Skip to content

Commit

Permalink
OAK-7024 java.security.acl deprecated in Java 10, marked for removal …
Browse files Browse the repository at this point in the history 
…in Java 11

git-svn-id: https://svn.apache.org/repos/asf/jackrabbit/oak/trunk@1827239 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
@stillalex
stillalex committed Mar 19, 2018
1 parent 2959c45 commit 75fa2b3
Show file tree
Hide file tree
Showing 43 changed files with 535 additions and 299 deletions.
54 changes: 19 additions & 35 deletions ...k/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProvider.java
View file
Expand Up @@ -17,7 +17,6 @@
package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal;

import java.security.Principal;
import java.security.acl.Group;
import java.text.ParseException;
import java.util.Collection;
import java.util.Collections;
Expand All @@ -41,6 +40,8 @@
import com.google.common.collect.Iterables;
import com.google.common.collect.Iterators;
import com.google.common.collect.Sets;

import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
Expand All @@ -59,6 +60,7 @@
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalIdentityConstants;
import org.apache.jackrabbit.oak.spi.security.principal.GroupPrincipals;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
Expand All @@ -69,7 +71,7 @@

/**
* Implementation of the {@code PrincipalProvider} interface that exposes
* 'external' principals of type {@link java.security.acl.Group}. 'External'
* 'external' principals of type {@link org.apache.jackrabbit.oak.spi.security.principal.GroupPrincipal}. 'External'
* refers to the fact that these principals are defined and managed by an
* {@link org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider}.
*
Expand Down Expand Up @@ -125,8 +127,8 @@ public Principal getPrincipal(@Nonnull String principalName) {

@Nonnull
@Override
public Set<Group> getGroupMembership(@Nonnull Principal principal) {
if (!(principal instanceof Group)) {
public Set<Principal> getMembershipPrincipals(@Nonnull Principal principal) {
if (!GroupPrincipals.isGroup(principal)) {
try {
if (principal instanceof ItemBasedPrincipal) {
Tree t = root.getTree(((ItemBasedPrincipal) principal).getPath());
Expand Down Expand Up @@ -183,7 +185,7 @@ private String getIdpName(@Nonnull Tree userTree) {
}
}

private Set<Group> getGroupPrincipals(@CheckForNull Authorizable authorizable) throws RepositoryException {
private Set<Principal> getGroupPrincipals(@CheckForNull Authorizable authorizable) throws RepositoryException {
if (authorizable != null && !authorizable.isGroup()) {
Tree userTree = root.getTree(authorizable.getPath());
return getGroupPrincipals(userTree);
Expand All @@ -192,12 +194,12 @@ private Set<Group> getGroupPrincipals(@CheckForNull Authorizable authorizable) t
}
}

private Set<Group> getGroupPrincipals(@Nonnull Tree userTree) {
private Set<Principal> getGroupPrincipals(@Nonnull Tree userTree) {
if (userTree.exists() && UserUtil.isType(userTree, AuthorizableType.USER) && userTree.hasProperty(REP_EXTERNAL_PRINCIPAL_NAMES)) {
PropertyState ps = userTree.getProperty(REP_EXTERNAL_PRINCIPAL_NAMES);
if (ps != null) {
// we have an 'external' user that has been synchronized with the dynamic-membership option
Set<Group> groupPrincipals = Sets.newHashSet();
Set<Principal> groupPrincipals = Sets.newHashSet();
for (String principalName : ps.getValue(Type.STRINGS)) {
groupPrincipals.add(new ExternalGroupPrincipal(principalName));
}
Expand Down Expand Up @@ -270,34 +272,16 @@ private Result findPrincipals(@Nonnull String nameHint, boolean exactMatch) {
* identities that are <strong>not</strong> represented as authorizable group
* in the repository's user management.
*/
private final class ExternalGroupPrincipal extends PrincipalImpl implements java.security.acl.Group {
private final class ExternalGroupPrincipal extends PrincipalImpl implements GroupPrincipal {

private ExternalGroupPrincipal(String principalName) {
super(principalName);

}

@Override
public boolean addMember(Principal user) {
if (isMember(user)) {
return false;
} else {
throw new UnsupportedOperationException("Adding members to external group principals is not supported.");
}
}

@Override
public boolean removeMember(Principal user) {
if (!isMember(user)) {
return false;
} else {
throw new UnsupportedOperationException("Removing members from external group principals is not supported.");
}
}

