilder builder, String workspaceName) { + NodeBuilder index = queryIndexCreator.getOrCreateOakIndex(builder); + if (!queryIndexCreator.hasIndexDefinition(index, "authorizableId")) { + queryIndexCreator.createIndexDefinition(index, "authorizableId", + "Oak index used by the user management to enforce uniqueness of rep:authorizableId property values.", + true, true, ImmutableSet.of(REP_AUTHORIZABLE_ID), ImmutableSet.of(NT_REP_AUTHORIZABLE)); + } + if (!queryIndexCreator.hasIndexDefinition(index, "principalName")) { + queryIndexCreator.createIndexDefinition(index, "principalName", + "Oak index used by the user management to enforce uniqueness of rep:principalName property values, and to quickly search a principal by name if it was constructed manually.", + true, true, ImmutableSet.of(REP_PRINCIPAL_NAME), ImmutableSet.of(NT_REP_AUTHORIZABLE)); + } + if (!queryIndexCreator.hasIndexDefinition(index, "repMembers")) { + queryIndexCreator.createIndexDefinition(index, "repMembers", + "Oak index used by the user management to lookup group membership.", + true, false, ImmutableSet.of(REP_MEMBERS), ImmutableSet.of(NT_REP_MEMBER_REFERENCES)); + + } + // squeeze node state before it is passed to store (OAK-2411) NodeState base = squeeze(builder.getNodeState()); MemoryNodeStore store = new MemoryNodeStore(base); @@ -108,35 +123,6 @@ String errorMsg = "Failed to initialize user content."; try { - Tree rootTree = root.getTree(PathUtils.ROOT_PATH); - checkState(rootTree.exists()); - Tree index = TreeUtil.getOrAddChild(rootTree, IndexConstants.INDEX_DEFINITIONS_NAME, JcrConstants.NT_UNSTRUCTURED); - - if (!index.hasChild("authorizableId")) { - Tree authorizableId = IndexUtils.createIndexDefinition(index, "authorizableId", true, - new String[]{REP_AUTHORIZABLE_ID}, - new String[]{NT_REP_AUTHORIZABLE}); - authorizableId.setProperty("info", - "Oak index used by the user management " + - "to enforce uniqueness of rep:authorizableId property values."); - } - if (!index.hasChild("principalName")) { - Tree principalName = IndexUtils.createIndexDefinition(index, "principalName", true, - new String[]{REP_PRINCIPAL_NAME}, - new String[]{NT_REP_AUTHORIZABLE}); - principalName.setProperty("info", - "Oak index used by the user management " + - "to enforce uniqueness of rep:principalName property values, " + - "and to quickly search a principal by name if it was constructed manually."); - } - if (!index.hasChild("repMembers")) { - Tree members = IndexUtils.createIndexDefinition(index, "repMembers", false, - new String[]{REP_MEMBERS}, - new String[]{NT_REP_MEMBER_REFERENCES}); - members.setProperty("info", - "Oak index used by the user management to lookup group membership."); - } - ConfigurationParameters params = userConfiguration.getParameters(); String adminId = params.getConfigValue(PARAM_ADMIN_ID, DEFAULT_ADMIN_ID); if (userManager.getAuthorizable(adminId) == null) { Index: oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java (revision 1831769) +++ oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java (revision ) @@ -139,6 +139,7 @@ securityProvider = TestSecurityProvider.newTestSecurityProvider(getSecurityConfigParameters(), externalPrincipalConfiguration); // register PrincipalConfiguration with OSGi context + context.registerInjectActivateService(getQueryIndexCreator()); context.registerInjectActivateService(externalPrincipalConfiguration); } return securityProvider; \ No newline at end of file Index: oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/AbstractExternalTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/AbstractExternalTest.java (revision 1831769) +++ oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/authentication/external/AbstractExternalTest.java (revision ) @@ -43,6 +43,7 @@ import org.apache.jackrabbit.oak.fixture.OakRepositoryFixture; import org.apache.jackrabbit.oak.fixture.RepositoryFixture; import org.apache.jackrabbit.oak.jcr.Jcr; +import org.apache.jackrabbit.oak.plugins.index.IndexCreatorService; import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup; @@ -236,6 +237,8 @@ private static SecurityProvider newTestSecurityProvider( ExternalPrincipalConfiguration externalPrincipalConfiguration) { + externalPrincipalConfiguration.bindQueryIndexCreator(new IndexCreatorService()); + SecurityProvider delegate = SecurityProviderBuilder.newBuilder().build(); PrincipalConfiguration principalConfiguration = delegate.getConfiguration(PrincipalConfiguration.class); \ No newline at end of file Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationInitializer.