Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEike Stepper2013-01-26 05:22:51 -0500
committerEike Stepper2013-01-26 05:29:31 -0500
commit89fe2240f8e4b66754832bc7b4e3df0a5c50fd2e (patch)
tree1c63ee7c204ffa6485e820ec2ae01ab4e29d8c4b
parent2a224d522dedb8c4aaa37dfecfee0b3a3feb8621 (diff)
downloadcdo-89fe2240f8e4b66754832bc7b4e3df0a5c50fd2e.tar.gz
cdo-89fe2240f8e4b66754832bc7b4e3df0a5c50fd2e.tar.xz
cdo-89fe2240f8e4b66754832bc7b4e3df0a5c50fd2e.zip
[399159] Various enhancements to the security manager
https://bugs.eclipse.org/bugs/show_bug.cgi?id=399159
-rw-r--r--plugins/org.eclipse.emf.cdo.common/src/org/eclipse/emf/cdo/common/revision/CDORevisionUtil.java85
-rw-r--r--plugins/org.eclipse.emf.cdo.common/src/org/eclipse/emf/cdo/spi/common/revision/BaseCDORevision.java5
-rw-r--r--plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ClassPermissionItemProvider.java65
-rw-r--r--plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/PackagePermissionItemProvider.java68
-rw-r--r--plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ResourcePermissionItemProvider.java14
-rw-r--r--plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ClassPermissionImpl.java3
-rw-r--r--plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/PackagePermissionImpl.java3
-rw-r--r--plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ResourcePermissionImpl.java68
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/META-INF/MANIFEST.MF10
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java64
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/ISecurityManager.java15
11 files changed, 306 insertions, 94 deletions
diff --git a/plugins/org.eclipse.emf.cdo.common/src/org/eclipse/emf/cdo/common/revision/CDORevisionUtil.java b/plugins/org.eclipse.emf.cdo.common/src/org/eclipse/emf/cdo/common/revision/CDORevisionUtil.java
index d16d1ba5f1..b5a8cd9364 100644
--- a/plugins/org.eclipse.emf.cdo.common/src/org/eclipse/emf/cdo/common/revision/CDORevisionUtil.java
+++ b/plugins/org.eclipse.emf.cdo.common/src/org/eclipse/emf/cdo/common/revision/CDORevisionUtil.java
@@ -53,7 +53,7 @@ import java.util.StringTokenizer;
/**
* Various static helper methods for dealing with {@link CDORevision revisions}.
- *
+ *
* @author Eike Stepper
* @apiviz.exclude
*/
@@ -61,13 +61,15 @@ public final class CDORevisionUtil
{
public static final Object UNINITIALIZED = new Uninitialized();
+ private static EAttribute resourceNodeNameAttribute;
+
private CDORevisionUtil()
{
}
/**
* Creates and returns a new memory sensitive revision cache.
- *
+ *
* @since 4.0
*/
public static CDORevisionCache createRevisionCache(boolean supportingAudits, boolean supportingBranches)
@@ -304,35 +306,72 @@ public final class CDORevisionUtil
*/
public static String getResourceNodePath(CDORevision revision, CDORevisionProvider provider)
{
- EAttribute nameFeature = (EAttribute)revision.getEClass().getEStructuralFeature("name");
-
StringBuilder builder = new StringBuilder();
- getResourceNodePath((InternalCDORevision)revision, provider, nameFeature, builder);
-
- builder.insert(0, "/");
- return builder.toString();
+ getResourceNodePath((InternalCDORevision)revision, provider, builder);
+ String string = builder.toString();
+ System.out.println("Path: " + revision + " --> " + string);
+ return string;
}
private static void getResourceNodePath(InternalCDORevision revision, CDORevisionProvider provider,
- EAttribute nameFeature, StringBuilder result)
+ StringBuilder result)
{
- String name = (String)revision.get(nameFeature, 0);
- if (name != null)
+ InternalCDORevision container = getParentRevision(revision, provider);
+ if (container != null)
{
- if (result.length() != 0)
+ getResourceNodePath(container, provider, result);
+ }
+
+ EAttribute attribute = getResourceNodeNameAttribute(revision);
+ if (attribute != null)
+ {
+ int length = result.length();
+ if (length == 0 || result.charAt(length - 1) != '/')
+ {
+ result.append("/");
+ }
+
+ String name = (String)revision.get(attribute, 0);
+ if (name != null) // Exclude root resource
{
- result.insert(0, "/");
+ result.append(name);
}
+ }
+ }
- result.insert(0, name);
+ private static InternalCDORevision getParentRevision(InternalCDORevision revision, CDORevisionProvider provider)
+ {
+ CDOID parentID = (CDOID)revision.getContainerID();
+ if (CDOIDUtil.isNull(parentID))
+ {
+ parentID = revision.getResourceID();
+ if (CDOIDUtil.isNull(parentID))
+ {
+ return null;
+ }
+ else if (parentID.equals(revision.getID()))
+ {
+ // This must be the root resource!