@Override
public boolean isMember(Principal member) {
if (member instanceof Group) {
if (GroupPrincipals.isGroup(member)) {
return false;
}
try {
Expand Down Expand Up @@ -438,35 +422,35 @@ protected Principal getNext() {
private final class AutoMembershipPrincipals {

private final Map<String, String[]> autoMembershipMapping;
private final Map<String, Set<Group>> principalMap;
private final Map<String, Set<Principal>> principalMap;

private AutoMembershipPrincipals(@Nonnull Map<String, String[]> autoMembershipMapping) {
this.autoMembershipMapping = autoMembershipMapping;
this.principalMap = new ConcurrentHashMap<String, Set<Group>>(autoMembershipMapping.size());
this.principalMap = new ConcurrentHashMap<String, Set<Principal>>(autoMembershipMapping.size());
}

@Nonnull
private Collection<Group> get(@CheckForNull String idpName) {
private Collection<Principal> get(@CheckForNull String idpName) {
if (idpName == null) {
return ImmutableSet.of();
}

Set<Group> principals;
Set<Principal> principals;
if (!principalMap.containsKey(idpName)) {
String[] vs = autoMembershipMapping.get(idpName);
if (vs == null) {
principals = ImmutableSet.of();
} else {
ImmutableSet.Builder<Group> builder = ImmutableSet.builder();
ImmutableSet.Builder<Principal> builder = ImmutableSet.builder();
for (String groupId : autoMembershipMapping.get(idpName)) {
try {
Authorizable gr = userManager.getAuthorizable(groupId);
if (gr != null && gr.isGroup()) {
Principal grPrincipal = gr.getPrincipal();
if (grPrincipal instanceof Group) {
builder.add((Group) grPrincipal);
if (GroupPrincipals.isGroup(grPrincipal)) {
builder.add(grPrincipal);
} else {
log.warn("Principal of group {} is not of type java.security.acl.Group -> Ignoring", groupId);
log.warn("Principal of group {} is not of group type -> Ignoring", groupId);
}
} else {
log.warn("Configured auto-membership group {} does not exist -> Ignoring", groupId);
Expand Down
1 change: 0 additions & 1 deletion ...k/spi/security/authentication/external/impl/principal/ExternalPrincipalConfiguration.java
View file
Expand Up @@ -19,7 +19,6 @@
import static org.apache.jackrabbit.oak.spi.security.RegistrationConstants.OAK_SECURITY_NAME;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
Expand Down
10 changes: 6 additions & 4 deletions ...rabbit/oak/spi/security/authentication/external/impl/principal/AbstractPrincipalTest.java
View file
Expand Up @@ -24,6 +24,8 @@
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;

import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
Expand Down Expand Up @@ -80,19 +82,19 @@ protected DefaultSyncConfig createSyncConfig() {
return config;
}

java.security.acl.Group getGroupPrincipal() throws Exception {
GroupPrincipal getGroupPrincipal() throws Exception {
ExternalUser externalUser = idp.getUser(USER_ID);
return getGroupPrincipal(externalUser.getDeclaredGroups().iterator().next());
}

java.security.acl.Group getGroupPrincipal(@Nonnull ExternalIdentityRef ref) throws Exception {
GroupPrincipal getGroupPrincipal(@Nonnull ExternalIdentityRef ref) throws Exception {
String principalName = idp.getIdentity(ref).getPrincipalName();
Principal p = principalProvider.getPrincipal(principalName);

assertNotNull(p);
assertTrue(p instanceof java.security.acl.Group);
assertTrue(p instanceof GroupPrincipal);

return (java.security.acl.Group) p;
return (GroupPrincipal) p;
}

Group createTestGroup() throws Exception {
Expand Down
28 changes: 15 additions & 13 deletions ...i/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.java
View file
Expand Up @@ -27,6 +27,8 @@
import com.google.common.base.Function;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;

import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
Expand Down Expand Up @@ -134,7 +136,7 @@ public void testGetPrincipalDynamicGroup() throws Exception {
Principal principal = principalProvider.getPrincipal(princName);

assertNotNull(principal);
assertTrue(principal instanceof java.security.acl.Group);
assertTrue(principal instanceof GroupPrincipal);
}
}

