[exo-jcr-commits] exo-jcr SVN: r4738 - in jcr/branches/1.12.x: exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/core and 7 other directories.
do-not-reply at jboss.org
do-not-reply at jboss.org
Thu Aug 11 06:41:11 EDT 2011
Author: trang_vu
Date: 2011-08-11 06:41:11 -0400 (Thu, 11 Aug 2011)
New Revision: 4738
Added:
jcr/branches/1.12.x/exo.jcr.component.ext/src/test/java/org/exoplatform/services/jcr/ext/common/
jcr/branches/1.12.x/exo.jcr.component.ext/src/test/java/org/exoplatform/services/jcr/ext/common/DynamicSessionProviderTest.java
jcr/branches/1.12.x/patch/1.12.10-GA/JCR-1636/readme.txt
Modified:
jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/access/AccessManager.java
jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/core/ManageableRepository.java
jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java
jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/jndi/BindableRepositoryImpl.java
jcr/branches/1.12.x/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/access/TestUserAccess.java
jcr/branches/1.12.x/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/common/SessionProvider.java
jcr/branches/1.12.x/exo.jcr.component.ext/src/test/java/org/exoplatform/services/jcr/ext/BaseStandaloneTest.java
Log:
JCR-1636: Allow to create sessions from ACLs
Fix description
* Create session with custom set of ACL.
Modified: jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/access/AccessManager.java
===================================================================
--- jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/access/AccessManager.java 2011-08-11 09:34:12 UTC (rev 4737)
+++ jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/access/AccessManager.java 2011-08-11 10:41:11 UTC (rev 4738)
@@ -192,7 +192,9 @@
}
else if (user.isMemberOf(ace.getMembershipEntry()))
+ {
return true;
+ }
}
}
return false;
Modified: jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/core/ManageableRepository.java
===================================================================
--- jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/core/ManageableRepository.java 2011-08-11 09:34:12 UTC (rev 4737)
+++ jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/core/ManageableRepository.java 2011-08-11 10:41:11 UTC (rev 4738)
@@ -23,9 +23,11 @@
import org.exoplatform.services.jcr.config.WorkspaceEntry;
import org.exoplatform.services.jcr.core.nodetype.ExtendedNodeTypeManager;
import org.exoplatform.services.jcr.dataflow.persistent.ItemsPersistenceListener;
+import org.exoplatform.services.security.MembershipEntry;
import java.io.IOException;
import java.io.InputStream;
+import java.util.Collection;
import javax.jcr.NamespaceRegistry;
import javax.jcr.NoSuchWorkspaceException;
@@ -117,6 +119,15 @@
Session getSystemSession(String workspaceName) throws RepositoryException;
/**
+ * @param workspaceName - name of workspace
+ * @param membershipEntries - list of memberships
+ * @return the Dynamic session (session with Dynamic identity)
+ * @throws RepositoryException
+ */
+ Session getDynamicSession(String workspaceName, Collection<MembershipEntry> membershipEntries)
+ throws RepositoryException;
+
+ /**
* @return array of workspace names
*/
String[] getWorkspaceNames();
Modified: jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java
===================================================================
--- jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java 2011-08-11 09:34:12 UTC (rev 4737)
+++ jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java 2011-08-11 10:41:11 UTC (rev 4738)
@@ -19,6 +19,7 @@
package org.exoplatform.services.jcr.impl.core;
import org.exoplatform.services.jcr.access.AuthenticationPolicy;
+import org.exoplatform.services.jcr.access.DynamicIdentity;
import org.exoplatform.services.jcr.access.SystemIdentity;
import org.exoplatform.services.jcr.config.RepositoryConfigurationException;
import org.exoplatform.services.jcr.config.RepositoryEntry;
@@ -39,11 +40,14 @@
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