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationInitializer.java (revision 1831769) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/authorization/AuthorizationInitializer.java (revision ) @@ -21,11 +21,11 @@ import com.google.common.collect.ImmutableList; import org.apache.jackrabbit.JcrConstants; import org.apache.jackrabbit.oak.api.Type; -import org.apache.jackrabbit.oak.plugins.index.IndexUtils; import org.apache.jackrabbit.oak.security.authorization.permission.MountPermissionProvider; import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer; import org.apache.jackrabbit.oak.spi.mount.Mount; import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider; +import org.apache.jackrabbit.oak.spi.query.QueryIndexCreator; import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants; import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants; import org.apache.jackrabbit.oak.spi.state.NodeBuilder; @@ -46,20 +46,23 @@ class AuthorizationInitializer implements WorkspaceInitializer, AccessControlConstants, PermissionConstants { private final MountInfoProvider mountInfoProvider; + private final QueryIndexCreator queryIndexCreator; - public AuthorizationInitializer(@Nonnull MountInfoProvider mountInfoProvider) { + public AuthorizationInitializer(@Nonnull MountInfoProvider mountInfoProvider, @Nonnull QueryIndexCreator queryIndexCreator) { this.mountInfoProvider = mountInfoProvider; + this.queryIndexCreator = queryIndexCreator; } @Override public void initialize(NodeBuilder builder, String workspaceName) { // property index for rep:principalName stored in ACEs - NodeBuilder index = IndexUtils.getOrCreateOakIndex(builder); - if (!index.hasChildNode("acPrincipalName")) { - NodeBuilder acPrincipalName = IndexUtils.createIndexDefinition(index, "acPrincipalName", true, false, + NodeBuilder index = queryIndexCreator.getOrCreateOakIndex(builder); + if (!queryIndexCreator.hasIndexDefinition(index, "acPrincipalName")) { + NodeBuilder acPrincipalName = queryIndexCreator.createIndexDefinition(index, + "acPrincipalName", "Oak index used by authorization to quickly search a principal by name.", + true, false, ImmutableList.of(REP_PRINCIPAL_NAME), ImmutableList.of(NT_REP_DENY_ACE, NT_REP_GRANT_ACE, NT_REP_ACE)); - acPrincipalName.setProperty("info", "Oak index used by authorization to quickly search a principal by name."); } // create the permission store and the root for this workspace. Index: oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java (revision 1831769) +++ oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java (revision ) @@ -16,8 +16,6 @@ */ package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal; -import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME; - import java.security.Principal; import java.util.Arrays; import java.util.HashMap; @@ -38,6 +36,7 @@ import org.apache.felix.scr.annotations.Deactivate; import org.apache.felix.scr.annotations.Properties; import org.apache.felix.scr.annotations.Property; +import org.apache.felix.scr.annotations.Reference; import org.apache.felix.scr.annotations.Service; import org.apache.jackrabbit.api.security.principal.PrincipalManager; import org.apache.jackrabbit.oak.api.Root; @@ -46,6 +45,7 @@ import org.apache.jackrabbit.oak.spi.commit.MoveTracker; import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider; import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer; +import