Index: oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProvider.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProvider.java (revision 1862145) +++ oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProvider.java (date 1561561238000) @@ -324,7 +324,7 @@ } @Override - public boolean isMember(Principal member) { + public boolean isMember(@NotNull Principal member) { if (GroupPrincipals.isGroup(member)) { return false; } @@ -355,6 +355,7 @@ return false; } + @NotNull @Override public Enumeration members() { Result result = findPrincipals(getName(), true); Index: oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.java (revision 1862145) +++ oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.java (date 1565965542000) @@ -427,6 +427,7 @@ ExternalGroupPrincipalProvider p = new ExternalGroupPrincipalProvider(root, getSecurityProvider().getConfiguration(UserConfiguration.class), NamePathMapper.DEFAULT, ImmutableMap.of(idp.getName(), new String[0])) { + @NotNull @Override public Iterator findPrincipals(@Nullable String nameHint, int searchType) { return in.iterator(); Index: oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeDefaultTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeDefaultTest.java (revision 1862145) +++ oak-authorization-cug/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugExcludeDefaultTest.java (date 1565965542000) @@ -27,6 +27,7 @@ import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl; import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal; import org.apache.jackrabbit.oak.spi.security.principal.SystemUserPrincipal; +import org.jetbrains.annotations.NotNull; import org.junit.Before; import org.junit.Test; @@ -84,6 +85,7 @@ Set principals = new HashSet<>(); principals.add(new PrincipalImpl("test")); principals.add(new ItemBasedPrincipal() { + @NotNull @Override public String getPath() { return "/path"; Index: oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterImplTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterImplTest.java (revision 1862145) +++ oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/FilterImplTest.java (date 1565969147000) @@ -105,6 +105,7 @@ Principal principal = getTestSystemUser().getPrincipal(); assertFalse(filter.canHandle(Collections.singleton((AdminPrincipal) () -> principal.getName()))); assertFalse(filter.canHandle(Collections.singleton((new ItemBasedPrincipal() { + @NotNull @Override public String getPath() throws RepositoryException { return ((ItemBasedPrincipal) principal).getPath(); @@ -141,7 +142,7 @@ /** * Test that the filter can deal with principals that have been accessed with a different {@code NamePathMapper}. * This might actually occure with {@code AbstractAccessControlManager#hasPrivilege} and {@code AbstractAccessControlManager#getPrivileges}, - * when a {@link PermissionProvider} is built from the principal set passed to the Jackrabbit API methods (and not from + * when a {@code PermissionProvider} is built from the principal set passed to the Jackrabbit API methods (and not from * principals obtained on the system level when populating the {@code Subject}. */ @Test @@ -291,6 +292,7 @@ this.name = name; } + @NotNull @Override public String getPath() throws RepositoryException { if (jcrPath != null) { Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipal.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipal.java (revision 1862145) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/AbstractGroupPrincipal.java (date 1565965076000) @@ -61,7 +61,7 @@ //--------------------------------------------------------------< Group >--- @Override - public boolean isMember(Principal principal) { + public boolean isMember(@NotNull Principal principal) { boolean isMember = false; try { // shortcut for everyone group -> avoid collecting all members @@ -82,6 +82,7 @@ return isMember; } + @NotNull @Override public Enumeration members() { final Iterator members; Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/TreeBasedPrincipal.