import org.exoplatform.services.security.ConversationState;
+import org.exoplatform.services.security.Identity;
+import org.exoplatform.services.security.MembershipEntry;
import org.picocontainer.ComponentAdapter;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
+import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
@@ -342,6 +346,29 @@
}
/**
+ * {@inheritDoc}
+ */
+ public SessionImpl getDynamicSession(String workspaceName, Collection<MembershipEntry> membershipEntries)
+ throws RepositoryException
+ {
+
+ if (getState() == OFFLINE)
+ LOG.warn("Repository " + getName() + " is OFFLINE.");
+
+ WorkspaceContainer workspaceContainer = repositoryContainer.getWorkspaceContainer(workspaceName);
+ if (workspaceContainer == null || !workspaceContainer.getWorkspaceInitializer().isWorkspaceInitialized())
+ {
+ throw new RepositoryException("Workspace " + workspaceName + " not found or workspace is not initialized");
+ }
+
+ SessionFactory sessionFactory = workspaceContainer.getSessionFactory();
+
+ Identity id = new Identity(DynamicIdentity.DYNAMIC, membershipEntries);
+
+ return sessionFactory.createSession(new ConversationState(id));
+ }
+
+ /**
* @return system workspace name as it configured in jcr configuration
*/
public String getSystemWorkspaceName()
Modified: jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/jndi/BindableRepositoryImpl.java
===================================================================
--- jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/jndi/BindableRepositoryImpl.java 2011-08-11 09:34:12 UTC (rev 4737)
+++ jcr/branches/1.12.x/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/jndi/BindableRepositoryImpl.java 2011-08-11 10:41:11 UTC (rev 4738)
@@ -25,10 +25,12 @@
import org.exoplatform.services.jcr.core.WorkspaceContainerFacade;
import org.exoplatform.services.jcr.core.nodetype.ExtendedNodeTypeManager;
import org.exoplatform.services.jcr.dataflow.persistent.ItemsPersistenceListener;
+import org.exoplatform.services.security.MembershipEntry;
import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
+import java.util.Collection;
import javax.jcr.Credentials;
import javax.jcr.LoginException;
@@ -133,6 +135,18 @@
/*
* (non-Javadoc)
* @see
+ * org.exoplatform.services.jcr.core.ManageableRepository#getDynamicSession
+ * (java.lang.String)
+ */
+ public Session getDynamicSession(String workspaceName, Collection<MembershipEntry> membershipEntries)
+ throws RepositoryException
+ {
+ return delegatee.getDynamicSession(workspaceName, membershipEntries);
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see
* org.exoplatform.services.jcr.core.ManageableRepository#getWorkspaceNames()
*/
public String[] getWorkspaceNames()
Modified: jcr/branches/1.12.x/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/access/TestUserAccess.java
===================================================================
--- jcr/branches/1.12.x/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/access/TestUserAccess.java 2011-08-11 09:34:12 UTC (rev 4737)
+++ jcr/branches/1.12.x/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/access/TestUserAccess.java 2011-08-11 10:41:11 UTC (rev 4738)
@@ -23,9 +23,13 @@
import org.exoplatform.services.jcr.access.SystemIdentity;
import org.exoplatform.services.jcr.core.CredentialsImpl;
import org.exoplatform.services.jcr.impl.core.NodeImpl;
+import org.exoplatform.services.security.MembershipEntry;
import java.security.AccessControlException;
+import java.util.ArrayList;
+import java.util.List;
+import javax.jcr.AccessDeniedException;
import javax.jcr.Node;
import javax.jcr.Session;
@@ -72,7 +76,7 @@
public void testUser() throws Exception
{
// Mary only node, Mary membership is '*:/exo', seems it's user
- NodeImpl maryNode = (NodeImpl)testRoot.addNode("mary");
+ NodeImpl maryNode = (NodeImpl) testRoot.addNode("mary");
maryNode.addMixin("exo:privilegeable");
if (!session.getUserID().equals("mary"))
{
@@ -175,4 +179,100 @@
}
}
+ /**
+ * Check if Dynamic user has rights to a node with user "mary".