org.apache.jackrabbit.oak.spi.query.QueryIndexCreator; import org.apache.jackrabbit.oak.spi.security.ConfigurationBase; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration; @@ -67,6 +67,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME; + /** * Implementation of the {@code PrincipalConfiguration} interface that provides * principal management for {@code Group principals} associated with @@ -99,6 +101,9 @@ private SyncConfigTracker syncConfigTracker; private SyncHandlerMappingTracker syncHandlerMappingTracker; + @Reference + private QueryIndexCreator queryIndexCreator; + @SuppressWarnings("UnusedDeclaration") public ExternalPrincipalConfiguration() { super(); @@ -136,7 +141,7 @@ @Nonnull @Override public RepositoryInitializer getRepositoryInitializer() { - return new ExternalIdentityRepositoryInitializer(protectedExternalIds()); + return new ExternalIdentityRepositoryInitializer(protectedExternalIds(), queryIndexCreator); } @Nonnull @@ -174,6 +179,14 @@ if (syncHandlerMappingTracker != null) { syncHandlerMappingTracker.close(); } + } + + public void bindQueryIndexCreator(QueryIndexCreator queryIndexCreator) { + this.queryIndexCreator = queryIndexCreator; + } + + public void unbindQueryIndexCreator(QueryIndexCreator queryIndexCreator) { + this.queryIndexCreator = null; } //------------------------------------------------------------< private >--- \ No newline at end of file Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderBuilder.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderBuilder.java (revision 1831769) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/internal/SecurityProviderBuilder.java (revision ) @@ -16,12 +16,9 @@ */ package org.apache.jackrabbit.oak.security.internal; -import static org.apache.jackrabbit.oak.security.internal.ConfigurationInitializer.initializeConfiguration; -import static org.apache.jackrabbit.oak.security.internal.ConfigurationInitializer.initializeConfigurations; -import static org.apache.jackrabbit.oak.spi.security.ConfigurationParameters.EMPTY; - import javax.annotation.Nonnull; +import org.apache.jackrabbit.oak.plugins.index.IndexCreatorService; import org.apache.jackrabbit.oak.plugins.tree.RootProvider; import org.apache.jackrabbit.oak.plugins.tree.TreeProvider; import org.apache.jackrabbit.oak.plugins.tree.impl.RootProviderService; @@ -34,6 +31,7 @@ import org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl; import org.apache.jackrabbit.oak.security.privilege.PrivilegeConfigurationImpl; import org.apache.jackrabbit.oak.security.user.UserConfigurationImpl; +import org.apache.jackrabbit.oak.spi.query.QueryIndexCreator; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration; @@ -53,11 +51,16 @@ import org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider; import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard; +import static org.apache.jackrabbit.oak.security.internal.ConfigurationInitializer.initializeConfiguration; +import static org.apache.jackrabbit.oak.security.internal.ConfigurationInitializer.initializeConfigurations; +import static org.apache.jackrabbit.oak.spi.security.ConfigurationParameters.EMPTY; + public final class SecurityProviderBuilder { private Whiteboard whiteboard; private RootProvider rootProvider; private TreeProvider treeProvider; + private QueryIndexCreator queryIndexCreator; private ConfigurationParameters authenticationParams = EMPTY; private AuthenticationConfiguration authenticationConfiguration; @@ -159,6 +162,9 @@ if (treeProvider == null) { treeProvider = new TreeProviderService(); } + if (queryIndexCreator == null) { + queryIndexCreator = new IndexCreatorService(); + } // authentication if (authenticationConfiguration == null) { @@ -176,7 +182,9 @@ // user if (userConfiguration == null) { - userConfiguration = new UserConfigurationImpl(); + UserConfigurationImpl uc = new UserConfigurationImpl(); + uc.bindQueryIndexCreator(queryIndexCreator); + userConfiguration = uc; } securityProvider.setUserConfiguration( initializeConfiguration(userConfiguration, securityProvider, userParams, rootProvider, treeProvider)); @@ -185,8 +193,11 @@ if (authorizationConfiguration == null) { CompositeAuthorizationConfiguration ac = new CompositeAuthorizationConfiguration(); ac.withCompositionType(configuration.getConfigValue("authorizationCompositionType", CompositeAuthorizationConfiguration.CompositionType.AND.toString())); - ac.setDefaultConfig(initializeConfiguration(new AuthorizationConfigurationImpl(), - securityProvider, rootProvider, treeProvider)); + + AuthorizationConfigurationImpl defaultConfig = new AuthorizationConfigurationImpl(); + defaultConfig.bindQueryIndexCreator(queryIndexCreator); + + ac.setDefaultConfig(initializeConfiguration(defaultConfig, securityProvider, rootProvider, treeProvider)); authorizationConfiguration = ac; } @@ -245,6 +256,11 @@ public SecurityProviderBuilder withTreeProvider(@Nonnull TreeProvider treeProvider) { this.treeProvider = treeProvider; + return this; + } + + public SecurityProviderBuilder withQueryIndexCreator(@Nonnull QueryIndexCreator queryIndexCreator) { + this.queryIndexCreator = queryIndexCreator; return this; } Index: oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityRepositoryInitializer.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityRepositoryInitializer.java (revision 1831769) +++ oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityRepositoryInitializer.java (revision ) @@ -18,8 +18,8 @@ import javax.annotation.Nonnull; -import org.apache.jackrabbit.oak.plugins.index.IndexUtils; import org.apache.jackrabbit.oak.spi.lifecycle.RepositoryInitializer; +import org.apache.jackrabbit.oak.spi.query.QueryIndexCreator; import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalIdentityConstants; import org.apache.jackrabbit.oak.spi.state.NodeBuilder; @@ -42,9 +42,11 @@ class ExternalIdentityRepositoryInitializer implements RepositoryInitializer { private final boolean enforceUniqueIds; + private final QueryIndexCreator indexCreator; - ExternalIdentityRepositoryInitializer(boolean enforceUniqueIds) { + ExternalIdentityRepositoryInitializer(boolean enforceUniqueIds, @Nonnull QueryIndexCreator indexCreator) { this.enforceUniqueIds = enforceUniqueIds; + this.indexCreator = indexCreator; } @Override @@ -52,17 +54,16 @@ // create index definition for "rep:externalId" and // "rep:externalPrincipalNames" - NodeBuilder index = IndexUtils.getOrCreateOakIndex(builder); - if (enforceUniqueIds && !index.hasChildNode("externalId")) { - NodeBuilder definition = IndexUtils.createIndexDefinition(index, "externalId", true, true, - ImmutableList.of(ExternalIdentityConstants.REP_EXTERNAL_ID), null); - definition.setProperty("info", "Oak index assuring uniqueness of rep:externalId properties."); + NodeBuilder index = indexCreator.getOrCreateOakIndex(builder); + if (enforceUniqueIds && !indexCreator.hasIndexDefinition(index, "externalId")) { + NodeBuilder definition = indexCreator.createIndexDefinition(index, + "externalId", "Oak index assuring uniqueness of rep:externalId properties.", + true, true, ImmutableList.of(ExternalIdentityConstants.REP_EXTERNAL_ID), null); } - if (!index.hasChildNode("externalPrincipalNames")) { - NodeBuilder definition = IndexUtils.createIndexDefinition(index, "externalPrincipalNames", true, false, - ImmutableList.of(ExternalIdentityConstants.REP_EXTERNAL_PRINCIPAL_NAMES), null); - definition.setProperty("info", - "Oak index used by the principal management provided by the external authentication module."); + if (!indexCreator.hasIndexDefinition(index, "externalPrincipalNames")) { + NodeBuilder definition = indexCreator.createIndexDefinition(index, + "externalPrincipalNames", "Oak index used by the principal management provided by the external authentication module.", + true, false, ImmutableList.of(ExternalIdentityConstants.REP_EXTERNAL_PRINCIPAL_NAMES), null); } } } \ No newline at end of file