+ return null;
+ }
}
- CDOID folder = (CDOID)revision.getContainerID();
- if (!CDOIDUtil.isNull(folder))
+ return (InternalCDORevision)provider.getRevision(parentID);
+ }
+
+ private static EAttribute getResourceNodeNameAttribute(CDORevision revision)
+ {
+ if (revision.isResourceNode())
{
- InternalCDORevision container = (InternalCDORevision)provider.getRevision(folder);
- getResourceNodePath(container, provider, nameFeature, result);
+ if (CDORevisionUtil.resourceNodeNameAttribute == null)
+ {
+ CDORevisionUtil.resourceNodeNameAttribute = (EAttribute)revision.getEClass().getEStructuralFeature("name");
+ }
+
+ return CDORevisionUtil.resourceNodeNameAttribute;
}
+
+ return null;
}
/**
@@ -357,7 +396,7 @@ public final class CDORevisionUtil
/**
* Dumps {@link CDORevision revisions}, sorted and grouped by {@link CDOBranch branch}, to various output formats and
* targets. Concrete output formats and targets are implemented by subclasses.
- *
+ *
* @since 4.0
* @apiviz.exclude
*/
@@ -412,7 +451,7 @@ public final class CDORevisionUtil
/**
* A {@link AllRevisionsDumper revision dumper} that directs all output to a stream. The concrete output format is
* implemented by subclasses.
- *
+ *
* @author Eike Stepper
* @apiviz.exclude
*/
@@ -433,7 +472,7 @@ public final class CDORevisionUtil
/**
* A {@link Stream revision dumper} that directs all output as plain text to a stream.
- *
+ *
* @author Eike Stepper
* @apiviz.exclude
*/
@@ -483,7 +522,7 @@ public final class CDORevisionUtil
/**
* A {@link Stream revision dumper} that directs all output as HTML text to a stream.
- *
+ *
* @author Eike Stepper
* @apiviz.exclude
*/
@@ -554,7 +593,7 @@ public final class CDORevisionUtil
/**
* Compares {@link CDORevisionKey revision keys} by {@link CDORevision#getID() ID} and
* {@link CDORevision#getVersion() version}.