+ *
+ * @throws Exception
+ */
+ public void testDynamicUserRead() throws Exception
+ {
+ // Mary only node, Mary membership is '*:/platform/users', seems it's user
+ NodeImpl maryNode = (NodeImpl) testRoot.addNode("mary_dynamic");
+ maryNode.addMixin("exo:privilegeable");
+ if (!session.getUserID().equals("mary"))
+ {
+ maryNode.setPermission("*:/platform/users", new String[] {PermissionType.READ});
+ maryNode.setPermission("mary", PermissionType.ALL);
+ maryNode.removePermission(session.getUserID());
+ }
+ maryNode.removePermission(SystemIdentity.ANY);
+ testRoot.save();
+
+ Session marySession =
+ repository.login(new CredentialsImpl("mary", "exo".toCharArray()), session.getWorkspace().getName());
+ NodeImpl myNode = (NodeImpl) marySession.getItem(maryNode.getPath());
+ Node test = myNode.addNode("test");
+ test.setProperty("property", "any data");
+ myNode.save();
+
+ //Dynamic session fail read
+ List<MembershipEntry> dynamicMembershipEntries = new ArrayList<MembershipEntry>();
+ dynamicMembershipEntries.add(new MembershipEntry("/platform/administrators"));
+
+ try
+ {
+ Session dynamicSession =
+ repository.getDynamicSession(session.getWorkspace().getName(), dynamicMembershipEntries);
+ NodeImpl maryNodeDynamic = (NodeImpl) dynamicSession.getItem(maryNode.getPath());
+ fail("Dynamic session with membership '*:/platform/users' should not read node with membership '*:/platform/users'");
+ }
+ catch (AccessDeniedException e)
+ {
+ //ok
+ }
+
+ //Dynamic session successful read
+ dynamicMembershipEntries = new ArrayList<MembershipEntry>();
+ dynamicMembershipEntries.add(new MembershipEntry("/platform/users"));
+
+ //check get
+ try
+ {
+ Session dynamicSession =
+ repository.getDynamicSession(session.getWorkspace().getName(), dynamicMembershipEntries);
+ NodeImpl maryNodeDynamic = (NodeImpl) dynamicSession.getItem(maryNode.getPath());
+ //ok
+ }
+ catch (AccessDeniedException e)
+ {
+
+ e.printStackTrace();
+ fail("Dynamic session with membership '*:/platform/users' should read node with membership '*:/platform/users'. Exception message :"
+ + e.getMessage());
+ }
+
+ //check add
+ try
+ {
+ Session dynamicSession =
+ repository.getDynamicSession(session.getWorkspace().getName(), dynamicMembershipEntries);
+ NodeImpl maryNodeDynamic = (NodeImpl) dynamicSession.getItem(maryNode.getPath());
+
+ maryNodeDynamic.addNode("test2");
+ maryNodeDynamic.save();
+ fail("Dynamic session with membership '*:/platform/users' should be not add child node with membership '*:/platform/users READ'");
+ }
+ catch (AccessDeniedException e)
+ {
+ //ok
+ }
+
+ //check remove
+ try
+ {
+ Session dynamicSession =
+ repository.getDynamicSession(session.getWorkspace().getName(), dynamicMembershipEntries);
+ NodeImpl maryNodeDynamic = (NodeImpl) dynamicSession.getItem(maryNode.getPath());
+
+ maryNodeDynamic.getNode("test").remove();
+ maryNodeDynamic.save();
+ fail("Dynamic session with membership '*:/platform/users' should be not remove child node with membership '*:/platform/users READ'");
+ }
+ catch (AccessDeniedException e)
+ {
+ //ok
+ }
+
+ }
+
}
Modified: jcr/branches/1.12.x/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/common/SessionProvider.java
===================================================================
--- jcr/branches/1.12.x/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/common/SessionProvider.java 2011-08-11 09:34:12 UTC (rev 4737)
+++ jcr/branches/1.12.x/exo.jcr.component.ext/src/main/java/org/exoplatform/services/jcr/ext/common/SessionProvider.java 2011-08-11 10:41:11 UTC (rev 4738)
@@ -18,6 +18,8 @@
*/
package org.exoplatform.services.jcr.ext.common;
+import org.exoplatform.services.jcr.access.AccessControlEntry;
+import org.exoplatform.services.jcr.access.DynamicIdentity;
import org.exoplatform.services.jcr.access.SystemIdentity;
import org.exoplatform.services.jcr.core.ExtendedSession;
import org.exoplatform.services.jcr.core.ManageableRepository;
@@ -28,6 +30,7 @@
import java.util.HashMap;
import java.util.HashSet;
+import java.util.List;
import java.util.Map;
import javax.jcr.LoginException;
@@ -67,6 +70,8 @@
private String currentWorkspace;
private boolean closed;
+
+ private ConversationState conversationState;
/**
* Creates SessionProvider for certain identity.
@@ -81,6 +86,18 @@
}
/**
+ * Creates SessionProvider for a dynamic identity.
+ *
+ * @param membershipEntries the expected memberships
+ */
+ private SessionProvider(HashSet<MembershipEntry> membershipEntries)
+ {
+ this(false);
+ Identity id = new Identity(DynamicIdentity.DYNAMIC, membershipEntries);
+ this.conversationState = new ConversationState(id);
+ }
+
+ /**
* Internal constructor.