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/TreeBasedPrincipal.java (revision 1862145) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/TreeBasedPrincipal.java (date 1565969428000) @@ -22,6 +22,8 @@ import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl; import org.jetbrains.annotations.NotNull; +import javax.jcr.RepositoryException; + /** * TreeBasedPrincipal... */ @@ -40,17 +42,20 @@ this.path = oakPath; } - String getOakPath() { + @NotNull + String getOakPath() throws RepositoryException { return path; } + @NotNull NamePathMapper getNamePathMapper() { return pathMapper; } //-------------------------------------------------< ItemBasedPrincipal >--- + @NotNull @Override - public String getPath() { + public String getPath() throws RepositoryException { return pathMapper.getJcrPath(path); } } \ No newline at end of file Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java (revision 1862145) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProvider.java (date 1565969531000) @@ -60,6 +60,7 @@ import java.util.Iterator; import java.util.Set; +import static com.google.common.base.Preconditions.checkState; import static org.apache.jackrabbit.oak.api.QueryEngine.NO_BINDINGS; import static org.apache.jackrabbit.oak.api.Type.STRING; @@ -508,23 +509,24 @@ super(principalName, "", namePathMapper, root, config); } - @Nullable + @NotNull @Override - String getOakPath() { - String groupPath = getPath(); - return (groupPath == null) ? null : getNamePathMapper().getOakPath(getPath()); + String getOakPath() throws RepositoryException { + String oakPath = getNamePathMapper().getOakPath(getPath()); + if (oakPath == null) { + throw new RepositoryException("Failed to retrieve path of group principal " + getName()); + } + return oakPath; } - @Nullable + @NotNull @Override - public String getPath() { - try { - org.apache.jackrabbit.api.security.user.Group gr = getGroup(); - return (gr == null) ? null : gr.getPath(); - } catch (RepositoryException e) { - log.error("Failed to retrieve path from group principal: {}", e.getMessage()); - return null; + public String getPath() throws RepositoryException { + org.apache.jackrabbit.api.security.user.Group gr = getGroup(); + if (gr == null) { + throw new RepositoryException("Failed to retrieve path of group principal " + getName()); } + return gr.getPath(); } @Override Index: oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java (revision 1862145) +++ oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProvider.java (date 1565969465000) @@ -216,7 +216,12 @@ @Nullable Tree getAuthorizableByPrincipal(@NotNull Principal principal) { if (principal instanceof TreeBasedPrincipal) { - return root.getTree(((TreeBasedPrincipal) principal).getOakPath()); + try { + return root.getTree(((TreeBasedPrincipal) principal).getOakPath()); + } catch (RepositoryException e) { + // getting oakpath fails -> try searching below + log.debug(e.getMessage()); + } } // NOTE: in contrast to JR2 the extra shortcut for ID==principalName Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ImpersonationImplEmptyTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ImpersonationImplEmptyTest.java (revision 1862145) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/ImpersonationImplEmptyTest.java (date 1565965076000) @@ -43,10 +43,11 @@ final GroupPrincipal groupPrincipal = new GroupPrincipal() { @Override - public boolean isMember(Principal member) { + public boolean isMember(@NotNull Principal member) { throw new UnsupportedOperationException(); } + @NotNull @Override public Enumeration members() { throw new UnsupportedOperationException(); Index: oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java (revision 1862145) +++ oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java (date 1565967635000) @@ -46,6 +46,7 @@ import org.junit.Test; import javax.jcr.NoSuchWorkspaceException; +import javax.jcr.RepositoryException; import javax.jcr.SimpleCredentials; import javax.security.auth.Subject; import javax.security.auth.login.LoginException; @@ -327,7 +328,12 @@ assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$CachedGroupPrincipal", className); assertTrue(p instanceof TreeBasedPrincipal); - assertNull(((TreeBasedPrincipal) p).getPath()); + try { + ((TreeBasedPrincipal) p).getPath(); + fail("RepositoryException expected"); + } catch (RepositoryException e) { + // success + } GroupPrincipal principalGroup = (GroupPrincipal) p; assertFalse(principalGroup.isMember(getTestUser().getPrincipal())); Index: oak-jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/package-info.