Author: angela Date: Wed Aug 22 15:49:20 2012 New Revision: 1376102 URL: http://svn.apache.org/viewvc?rev=1376102&view=rev Log: OAK-50 : Implement User Management (WIP) OAK-91 : Authentication (WIP)
Added: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java - copied, changed from r1376019, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/Authentication.java Removed: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/Authentication.java Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfo.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java?rev=1376102&r1=1376101&r2=1376102&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/AuthenticationImpl.java Wed Aug 22 15:49:20 2012 @@ -16,11 +16,13 @@ */ package org.apache.jackrabbit.oak.security.authentication; +import java.security.Principal; +import java.util.Set; import javax.jcr.Credentials; import javax.jcr.GuestCredentials; import javax.jcr.SimpleCredentials; -import java.security.Principal; -import java.util.Set; + +import org.apache.jackrabbit.oak.spi.security.authentication.Authentication; /** * AuthenticationImpl... Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java?rev=1376102&r1=1376101&r2=1376102&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginModuleImpl.java Wed Aug 22 15:49:20 2012 @@ -18,7 +18,6 @@ package org.apache.jackrabbit.oak.securi import java.io.IOException; import java.security.Principal; -import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.Map; @@ -36,8 +35,8 @@ import javax.security.auth.login.LoginEx import org.apache.jackrabbit.oak.api.AuthInfo; import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule; +import org.apache.jackrabbit.oak.spi.security.authentication.Authentication; import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials; -import org.apache.jackrabbit.oak.spi.security.authentication.PrincipalProviderCallback; import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -165,33 +164,6 @@ public class LoginModuleImpl extends Abs } //-------------------------------------------------------------------------- - - private Set<Principal> getPrincipals(String userID) { - PrincipalProvider principalProvider = getPrincipalProvider(); - if (principalProvider == null) { - log.debug("Commit: Cannot retrieve principals. No principal provider configured."); - return Collections.emptySet(); - } else { - return principalProvider.getPrincipals(userID); - } - } - - private PrincipalProvider getPrincipalProvider() { - PrincipalProvider principalProvider = null; - if (callbackHandler != null) { - try { - PrincipalProviderCallback principalCallBack = new PrincipalProviderCallback(); - callbackHandler.handle(new Callback[] {principalCallBack}); - principalProvider = principalCallBack.getPrincipalProvider(); - } catch (IOException e) { - log.warn(e.getMessage()); - } catch (UnsupportedCallbackException e) { - log.warn(e.getMessage()); - } - } - return principalProvider; - } - @CheckForNull private String getUserID() { // TODO add proper implementation Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java?rev=1376102&r1=1376101&r2=1376102&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenAuthentication.java Wed Aug 22 15:49:20 2012 @@ -19,10 +19,11 @@ package org.apache.jackrabbit.oak.securi import java.security.Principal; import java.util.Date; import java.util.Set; +import javax.annotation.Nonnull; import javax.jcr.Credentials; import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials; -import org.apache.jackrabbit.oak.security.authentication.Authentication; +import org.apache.jackrabbit.oak.spi.security.authentication.Authentication; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -40,6 +41,7 @@ class TokenAuthentication implements Aut this.tokenProvider = tokenProvider; } + //-----------------------------------------------------< Authentication >--- @Override public boolean authenticate(Credentials credentials) { boolean success = false; @@ -58,11 +60,16 @@ class TokenAuthentication implements Aut return false; } + //-----------------------------------------------------------< internal >--- + @Nonnull TokenInfo getTokenInfo() { + if (tokenInfo == null) { + throw new IllegalStateException("Token info can only be retrieved upon successful authentication."); + } return tokenInfo; } - //-------------------------------------------------------------------------- + //------------------------------------------------------------< private >--- private boolean validateCredentials(TokenCredentials tokenCredentials) { // credentials without userID -> check if attributes provide // sufficient information for successful authentication. Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfo.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfo.java?rev=1376102&r1=1376101&r2=1376102&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfo.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenInfo.java Wed Aug 22 15:49:20 2012 @@ -17,6 +17,7 @@ package org.apache.jackrabbit.oak.security.authentication.token; import java.util.Map; +import javax.annotation.Nonnull; import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials; @@ -25,13 +26,19 @@ import org.apache.jackrabbit.api.securit */ public interface TokenInfo { + @Nonnull + String getUserId(); + + @Nonnull String getToken(); boolean isExpired(long loginTime); boolean matches(TokenCredentials tokenCredentials); + @Nonnull Map<String, String> getPrivateAttributes(); + @Nonnull Map<String, String> getPublicAttributes(); } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java?rev=1376102&r1=1376101&r2=1376102&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModule.java Wed Aug 22 15:49:20 2012 @@ -67,8 +67,11 @@ public class TokenLoginModule extends Ab if (authentication.authenticate(tc)) { tokenCredentials = tc; tokenInfo = authentication.getTokenInfo(); - userID = null; // TODO: getUserID(tc); - principals = null; // TODO getPrincipals(userID); + userID = tokenInfo.getUserId(); + principals = getPrincipals(userID); + + log.debug("Login: adding login name to shared state."); + sharedState.put(SHARED_KEY_LOGIN_NAME, userID); return true; } } @@ -78,7 +81,7 @@ public class TokenLoginModule extends Ab @Override public boolean commit() throws LoginException { - if (tokenCredentials != null || !principals.isEmpty()) { + if (tokenCredentials != null) { if (!subject.isReadOnly()) { subject.getPublicCredentials().add(tokenCredentials); subject.getPrincipals().addAll(principals); @@ -89,21 +92,19 @@ public class TokenLoginModule extends Ab if (tokenProvider != null && sharedState.containsKey(SHARED_KEY_CREDENTIALS)) { Credentials shared = getSharedCredentials(); - if (shared != null) { - if (tokenProvider.doCreateToken(shared)) { - TokenInfo ti = tokenProvider.createToken(shared); - if (ti != null) { - TokenCredentials tc = new TokenCredentials(ti.getToken()); - Map<String, String> attributes = ti.getPrivateAttributes(); - for (String name : attributes.keySet()) { - tc.setAttribute(name, attributes.get(name)); - } - attributes = ti.getPublicAttributes(); - for (String name : attributes.keySet()) { - tc.setAttribute(name, attributes.get(name)); - } - subject.getPublicCredentials().add(tc); + if (shared != null && tokenProvider.doCreateToken(shared)) { + TokenInfo ti = tokenProvider.createToken(shared); + if (ti != null) { + TokenCredentials tc = new TokenCredentials(ti.getToken()); + Map<String, String> attributes = ti.getPrivateAttributes(); + for (String name : attributes.keySet()) { + tc.setAttribute(name, attributes.get(name)); + } + attributes = ti.getPublicAttributes(); + for (String name : attributes.keySet()) { + tc.setAttribute(name, attributes.get(name)); } + subject.getPublicCredentials().add(tc); } } } Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java?rev=1376102&r1=1376101&r2=1376102&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImpl.java Wed Aug 22 15:49:20 2012 @@ -27,6 +27,7 @@ import java.util.Date; import java.util.GregorianCalendar; import java.util.HashMap; import java.util.Map; +import javax.annotation.CheckForNull; import javax.jcr.Credentials; import javax.jcr.SimpleCredentials; @@ -105,11 +106,11 @@ public class TokenProviderImpl implement public TokenInfo createToken(Credentials credentials) { if (credentials instanceof SimpleCredentials) { final SimpleCredentials sc = (SimpleCredentials) credentials; - String userID = sc.getUserID(); + String userId = sc.getUserID(); CoreValueFactory valueFactory = contentSession.getCoreValueFactory(); try { - Tree userTree = userProvider.getAuthorizable(userID, Type.USER); + Tree userTree = userProvider.getAuthorizable(userId, Type.USER); if (userTree != null) { NodeUtil userNode = new NodeUtil(userTree, valueFactory); NodeUtil tokenParent = userNode.getChild(TOKENS_NODE_NAME); @@ -143,9 +144,9 @@ public class TokenProviderImpl implement // also set the new token to the simple credentials. sc.setAttribute(TOKEN_ATTRIBUTE, token); - return new TokenInfoImpl(tokenNode, token); + return new TokenInfoImpl(tokenNode, token, userId); } else { - log.debug("Cannot create login token: No corresponding node for User " + userID + '.'); + log.debug("Cannot create login token: No corresponding node for User " + userId + '.'); } } catch (NoSuchAlgorithmException e) { @@ -165,7 +166,12 @@ public class TokenProviderImpl implement int pos = token.indexOf(DELIM); String tokenPath = (pos == -1) ? token : token.substring(0, pos); Tree tokenTree = root.getTree(tokenPath); - return (tokenTree == null) ? null : new TokenInfoImpl(new NodeUtil(tokenTree, contentSession), token); + String userId = getUserId(tokenTree); + if (tokenTree == null || userId == null) { + return null; + } else { + return new TokenInfoImpl(new NodeUtil(tokenTree, contentSession), token, userId); + } } @Override @@ -206,17 +212,6 @@ public class TokenProviderImpl implement //-------------------------------------------------------------------------- - /** - * Returns {@code true} if the specified {@code attributeName} - * starts with or equals {@link #TOKEN_ATTRIBUTE}. - * - * @param attributeName - * @return {@code true} if the specified {@code attributeName} - * starts