*
* @param isSystem
@@ -113,6 +130,25 @@
return new SessionProvider(new ConversationState(id));
}
+ public static SessionProvider createProvider(List<AccessControlEntry> accessList)
+ {
+ if (accessList == null || accessList.isEmpty())
+ {
+ return createAnonimProvider();
+ }
+ else
+ {
+ HashSet<MembershipEntry> membershipEntries = new HashSet<MembershipEntry>();
+
+ for (AccessControlEntry ace : accessList)
+ {
+ membershipEntries.add(ace.getMembershipEntry());
+ }
+ return new SessionProvider(membershipEntries);
+ }
+
+ }
+
/**
* Gets the session from internal cache or creates and caches new one.
*
@@ -142,11 +178,18 @@
if (session == null)
{
-
- if (!isSystem)
+ if (conversationState != null)
+ {
+ session = (ExtendedSession) repository.getDynamicSession(workspaceName, conversationState.getIdentity().getMemberships());
+ }
+ else if (!isSystem)
+ {
session = (ExtendedSession)repository.login(workspaceName);
+ }
else
+ {
session = (ExtendedSession)repository.getSystemSession(workspaceName);
+ }
session.registerLifecycleListener(this);
Modified: jcr/branches/1.12.x/exo.jcr.component.ext/src/test/java/org/exoplatform/services/jcr/ext/BaseStandaloneTest.java
===================================================================
--- jcr/branches/1.12.x/exo.jcr.component.ext/src/test/java/org/exoplatform/services/jcr/ext/BaseStandaloneTest.java 2011-08-11 09:34:12 UTC (rev 4737)
+++ jcr/branches/1.12.x/exo.jcr.component.ext/src/test/java/org/exoplatform/services/jcr/ext/BaseStandaloneTest.java 2011-08-11 10:41:11 UTC (rev 4738)
@@ -53,6 +53,7 @@
import javax.jcr.NodeIterator;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
+import javax.jcr.Session;
import javax.jcr.ValueFactory;
import javax.jcr.Workspace;
@@ -154,10 +155,10 @@
log.info("tearDown() BEGIN " + getClass().getName() + "." + getName());
if (session != null)
{
+ Session sysSession = repository.getSystemSession(session.getWorkspace().getName());
try
{
- session.refresh(false);
- Node rootNode = session.getRootNode();
+ Node rootNode = sysSession.getRootNode();
if (rootNode.hasNodes())
{
// clean test root
@@ -171,7 +172,7 @@
node.remove();
}
}
- session.save();
+ sysSession.save();
}
}
catch (Exception e)
@@ -181,6 +182,7 @@
}
finally
{
+ sysSession.logout();
session.logout();
}
}
Added: jcr/branches/1.12.x/exo.jcr.component.ext/src/test/java/org/exoplatform/services/jcr/ext/common/DynamicSessionProviderTest.java
===================================================================
--- jcr/branches/1.12.x/exo.jcr.component.ext/src/test/java/org/exoplatform/services/jcr/ext/common/DynamicSessionProviderTest.java (rev 0)
+++ jcr/branches/1.12.x/exo.jcr.component.ext/src/test/java/org/exoplatform/services/jcr/ext/common/DynamicSessionProviderTest.java 2011-08-11 10:41:11 UTC (rev 4738)
@@ -0,0 +1,210 @@
+/*
+ * Copyright (C) 2003-2011 eXo Platform SAS.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Affero General Public License
+ * as published by the Free Software Foundation; either version 3
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see<http://www.gnu.org/licenses/>.
+ */
+package org.exoplatform.services.jcr.ext.common;
+
+import org.exoplatform.services.jcr.access.AccessControlEntry;
+import org.exoplatform.services.jcr.access.PermissionType;
+import org.exoplatform.services.jcr.access.SystemIdentity;
+import org.exoplatform.services.jcr.core.CredentialsImpl;
+import org.exoplatform.services.jcr.ext.BaseStandaloneTest;
+import org.exoplatform.services.jcr.ext.common.SessionProvider;
+import org.exoplatform.services.jcr.impl.core.NodeImpl;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.Session;
+
+/**
+ * Created by The eXo Platform SAS.