Expand Down Expand Up @@ -194,18 +196,18 @@ public void testGetPrincipalGroupsWithQueryWildCard() throws Exception {

@Test
public void testGetGroupMembershipLocalPrincipal() throws Exception {
Set<? extends Principal> principals = principalProvider.getGroupMembership(getTestUser().getPrincipal());
Set<? extends Principal> principals = principalProvider.getMembershipPrincipals(getTestUser().getPrincipal());
assertTrue(principals.isEmpty());
}

@Test
public void testGetGroupMembershipLocalGroupPrincipal() throws Exception {
Group gr = createTestGroup();
Set<? extends Principal> principals = principalProvider.getGroupMembership(gr.getPrincipal());
Set<? extends Principal> principals = principalProvider.getMembershipPrincipals(gr.getPrincipal());
assertTrue(principals.isEmpty());

// same if the principal is not marked as 'java.security.acl.Group' and not tree-based-principal
principals = principalProvider.getGroupMembership(new PrincipalImpl(gr.getPrincipal().getName()));
// same if the principal is not marked as 'GroupPrincipal' and not tree-based-principal
principals = principalProvider.getMembershipPrincipals(new PrincipalImpl(gr.getPrincipal().getName()));
assertTrue(principals.isEmpty());
}

Expand All @@ -216,7 +218,7 @@ public void testGetGroupMembershipExternalUser() throws Exception {

Set<Principal> expected = getExpectedGroupPrincipals(USER_ID);

Set<? extends Principal> principals = principalProvider.getGroupMembership(user.getPrincipal());
Set<? extends Principal> principals = principalProvider.getMembershipPrincipals(user.getPrincipal());
assertEquals(expected, principals);
}

Expand All @@ -228,7 +230,7 @@ public void testGetGroupMembershipExternalUser2() throws Exception {
Set<Principal> expected = getExpectedGroupPrincipals(USER_ID);

// same as in test before even if the principal is not a tree-based-principal
Set<? extends Principal> principals = principalProvider.getGroupMembership(new PrincipalImpl(user.getPrincipal().getName()));
Set<? extends Principal> principals = principalProvider.getMembershipPrincipals(new PrincipalImpl(user.getPrincipal().getName()));
assertEquals(expected, principals);
}

Expand All @@ -238,7 +240,7 @@ public void testGetGroupMembershipDefaultSync() throws Exception {
Authorizable user = getUserManager(root).getAuthorizable(TestIdentityProvider.ID_SECOND_USER);
assertNotNull(user);

Set<? extends Principal> principals = principalProvider.getGroupMembership(user.getPrincipal());
Set<? extends Principal> principals = principalProvider.getMembershipPrincipals(user.getPrincipal());
assertTrue(principals.isEmpty());
}

Expand All @@ -249,7 +251,7 @@ public void testGetGroupMembershipDefaultSync2() throws Exception {
assertNotNull(user);

// same as in test before even if the principal is not a tree-based-principal
Set<? extends Principal> principals = principalProvider.getGroupMembership(new PrincipalImpl(user.getPrincipal().getName()));
Set<? extends Principal> principals = principalProvider.getMembershipPrincipals(new PrincipalImpl(user.getPrincipal().getName()));
assertTrue(principals.isEmpty());
}

Expand All @@ -258,11 +260,11 @@ public void testGetGroupMembershipExternalGroup() throws Exception {
Authorizable group = getUserManager(root).getAuthorizable("secondGroup");
assertNotNull(group);

Set<? extends Principal> principals = principalProvider.getGroupMembership(group.getPrincipal());
Set<? extends Principal> principals = principalProvider.getMembershipPrincipals(group.getPrincipal());
assertTrue(principals.isEmpty());

// same if the principal is not marked as 'java.security.acl.Group' and not tree-based-principal
principals = principalProvider.getGroupMembership(new PrincipalImpl(group.getPrincipal().getName()));
// same if the principal is not marked as 'GroupPrincipal' and not tree-based-principal
principals = principalProvider.getMembershipPrincipals(new PrincipalImpl(group.getPrincipal().getName()));
assertTrue(principals.isEmpty());
}

Expand Down Expand Up @@ -377,7 +379,7 @@ public void testFindPrincipalsFiltersDuplicates() throws Exception {
ExternalUser otherUser = new TestUser("anotherUser", ImmutableSet.of(gr.getExternalId()));
sync(otherUser);