- *
+ *
* @author Eike Stepper
* @since 4.0
* @apiviz.exclude
diff --git a/plugins/org.eclipse.emf.cdo.common/src/org/eclipse/emf/cdo/spi/common/revision/BaseCDORevision.java b/plugins/org.eclipse.emf.cdo.common/src/org/eclipse/emf/cdo/spi/common/revision/BaseCDORevision.java
index 916add9ead..57b71e4ab0 100644
--- a/plugins/org.eclipse.emf.cdo.common/src/org/eclipse/emf/cdo/spi/common/revision/BaseCDORevision.java
+++ b/plugins/org.eclipse.emf.cdo.common/src/org/eclipse/emf/cdo/spi/common/revision/BaseCDORevision.java
@@ -79,6 +79,11 @@ public abstract class BaseCDORevision extends AbstractCDORevision
private static final byte SET_NOT_NULL_OPCODE = 2;
+ /**
+ * private static final byte READ_PERMISSION_FLAG = 0x01;
+ *
+ * private static final byte WRITE_PERMISSION_FLAG = 0x02;
+ */
private static final byte FROZEN_FLAG = 0x04;
private static final byte UNCHUNKED_FLAG = 0x08;
diff --git a/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ClassPermissionItemProvider.java b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ClassPermissionItemProvider.java
index 5e43cf1e75..0dfd407256 100644
--- a/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ClassPermissionItemProvider.java
+++ b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ClassPermissionItemProvider.java
@@ -2,13 +2,16 @@
*/
package org.eclipse.emf.cdo.security.provider;
+import org.eclipse.emf.cdo.common.model.CDOPackageInfo;
import org.eclipse.emf.cdo.security.Access;
import org.eclipse.emf.cdo.security.ClassPermission;
import org.eclipse.emf.cdo.security.SecurityPackage;
+import org.eclipse.emf.cdo.view.CDOView;
import org.eclipse.emf.common.notify.AdapterFactory;
import org.eclipse.emf.common.notify.Notification;
import org.eclipse.emf.ecore.EClass;
+import org.eclipse.emf.ecore.EClassifier;
import org.eclipse.emf.edit.provider.ComposeableAdapterFactory;
import org.eclipse.emf.edit.provider.IEditingDomainItemProvider;
import org.eclipse.emf.edit.provider.IItemColorProvider;
@@ -21,8 +24,12 @@ import org.eclipse.emf.edit.provider.ITableItemColorProvider;
import org.eclipse.emf.edit.provider.ITableItemFontProvider;
import org.eclipse.emf.edit.provider.ITableItemLabelProvider;
import org.eclipse.emf.edit.provider.ITreeItemContentProvider;
+import org.eclipse.emf.edit.provider.ItemPropertyDescriptor;
+import java.util.ArrayList;
import java.util.Collection;
+import java.util.Collections;
+import java.util.Comparator;
import java.util.List;
/**
@@ -68,17 +75,59 @@ public class ClassPermissionItemProvider extends PermissionItemProvider implemen
* This adds a property descriptor for the Applicable Class feature.
* <!-- begin-user-doc -->
* <!-- end-user-doc -->
- * @generated
+ * @generated NOT
*/
protected void addApplicableClassPropertyDescriptor(Object object)
{
- itemPropertyDescriptors
- .add(createItemPropertyDescriptor(((ComposeableAdapterFactory)adapterFactory).getRootAdapterFactory(),
- getResourceLocator(),
- getString("_UI_ClassPermission_applicableClass_feature"), //$NON-NLS-1$
- getString(
- "_UI_PropertyDescriptor_description", "_UI_ClassPermission_applicableClass_feature", "_UI_ClassPermission_type"), //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
- SecurityPackage.Literals.CLASS_PERMISSION__APPLICABLE_CLASS, true, false, true, null, null, null));
+ itemPropertyDescriptors.add(new ItemPropertyDescriptor(((ComposeableAdapterFactory)adapterFactory)
+ .getRootAdapterFactory(), getResourceLocator(), getString("_UI_ClassPermission_applicableClass_feature"),
+ getString("_UI_PropertyDescriptor_description", "_UI_ClassPermission_applicableClass_feature",
+ "_UI_ClassPermission_type"), SecurityPackage.Literals.CLASS_PERMISSION__APPLICABLE_CLASS, true, false,
+ true, null, null, null)
+ {
+ @Override
+ public Collection<?> getChoiceOfValues(Object object)
+ {
+ if (object instanceof ClassPermission)
+ {
+ ClassPermission classPermission = (ClassPermission)object;
+ CDOView view = classPermission.cdoView();
+ if (view != null)
+ {
+ List<EClass> result = new ArrayList<EClass>();
+ for (CDOPackageInfo packageInfo : view.getSession().getPackageRegistry().getPackageInfos())
+ {
+ for (EClassifier classifier : packageInfo.getEPackage().getEClassifiers())
+ {
+ if (classifier instanceof EClass)