+ *
+ * <br/>Date: 2011
+ *
+ * @author <a href="mailto:alex.reshetnyak at exoplatform.com.ua">Alex Reshetnyak</a>
+ * @version $Id: DynamicSessionProviderTest.java 111 2011-11-11 11:11:11Z rainf0x $
+ */
+public class DynamicSessionProviderTest
+ extends BaseStandaloneTest
+{
+ private NodeImpl testRoot;
+
+ @Override
+ public void setUp() throws Exception
+ {
+ super.setUp();
+
+ testRoot = (NodeImpl)root.addNode("testDynamicSession");
+ root.save();
+ }
+
+ public void testDynamicSession() throws Exception
+ {
+ // Mary only node, Mary membership is '*:/platform/users', seems it's user
+ NodeImpl maryNode = (NodeImpl) testRoot.addNode("mary_dynamic");
+ maryNode.addMixin("exo:privilegeable");
+ if (!session.getUserID().equals("mary"))
+ {
+ maryNode.setPermission("*:/platform/users", new String[] {PermissionType.READ});
+ maryNode.setPermission("mary", PermissionType.ALL);
+ maryNode.removePermission(session.getUserID());
+ }
+ maryNode.removePermission(SystemIdentity.ANY);
+ testRoot.save();
+
+ Session marySession =
+ repository.login(new CredentialsImpl("mary", "exo".toCharArray()), session.getWorkspace().getName());
+ NodeImpl myNode = (NodeImpl) marySession.getItem(maryNode.getPath());
+ NodeImpl test = (NodeImpl) myNode.addNode("test");
+ test.setProperty("property", "any data");
+ myNode.save();
+ marySession.logout();
+
+ //Dynamic session fail read
+ List<AccessControlEntry> accessControlEntries = new ArrayList<AccessControlEntry>();
+ accessControlEntries.add(new AccessControlEntry("*:/platform/administrators", "READ"));
+ SessionProvider dynamicProvider = SessionProvider.createProvider(accessControlEntries);
+
+ Session dynamicSession = null;
+ try
+ {
+ dynamicSession = dynamicProvider.getSession(session.getWorkspace().getName(), repository);
+ NodeImpl maryNodeDynamic = (NodeImpl) dynamicSession.getItem(maryNode.getPath());
+ fail("Dynamic session with membership '*:/platform/users' should not read node with membership '*:/platform/users'");
+ }
+ catch (AccessDeniedException e)
+ {
+ //ok
+ }
+
+ //Dynamic session successful read
+ accessControlEntries = new ArrayList<AccessControlEntry>();
+ accessControlEntries.add(new AccessControlEntry("*:/platform/users", "READ"));
+ dynamicProvider = SessionProvider.createProvider(accessControlEntries);
+
+ //check get
+ try
+ {
+ dynamicSession = dynamicProvider.getSession(session.getWorkspace().getName(), repository);
+ NodeImpl maryNodeDynamic = (NodeImpl) dynamicSession.getItem(maryNode.getPath());
+ //ok
+ }
+ catch (AccessDeniedException e)
+ {
+
+ e.printStackTrace();
+ fail("Dynamic session with membership '*:/platform/users' should read node with membership '*:/platform/users'. Exception message :"
+ + e.getMessage());
+ }
+
+ //check add
+ try
+ {
+ dynamicSession = dynamicProvider.getSession(session.getWorkspace().getName(), repository);
+ NodeImpl maryNodeDynamic = (NodeImpl) dynamicSession.getItem(maryNode.getPath());
+
+ maryNodeDynamic.addNode("test2");
+ maryNodeDynamic.save();
+ fail("Dynamic session with membership '*:/platform/users' should be not add child node with membership '*:/platform/users READ'");
+ }
+ catch (AccessDeniedException e)
+ {
+ //ok
+ }
+
+ //check remove
+ try
+ {
+ dynamicSession = dynamicProvider.getSession(session.getWorkspace().getName(), repository);
+ NodeImpl maryNodeDynamic = (NodeImpl) dynamicSession.getItem(maryNode.getPath());
+
+ maryNodeDynamic.getNode("test").remove();
+ maryNodeDynamic.save();
+ fail("Dynamic session with membership '*:/platform/users' should be not remove child node with membership '*:/platform/users READ'");
+ }
+ catch (AccessDeniedException e)
+ {
+ //ok
+ }
+ }
+
+ public void testCreateSystemSessionProviderAfterDynamic() throws Exception
+ {
+ // System only node.