Set<Principal> expected = new HashSet();
Set<Principal> expected = new HashSet<>();
expected.add(new PrincipalImpl(gr.getPrincipalName()));
long depth = syncConfig.user().getMembershipNestingDepth();
if (depth > 1) {
Expand Down
36 changes: 7 additions & 29 deletions ...t/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalTest.java
View file
Expand Up @@ -23,6 +23,8 @@
import com.google.common.base.Function;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Iterables;

import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
Expand All @@ -38,15 +40,15 @@ public class ExternalGroupPrincipalTest extends AbstractPrincipalTest {
@Test
public void testIsMember() throws Exception {
ExternalUser externalUser = idp.getUser(USER_ID);
java.security.acl.Group principal = getGroupPrincipal(externalUser.getDeclaredGroups().iterator().next());
GroupPrincipal principal = getGroupPrincipal(externalUser.getDeclaredGroups().iterator().next());

assertTrue(principal.isMember(new PrincipalImpl(externalUser.getPrincipalName())));
assertTrue(principal.isMember(getUserManager(root).getAuthorizable(USER_ID).getPrincipal()));
}

@Test
public void testIsMemberExternalGroup() throws Exception {
java.security.acl.Group principal = getGroupPrincipal();
GroupPrincipal principal = getGroupPrincipal();

Iterable<String> exGroupPrincNames = Iterables.transform(ImmutableList.copyOf(idp.listGroups()), new Function<ExternalGroup, String>() {
@Nullable
Expand All @@ -63,7 +65,7 @@ public String apply(ExternalGroup input) {

@Test
public void testIsMemberLocalUser() throws Exception {
java.security.acl.Group principal = getGroupPrincipal();
GroupPrincipal principal = getGroupPrincipal();

assertFalse(principal.isMember(getTestUser().getPrincipal()));
assertFalse(principal.isMember(new PrincipalImpl(getTestUser().getPrincipal().getName())));
Expand All @@ -72,39 +74,15 @@ public void testIsMemberLocalUser() throws Exception {
@Test
public void testIsMemberLocalGroup() throws Exception {
Group gr = createTestGroup();
java.security.acl.Group principal = getGroupPrincipal();
GroupPrincipal principal = getGroupPrincipal();

assertFalse(principal.isMember(gr.getPrincipal()));
assertFalse(principal.isMember(new PrincipalImpl(gr.getPrincipal().getName())));
}

@Test(expected = UnsupportedOperationException.class)
public void testAddMember() throws Exception {
java.security.acl.Group principal = getGroupPrincipal();
principal.addMember(getTestUser().getPrincipal());
}

@Test
public void testAddMemberExistingMember() throws Exception {
java.security.acl.Group principal = getGroupPrincipal();
assertFalse(principal.addMember(getUserManager(root).getAuthorizable(USER_ID).getPrincipal()));
}

@Test(expected = UnsupportedOperationException.class)
public void testRemoveMember() throws Exception {
java.security.acl.Group principal = getGroupPrincipal();
principal.removeMember(getUserManager(root).getAuthorizable(USER_ID).getPrincipal());
}

@Test
public void testRemoveMemberNotMember() throws Exception {
java.security.acl.Group principal = getGroupPrincipal();
assertFalse(principal.removeMember(getTestUser().getPrincipal()));
}

@Test
public void testMembers() throws Exception {
java.security.acl.Group principal = getGroupPrincipal();
GroupPrincipal principal = getGroupPrincipal();

Principal[] expectedMembers = new Principal[] {
getUserManager(root).getAuthorizable(USER_ID).getPrincipal(),
Expand Down
2 changes: 1 addition & 1 deletion .../security/authentication/external/impl/principal/PrincipalProviderAutoMembershipTest.java
View file
Expand Up @@ -107,7 +107,7 @@ public void testGetGroupPrincipals() throws Exception {

Authorizable user = getUserManager(root).getAuthorizable(USER_ID);

Set<java.security.acl.Group> result = principalProvider.getGroupMembership(user.getPrincipal());
Set<Principal> result = principalProvider.getMembershipPrincipals(user.getPrincipal());
assertTrue(result.contains(userAutoMembershipGroup.getPrincipal()));
assertTrue(result.contains(groupAutoMembershipGroup.getPrincipal()));
assertEquals(expected, result);
Expand Down

0 comments on commit 75fa2b3

Please sign in to comment.