+ {
+ result.add((EClass)classifier);
+
+ }
+ }
+ }
+
+ Collections.sort(result, new Comparator<EClass>()
+ {
+ public int compare(EClass c1, EClass c2)
+ {
+ int comparison = c1.getName().compareTo(c2.getName());
+ if (comparison == 0)
+ {
+ comparison = c1.getEPackage().getNsURI().compareTo(c2.getEPackage().getNsURI());
+ }
+
+ return comparison;
+ }
+ });
+
+ return result;
+ }
+ }
+
+ return super.getChoiceOfValues(object);
+ }
+ });
}
/**
diff --git a/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/PackagePermissionItemProvider.java b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/PackagePermissionItemProvider.java
index 98b1126a61..de517979a3 100644
--- a/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/PackagePermissionItemProvider.java
+++ b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/PackagePermissionItemProvider.java
@@ -2,12 +2,15 @@
*/
package org.eclipse.emf.cdo.security.provider;
-import org.eclipse.emf.cdo.security.PackagePermission;
+import org.eclipse.emf.cdo.common.model.CDOPackageInfo;
import org.eclipse.emf.cdo.security.Access;
+import org.eclipse.emf.cdo.security.PackagePermission;
import org.eclipse.emf.cdo.security.SecurityPackage;
+import org.eclipse.emf.cdo.view.CDOView;
import org.eclipse.emf.common.notify.AdapterFactory;
import org.eclipse.emf.common.notify.Notification;
+import org.eclipse.emf.ecore.EPackage;
import org.eclipse.emf.edit.provider.ComposeableAdapterFactory;
import org.eclipse.emf.edit.provider.IEditingDomainItemProvider;
import org.eclipse.emf.edit.provider.IItemColorProvider;
@@ -20,8 +23,12 @@ import org.eclipse.emf.edit.provider.ITableItemColorProvider;
import org.eclipse.emf.edit.provider.ITableItemFontProvider;
import org.eclipse.emf.edit.provider.ITableItemLabelProvider;
import org.eclipse.emf.edit.provider.ITreeItemContentProvider;
+import org.eclipse.emf.edit.provider.ItemPropertyDescriptor;
+import java.util.ArrayList;
import java.util.Collection;
+import java.util.Collections;
+import java.util.Comparator;
import java.util.List;
/**
@@ -67,17 +74,46 @@ public class PackagePermissionItemProvider extends PermissionItemProvider implem
* This adds a property descriptor for the Applicable Package feature.
* <!-- begin-user-doc -->
* <!-- end-user-doc -->
- * @generated
+ * @generated NOT
*/
protected void addApplicablePackagePropertyDescriptor(Object object)
{
- itemPropertyDescriptors
- .add(createItemPropertyDescriptor(((ComposeableAdapterFactory)adapterFactory).getRootAdapterFactory(),
- getResourceLocator(),
- getString("_UI_PackagePermission_applicablePackage_feature"), //$NON-NLS-1$
- getString(
- "_UI_PropertyDescriptor_description", "_UI_PackagePermission_applicablePackage_feature", "_UI_PackagePermission_type"), //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
- SecurityPackage.Literals.PACKAGE_PERMISSION__APPLICABLE_PACKAGE, true, false, true, null, null, null));
+ itemPropertyDescriptors.add(new ItemPropertyDescriptor(((ComposeableAdapterFactory)adapterFactory)
+ .getRootAdapterFactory(), getResourceLocator(), getString("_UI_PackagePermission_applicablePackage_feature"),
+ getString("_UI_PropertyDescriptor_description", "_UI_PackagePermission_applicablePackage_feature",
+ "_UI_PackagePermission_type"), SecurityPackage.Literals.PACKAGE_PERMISSION__APPLICABLE_PACKAGE, true,
+ false, true, null, null, null)
+ {
+ @Override
+ public Collection<?> getChoiceOfValues(Object object)
+ {
+ if (object instanceof PackagePermission)
+ {
+ PackagePermission packagePermission = (PackagePermission)object;
+ CDOView view = packagePermission.cdoView();
+ if (view != null)
+ {
+ List<EPackage> result = new ArrayList<EPackage>();
+ for (CDOPackageInfo packageInfo : view.getSession().getPackageRegistry().getPackageInfos())
+ {
+ result.add(packageInfo.getEPackage());
+ }
+
+ Collections.sort(result, new Comparator<EPackage>()
+ {
+ public int compare(EPackage p1, EPackage p2)
+ {
+ return p1.getNsURI().compareTo(p2.getNsURI());
+ }
+ });
+
+ return result;
+ }
+ }
+
+ return super.getChoiceOfValues(object);
+ }
+ });
}
/**
@@ -107,15 +143,21 @@ public class PackagePermissionItemProvider extends PermissionItemProvider implem
* This returns the label text for the adapted class.