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/package-info.java (revision 1862145) +++ oak-jackrabbit-api/src/main/java/org/apache/jackrabbit/api/security/principal/package-info.java (date 1565966300000) @@ -18,5 +18,5 @@ /** * Jackrabbit extensions for JAAS principals. */ -@org.osgi.annotation.versioning.Version("2.4.0") +@org.osgi.annotation.versioning.Version("2.4.1") package org.apache.jackrabbit.api.security.principal; Index: oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/PrincipalManagerDelegator.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/PrincipalManagerDelegator.java (revision 1862145) +++ oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/delegate/PrincipalManagerDelegator.java (date 1565965076000) @@ -28,6 +28,7 @@ import org.apache.jackrabbit.oak.jcr.session.operation.SessionOperation; import org.apache.jackrabbit.oak.spi.security.principal.PrincipalQueryManager; import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; /** * This implementation of {@code PrincipalManager} delegates back to a @@ -46,7 +47,7 @@ } @Override - public boolean hasPrincipal(final String principalName) { + public boolean hasPrincipal(@NotNull final String principalName) { return delegate.safePerform(new SessionOperation("hasPrincipal") { @NotNull @Override @@ -56,8 +57,9 @@ }); } + @Nullable @Override - public Principal getPrincipal(final String principalName) { + public Principal getPrincipal(@NotNull final String principalName) { try { return delegate.performNullable(new SessionOperation("getPrincipal") { @Override @@ -70,8 +72,9 @@ } } + @NotNull @Override - public PrincipalIterator findPrincipals(final String simpleFilter) { + public PrincipalIterator findPrincipals(@Nullable final String simpleFilter) { return delegate.safePerform(new SessionOperation("findPrincipals") { @NotNull @Override @@ -81,8 +84,9 @@ }); } + @NotNull @Override - public PrincipalIterator findPrincipals(final String simpleFilter, final int searchType) { + public PrincipalIterator findPrincipals(@Nullable final String simpleFilter, final int searchType) { return delegate.safePerform(new SessionOperation("findPrincipals") { @NotNull @Override @@ -92,6 +96,7 @@ }); } + @NotNull @Override public PrincipalIterator getPrincipals(final int searchType) { return delegate.safePerform(new SessionOperation("getPrincipals") { @@ -103,8 +108,9 @@ }); } + @NotNull @Override - public PrincipalIterator getGroupMembership(final Principal principal) { + public PrincipalIterator getGroupMembership(@NotNull final Principal principal) { return delegate.safePerform(new SessionOperation("getGroupMembership") { @NotNull @Override @@ -114,6 +120,7 @@ }); } + @NotNull @Override public Principal getEveryone() { return delegate.safePerform(new SessionOperation("getEveryone") { @@ -125,8 +132,9 @@ }); } + @NotNull @Override - public PrincipalIterator findPrincipals(String simpleFilter, boolean fullText, int searchType, long offset, long limit) { + public PrincipalIterator findPrincipals(@Nullable String simpleFilter, boolean fullText, int searchType, long offset, long limit) { return delegate.safePerform(new SessionOperation("findPrincipals") { @NotNull @Override Index: oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java (revision 1862145) +++ oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipal.java (date 1561561238000) @@ -22,6 +22,7 @@ import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.principal.JackrabbitPrincipal; +import org.jetbrains.annotations.NotNull; /** * Built-in principal group that has every other principal as member. @@ -57,10 +58,11 @@ //------------------------------------------------------< GroupPrincipal >--- @Override - public boolean isMember(Principal member) { + public boolean isMember(@NotNull Principal member) { return !member.equals(this); } + @NotNull @Override public Enumeration members() { throw new UnsupportedOperationException("Not implemented."); Index: oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/GroupPrincipalWrapper.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/GroupPrincipalWrapper.java (revision 1862145) +++ oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/GroupPrincipalWrapper.java (date 1561561238000) @@ -34,10 +34,11 @@ } @Override - public boolean isMember(Principal member) { + public boolean isMember(@NotNull Principal member) { return group.isMember(member); } + @NotNull @Override public Enumeration members() { return GroupPrincipals.transform(group.members()); Index: oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java (revision 1862145) +++ oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/package-info.java (date 1565966333000) @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -@Version("1.7.0") +@Version("1.7.1") package org.apache.jackrabbit.oak.spi.security.principal; import org.osgi.annotation.versioning.Version; Index: oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalIteratorAdapter.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalIteratorAdapter.java (revision 1862145) +++ oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalIteratorAdapter.java (date 1561561238000) @@ -23,6 +23,7 @@ import org.apache.jackrabbit.api.security.principal.PrincipalIterator; import org.apache.jackrabbit.commons.iterator.RangeIteratorAdapter; import org.apache.jackrabbit.commons.iterator.RangeIteratorDecorator; +import org.jetbrains.annotations.NotNull; /** * Principal specific {@code RangeIteratorAdapter} implementing the @@ -61,6 +62,7 @@ * * @return next policy. */ + @NotNull @Override public Principal nextPrincipal() { return (Principal) next(); Index: oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalManagerImpl.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalManagerImpl.java (revision 1862145) +++ oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalManagerImpl.java (date 1565965076000) @@ -79,8 +79,9 @@ return everyone; } + @NotNull @Override - public PrincipalIterator findPrincipals(String simpleFilter, boolean fullText, int searchType, long offset, long limit) { + public PrincipalIterator findPrincipals(@Nullable String simpleFilter, boolean fullText, int searchType, long offset, long limit) { return new PrincipalIteratorAdapter(principalProvider.findPrincipals(simpleFilter, fullText, searchType, offset, limit)); } } Index: oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalQueryManager.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalQueryManager.java (revision 1862145) +++ oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/principal/PrincipalQueryManager.java (date 1565965076000) @@ -20,6 +20,8 @@ import org.apache.jackrabbit.api.security.principal.PrincipalIterator; import org.apache.jackrabbit.api.security.principal.PrincipalManager; +import org.jetbrains.annotations.NotNull; +import org.jetbrains.annotations.Nullable; import org.osgi.annotation.versioning.ProviderType; /** @@ -49,5 +51,6 @@ * @return a PrincipalIterator over the Principals * matching the given filter and search type. */ - PrincipalIterator findPrincipals(String simpleFilter, boolean fullText, int searchType, long offset, long limit); + @NotNull + PrincipalIterator findPrincipals(@Nullable String simpleFilter, boolean fullText, int searchType, long offset, long limit); } Index: oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipalTest.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipalTest.java (revision 1862145) +++ oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/EveryonePrincipalTest.java (date 1561561238000) @@ -21,6 +21,7 @@ import org.apache.jackrabbit.api.security.principal.GroupPrincipal; import org.apache.jackrabbit.api.security.principal.JackrabbitPrincipal; +import org.jetbrains.annotations.NotNull; import org.junit.Test; import static org.junit.Assert.assertEquals; @@ -130,10 +131,11 @@ private class OtherEveryoneGroup extends OtherEveryone implements GroupPrincipal { @Override - public boolean isMember(Principal principal) { + public boolean isMember(@NotNull Principal principal) { return true; } + @NotNull @Override public Enumeration members() { throw new UnsupportedOperationException(); Index: oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/TestPrincipalProvider.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/TestPrincipalProvider.java (revision 1862145) +++ oak-security-spi/src/test/java/org/apache/jackrabbit/oak/spi/security/principal/TestPrincipalProvider.java (date 1561567715000) @@ -54,6 +54,7 @@ public TestPrincipalProvider(String... principalNames) { this.exposesEveryone = true; this.principals = Maps.toMap(ImmutableSet.copyOf(principalNames), input -> new ItemBasedPrincipal() { + @NotNull @Override public String getPath() { return "/path/to/principal/" + input; @@ -175,10 +176,11 @@ } @Override - public boolean isMember(Principal member) { + public boolean isMember(@NotNull Principal member) { throw new UnsupportedOperationException(); } + @NotNull @Override public Enumeration members() { return members;