with or equals {@link #TOKEN_ATTRIBUTE}. - */ - private static boolean isMandatoryAttribute(String attributeName) { - return attributeName != null && attributeName.startsWith(TOKEN_ATTRIBUTE); - } private static String generateKey(int size) { SecureRandom random = new SecureRandom(); @@ -231,6 +226,7 @@ public class TokenProviderImpl implement return res.toString(); } + @CheckForNull private Tree getTokenTree(TokenInfo tokenInfo) { if (tokenInfo instanceof TokenInfoImpl) { return root.getTree(((TokenInfoImpl) tokenInfo).tokenPath); @@ -239,22 +235,35 @@ public class TokenProviderImpl implement } } + @CheckForNull + private String getUserId(Tree tokenTree) { + if (tokenTree != null) { + Tree userTree = tokenTree.getParent().getParent(); + return userProvider.getAuthorizableId(userTree, Type.USER); + } + + return null; + } + //-------------------------------------------------------------------------- private static class TokenInfoImpl implements TokenInfo { private final String token; private final String tokenPath; + private final String userId; private final long expirationTime; private final String key; - private Map<String, String> mandatoryAttributes; - private Map<String, String> publicAttributes; + + private final Map<String, String> mandatoryAttributes; + private final Map<String, String> publicAttributes; - private TokenInfoImpl(NodeUtil tokenNode, String token) { + private TokenInfoImpl(NodeUtil tokenNode, String token, String userId) { this.token = token; this.tokenPath = tokenNode.getTree().getPath(); + this.userId = userId; expirationTime = tokenNode.getLong(TOKEN_ATTRIBUTE_EXPIRY, Long.MIN_VALUE); key = tokenNode.getString(TOKEN_ATTRIBUTE_KEY, null); @@ -273,6 +282,13 @@ public class TokenProviderImpl implement } } + //------------------------------------------------------< TokenInfo >--- + + @Override + public String getUserId() { + return userId; + } + @Override public String getToken() { return token; @@ -319,6 +335,18 @@ public class TokenProviderImpl implement } /** + * Returns {@code true} if the specified {@code attributeName} + * starts with or equals {@link #TOKEN_ATTRIBUTE}. + * + * @param attributeName + * @return {@code true} if the specified {@code attributeName} + * starts with or equals {@link #TOKEN_ATTRIBUTE}. + */ + private static boolean isMandatoryAttribute(String attributeName) { + return attributeName != null && attributeName.startsWith(TOKEN_ATTRIBUTE); + } + + /** * Returns {@code false} if the specified attribute name doesn't have * a 'jcr' or 'rep' namespace prefix; {@code true} otherwise. This is * a lazy evaluation in order to avoid testing the defining node type of Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java?rev=1376102&r1=1376101&r2=1376102&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/UserProviderImpl.java Wed Aug 22 15:49:20 2012 @@ -219,21 +219,23 @@ class UserProviderImpl extends Authoriza } @Override - public String getAuthorizableId(Tree authorizableTree) { + public String getAuthorizableId(Tree authorizableTree, Type authorizableType) { assert authorizableTree != null; - PropertyState idProp = authorizableTree.getProperty(UserConstants.REP_AUTHORIZABLE_ID); - if (idProp != null) { - return idProp.getValue().getString(); - } else { - return Text.unescapeIllegalJcrChars(authorizableTree.getName()); + if (isAuthorizableTree(authorizableTree, authorizableType)) { + PropertyState idProp = authorizableTree.getProperty(UserConstants.REP_AUTHORIZABLE_ID); + if (idProp != null) { + return idProp.getValue().getString(); + } else { + return Text.unescapeIllegalJcrChars(authorizableTree.getName()); + } } + return null; } @Override public boolean isAdminUser(Tree userTree) { assert userTree != null; - return isAuthorizableTree(userTree, Type.USER) && - adminId.equals(getAuthorizableId(userTree)); + return adminId.equals(getAuthorizableId(userTree, Type.USER)); } @Override Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java?rev=1376102&r1=1376101&r2=1376102&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java Wed Aug 22 15:49:20 2012 @@ -17,6 +17,8 @@ package org.apache.jackrabbit.oak.spi.security.authentication; import java.io.IOException; +import java.security.Principal; +import java.util.Collections; import java.util.Map; import java.util.Set; import javax.annotation.CheckForNull; @@ -28,6 +30,7 @@ import javax.security.auth.callback.Unsu import javax.security.auth.login.LoginException; import javax.security.auth.spi.LoginModule; +import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -143,4 +146,31 @@ public abstract class AbstractLoginModul return null; } } + + + protected Set<Principal> getPrincipals(String userID) { + PrincipalProvider principalProvider = getPrincipalProvider(); + if (principalProvider == null) { + log.debug("Cannot retrieve principals. No principal provider configured."); + return Collections.emptySet(); + } else { + return principalProvider.getPrincipals(userID); + } + } + + private PrincipalProvider getPrincipalProvider() { + PrincipalProvider principalProvider = null; + if (callbackHandler != null) { + try { + PrincipalProviderCallback principalCallBack = new PrincipalProviderCallback(); + callbackHandler.handle(new Callback[] {principalCallBack}); + principalProvider = principalCallBack.getPrincipalProvider(); + } catch (IOException e) { + log.warn(e.getMessage()); + } catch (UnsupportedCallbackException e) { + log.warn(e.getMessage()); + } + } + return principalProvider; + } } Copied: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java (from r1376019, jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/Authentication.java) URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java?p2=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java&p1=jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/Authentication.java&r1=1376019&r2=1376102&rev=1376102&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/Authentication.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/Authentication.java Wed Aug 22 15:49:20 2012 @@ -14,11 +14,11 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.apache.jackrabbit.oak.security.authentication; +package org.apache.jackrabbit.oak.spi.security.authentication; -import javax.jcr.Credentials; import java.security.Principal; import java.util.Set; +import javax.jcr.Credentials; /** * The {@code Authentication} interface defines methods to validate @@ -38,8 +38,6 @@ import java.util.Set; */ public interface Authentication { - // TODO: evaluate if that should part of SPI package. - /** * Validates the specified {@code Credentials} and returns {@code true} if * the validation was successful. Modified: jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java?rev=1376102&r1=1376101&r2=1376102&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java (original) +++ jackrabbit/oak/trunk/oak-core/src/main/java/org/apache/jackrabbit/oak/spi/security/user/UserProvider.java Wed Aug 22 15:49:20 2012 @@ -17,12 +17,10 @@ package org.apache.jackrabbit.oak.spi.security.user; import java.security.Principal; -import java.util.List; import javax.annotation.CheckForNull; import javax.annotation.Nonnull; import javax.jcr.RepositoryException; -import org.apache.jackrabbit.oak.api.CoreValue; import org.apache.jackrabbit.oak.api.Tree; /** @@ -49,8 +47,8 @@ public interface UserProvider { @CheckForNull Tree getAuthorizableByPrincipal(Principal principal); - @Nonnull - String getAuthorizableId(Tree authorizableTree); + @CheckForNull + String getAuthorizableId(Tree authorizableTree, Type authorizableType); boolean isAdminUser(Tree userTree); Modified: jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java?rev=1376102&r1=1376101&r2=1376102&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java (original) +++ jackrabbit/oak/trunk/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserProviderImplTest.java Wed Aug 22 15:49:20 2012 @@ -253,7 +253,7 @@ public class UserProviderImplTest extend root.commit(DefaultConflictHandler.OURS); assertEquals(defaultUserPath + m.get(uid), user.getPath()); - assertEquals(uid, userProvider.getAuthorizableId(user)); + assertEquals(uid, userProvider.getAuthorizableId(user, Type.USER)); Tree ath = userProvider.getAuthorizable(uid); assertNotNull("Tree with id " + uid + " must exist.", ath); @@ -344,11 +344,16 @@ public class UserProviderImplTest extend String userID = "Amanda"; Tree user = up.createUser(userID, null); - assertEquals(userID, up.getAuthorizableId(user)); + assertEquals(userID, up.getAuthorizableId(user, Type.USER)); + assertEquals(userID, up.getAuthorizableId(user, Type.AUTHORIZABLE)); + assertNull(up.getAuthorizableId(user, Type.GROUP)); + String groupID = "visitors"; Tree group = up.createGroup(groupID, null); - assertEquals(groupID, up.getAuthorizableId(group)); + assertEquals(groupID, up.getAuthorizableId(group, Type.GROUP)); + assertEquals(groupID, up.getAuthorizableId(group, Type.AUTHORIZABLE)); + assertNull(up.getAuthorizableId(group, Type.USER)); } @Test Modified: jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java URL: http://svn.apache.org/viewvc/jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java?rev=1376102&r1=1376101&r2=1376102&view=diff ============================================================================== --- jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java (original) +++ jackrabbit/oak/trunk/oak-jcr/src/main/java/org/apache/jackrabbit/oak/jcr/security/user/AuthorizableImpl.java Wed Aug 22 15:49:20 2012 @@ -36,6 +36,7 @@ import org.apache.jackrabbit.commons.ite import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal; import org.apache.jackrabbit.oak.spi.security.user.MembershipProvider; +import org.apache.jackrabbit.oak.spi.security.user.Type; import org.apache.jackrabbit.oak.spi.security.user.UserConstants; import org.apache.jackrabbit.util.Text; import org.slf4j.Logger; @@ -80,7 +81,7 @@ abstract class AuthorizableImpl implemen */ @Override public String getID() { - return userManager.getUserProvider().getAuthorizableId(tree); + return userManager.getUserProvider().getAuthorizableId(tree, (isGroup()) ? Type.GROUP : Type.USER); } /**