Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java (revision 1853928) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/principal/PrincipalProviderImpl.java (date 1549961632000) @@ -16,17 +16,11 @@ */ package org.apache.jackrabbit.oak.security.principal; -import java.security.Principal; -import java.util.Collections; -import java.util.HashSet; -import java.util.Iterator; -import java.util.Set; -import javax.jcr.RepositoryException; - import com.google.common.base.Function; import com.google.common.base.Predicate; import com.google.common.base.Predicates; import com.google.common.collect.Iterators; +import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal; import org.apache.jackrabbit.api.security.principal.PrincipalManager; import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.jackrabbit.api.security.user.Query; @@ -46,6 +40,13 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.jcr.RepositoryException; +import java.security.Principal; +import java.util.Collections; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Set; + /** * The {@code PrincipalProviderImpl} is a principal provider implementation * that operates on principal information read from user information exposed by @@ -56,14 +57,17 @@ private static final Logger log = LoggerFactory.getLogger(PrincipalProviderImpl.class); private final UserManager userManager; + private final NamePathMapper namePathMapper; PrincipalProviderImpl(@NotNull Root root, @NotNull UserConfiguration userConfiguration, @NotNull NamePathMapper namePathMapper) { this.userManager = userConfiguration.getUserManager(root, namePathMapper); + this.namePathMapper = namePathMapper; } //--------------------------------------------------< PrincipalProvider >--- + @Nullable @Override public Principal getPrincipal(@NotNull String principalName) { Authorizable authorizable = getAuthorizable(new PrincipalImpl(principalName)); @@ -79,6 +83,23 @@ return (EveryonePrincipal.NAME.equals(principalName)) ? EveryonePrincipal.getInstance() : null; } + @Nullable + @Override + public ItemBasedPrincipal getItemBasedPrincipal(@NotNull String principalOakPath) { + try { + Authorizable authorizable = userManager.getAuthorizableByPath(namePathMapper.getJcrPath(principalOakPath)); + if (authorizable != null) { + Principal principal = authorizable.getPrincipal(); + if (principal instanceof ItemBasedPrincipal) { + return (ItemBasedPrincipal) principal; + } + } + } catch (RepositoryException e) { + log.debug(e.getMessage()); + } + return null; + } + @NotNull @Override public Set getMembershipPrincipals(@NotNull Principal principal) { Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java (revision 1853928) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java (date 1549961632000) @@ -16,22 +16,13 @@ */ package org.apache.jackrabbit.oak.security.user; -import java.security.Principal; -import java.text.ParseException; -import java.util.Collections; -import java.util.Date; -import java.util.HashSet; -import java.util.Iterator; -import java.util.Set; -import javax.jcr.AccessDeniedException; -import javax.jcr.RepositoryException; - import com.google.common.base.Function; import com.google.common.base.Joiner; import com.google.common.base.Predicate; import com.google.common.base.Predicates; import com.google.common.collect.Iterables; import com.google.common.collect.Iterators; +import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal; import org.apache.jackrabbit.api.security.principal.PrincipalManager; import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.jackrabbit.api.security.user.UserManager; @@ -43,6 +34,7 @@ import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.commons.LongUtils; import org.apache.jackrabbit.oak.namepath.NamePathMapper; +import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.apache.jackrabbit.oak.security.user.query.QueryUtil; import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal; import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl; @@ -52,13 +44,22 @@ import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration; import org.apache.jackrabbit.oak.spi.security.user.UserConstants; import org.apache.jackrabbit.oak.spi.security.user.util.UserUtil; -import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.apache.jackrabbit.util.Text; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.jcr.AccessDeniedException; +import javax.jcr.RepositoryException; +import java.security.Principal; +import java.text.ParseException; +import java.util.Collections; +import java.util.Date; +import java.util.HashSet; +import java.util.Iterator; +import java.util.Set; + import static org.apache.jackrabbit.oak.api.QueryEngine.NO_BINDINGS; import static org.apache.jackrabbit.oak.api.Type.STRING; @@ -114,6 +115,20 @@ } } + @Nullable + @Override + public ItemBasedPrincipal getItemBasedPrincipal(@NotNull String principalOakPath) { + Tree authorizableTree = userProvider.getAuthorizableByPath(principalOakPath); + Principal principal = createPrincipal(authorizableTree); + + if (principal instanceof ItemBasedPrincipal) { + return (ItemBasedPrincipal) principal; + } else { + return null; + } + } + + @NotNull @Override public Set getMembershipPrincipals(@NotNull Principal principal) { Index: oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java (revision 1853928) +++ oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/CompositePrincipalProvider.java (date 1549961769000) @@ -27,6 +27,7 @@ import static com.google.common.base.Preconditions.checkNotNull; +import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; @@ -58,6 +59,7 @@ } //--------------------------------------------------< PrincipalProvider >--- + @Nullable @Override public Principal getPrincipal(@NotNull String principalName) { Principal principal = null; @@ -67,6 +69,16 @@ } return principal; } + + @Nullable + @Override + public ItemBasedPrincipal getItemBasedPrincipal(@NotNull String principalOakPath) { + ItemBasedPrincipal principal = null; + for (int i = 0; i < providers.size() && principal == null; i++) { + principal = providers.get(i).getItemBasedPrincipal(principalOakPath); + } + return principal; + } @NotNull @Override Index: oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java (revision 1853928) +++ oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java (date 1548063618000) @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -@Version("1.6.0") +@Version("1.7.0") package org.apache.jackrabbit.oak.spi.security.principal; import org.osgi.annotation.versioning.Version; Index: oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java (revision 1853928) +++ oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalProvider.java (date 1549961632000) @@ -21,6 +21,8 @@ import java.util.Collections; import java.util.Iterator; import java.util.Set; + +import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; import org.osgi.annotation.versioning.ProviderType; @@ -51,6 +53,18 @@ @Nullable Principal getPrincipal(@NotNull String principalName); + /** + * Returns the {@code ItemBasedPrincipal} with the specified {@code principalOakPath} + * or {@code null} if no principal with that path exists. + * + * @param principalName the Oak path of the {@code ItemBasedPrincipal} to retrieve + * @return return the requested principal or {@code null} + */ + @Nullable + default ItemBasedPrincipal getItemBasedPrincipal(@NotNull String principalOakPath) { + return null; + } + /** * Returns an iterator over all group principals for which the given * principal is either direct or indirect member of. Thus for any principal