+ NodeImpl systemNode = (NodeImpl) testRoot.addNode("system_dynamic");
+ systemNode.addMixin("exo:privilegeable");
+
+ systemNode.setPermission("*:/platform/users", new String[]
+ {PermissionType.READ});
+ systemNode.removePermission(session.getUserID());
+ testRoot.save();
+
+
+ //Dynamic session successful read
+ List<AccessControlEntry> accessControlEntries = new ArrayList<AccessControlEntry>();
+ accessControlEntries.add(new AccessControlEntry("*:/platform/users", "READ"));
+ SessionProvider dynamicProvider = SessionProvider.createProvider(accessControlEntries);
+
+ Session dynamicSession = null;
+
+ //check get
+ try
+ {
+ dynamicSession = dynamicProvider.getSession(session.getWorkspace().getName(), repository);
+ NodeImpl maryNodeDynamic = (NodeImpl) dynamicSession.getItem(systemNode.getPath());
+ //ok
+ }
+ catch (AccessDeniedException e)
+ {
+ e.printStackTrace();
+ fail("Dynamic session with membership '*:/platform/users' should read node with membership '*:/platform/users'. Exception message : "
+ + e.getMessage());
+ }
+
+ //System provider successful read
+ SessionProvider systemProvider = SessionProvider.createSystemProvider();
+ Session systemSession = null;
+ try
+ {
+ systemSession = systemProvider.getSession(session.getWorkspace().getName(), repository);
+ NodeImpl systemNodeOverSystemSession = (NodeImpl) systemSession.getItem(systemNode.getPath());
+ //ok
+ }
+ catch (AccessDeniedException e)
+ {
+ e.printStackTrace();
+ fail("System session should read node with membership '*:/platform/users'. Exception message : "
+ + e.getMessage());
+ }
+
+ //check remove
+ try
+ {
+ systemSession = systemProvider.getSession(session.getWorkspace().getName(), repository);
+ NodeImpl systemNodeOverSystemSession = (NodeImpl) systemSession.getItem(systemNode.getPath());
+
+ systemNodeOverSystemSession.remove();
+ systemSession.save();
+ //ok
+ }
+ catch (AccessDeniedException e)
+ {
+ fail("System session should remove node with membership '*:/platform/users'.");
+ }
+
+ }
+}
Added: jcr/branches/1.12.x/patch/1.12.10-GA/JCR-1636/readme.txt
===================================================================
--- jcr/branches/1.12.x/patch/1.12.10-GA/JCR-1636/readme.txt (rev 0)
+++ jcr/branches/1.12.x/patch/1.12.10-GA/JCR-1636/readme.txt 2011-08-11 10:41:11 UTC (rev 4738)
@@ -0,0 +1,78 @@
+Summary
+
+ * Status: Allow to create sessions from ACLs
+ * CCP Issue: CCP-1032, Product Jira Issue: JCR-1636.
+ * Complexity: Low
+
+The Proposal
+Problem description
+
+What is the problem to fix?
+In authenticated mode, there's a request to cache contents and share the cache for all users. We need to retrieve the contents first then we use a portlet cache to cache the resulting markup and share it between users.
+
+We have three ways to retrieve contents from the JCR :
+
+ * System: if we use this, we will end up with contents visible by unauthorized users
+ * User session: if we use this, the first to access the contents will cache the results. Thus, the resulting markup is based on the first user to access them. The resulting effect is like the System session, we end up with possible visible contents, not authorized for some users.
+ * Anonymous: The last one, if we're authenticated, we can still create an anonymous session. But, we will then see the "public" contents only (with "Any READ" permission). For an intranet need, it's not enough. Most of the time, a folder will contain public contents ("Any READ") and intranet contents ("*:/platform/users READ"). Thus, when authenticated, you see more contents than in public mode.
+
+So, the request is to be able for WCM Services to create a fake session (like we do with the anonymous one)
+Here is a proposal of a possible call:
+SessionProvider.createProvider(List<AccessControlEntry> accessList);
+accessList==null or empty: anonymous session
+ACL = {"*:/platform/users READ"} => we have a private session
+
+Fix description
+
+How is the problem fixed?
+
+ * Create session with custom set of ACL
+
+Patch file: JCR-1636.patch
+
+Tests to perform
+
+Reproduction test
+* N/A
+
+Tests performed at DevLevel
+
+ * Functional tests
+
+Tests performed at QA/Support Level
+*
+Documentation changes
+
+Documentation changes:
+ * No
+Configuration changes
+
+Configuration changes:
+
+ * No
+
+Will previous configuration continue to work?
+
+ * Yes
+
+Risks and impacts
+
+Can this bug fix have any side effects on current client projects?
+
+ * No
+
+Is there a performance risk/cost?
+
+ * No
+
+Validation (PM/Support/QA)
+
+PM Comment
+* Patch approved
+
+Support Comment
+*
+
+QA Feedbacks
+*
+
More information about the exo-jcr-commits
mailing list