* <!-- begin-user-doc -->
* <!-- end-user-doc -->
- * @generated
+ * @generated NOT
*/
@Override
public String getText(Object object)
{
Access labelValue = ((PackagePermission)object).getAccess();
- String label = labelValue == null ? null : labelValue.toString();
- return label == null || label.length() == 0 ? getString("_UI_PackagePermission_type") : //$NON-NLS-1$
- getString("_UI_PackagePermission_type") + " " + label; //$NON-NLS-1$ //$NON-NLS-2$
+ EPackage applicablePackage = ((PackagePermission)object).getApplicablePackage();
+ String label = labelValue == null ? "?" : labelValue.toString(); //$NON-NLS-1$
+
+ if (applicablePackage != null)
+ {
+ label += " " + applicablePackage.getName(); //$NON-NLS-1$
+ }
+
+ return label == null || label.length() == 0 ? getString("_UI_PackagePermission_type") : label; //$NON-NLS-1$
}
/**
diff --git a/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ResourcePermissionItemProvider.java b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ResourcePermissionItemProvider.java
index 15383a360c..03ee1c1b47 100644
--- a/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ResourcePermissionItemProvider.java
+++ b/plugins/org.eclipse.emf.cdo.security.edit/src/org/eclipse/emf/cdo/security/provider/ResourcePermissionItemProvider.java
@@ -111,15 +111,21 @@ public class ResourcePermissionItemProvider extends PermissionItemProvider imple
* This returns the label text for the adapted class.
* <!-- begin-user-doc -->
* <!-- end-user-doc -->
- * @generated
+ * @generated NOT
*/
@Override
public String getText(Object object)
{
Access labelValue = ((ResourcePermission)object).getAccess();
- String label = labelValue == null ? null : labelValue.toString();
- return label == null || label.length() == 0 ? getString("_UI_ResourcePermission_type") : //$NON-NLS-1$
- getString("_UI_ResourcePermission_type") + " " + label; //$NON-NLS-1$ //$NON-NLS-2$
+ String pattern = ((ResourcePermission)object).getPattern();
+ String label = labelValue == null ? "?" : labelValue.toString(); //$NON-NLS-1$
+
+ if (pattern != null)
+ {
+ label += " " + pattern; //$NON-NLS-1$
+ }
+
+ return label == null || label.length() == 0 ? getString("_UI_ResourcePermission_type") : label; //$NON-NLS-1$
}
/**
diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ClassPermissionImpl.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ClassPermissionImpl.java
index 9e8fece2a3..6e871dcabe 100644
--- a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ClassPermissionImpl.java
+++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ClassPermissionImpl.java
@@ -74,6 +74,9 @@ public class ClassPermissionImpl extends PermissionImpl implements ClassPermissi
eSet(SecurityPackage.Literals.CLASS_PERMISSION__APPLICABLE_CLASS, newApplicableClass);
}
+ /**
+ * @ADDED
+ */
public boolean isApplicable(CDORevision revision, CDORevisionProvider revisionProvider, CDOBranchPoint securityContext)
{
EClass actualClass = revision.getEClass();
diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/PackagePermissionImpl.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/PackagePermissionImpl.java
index 5144a2de10..717986e5fa 100644
--- a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/PackagePermissionImpl.java
+++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/PackagePermissionImpl.java
@@ -75,6 +75,9 @@ public class PackagePermissionImpl extends PermissionImpl implements PackagePerm
eSet(SecurityPackage.Literals.PACKAGE_PERMISSION__APPLICABLE_PACKAGE, newApplicablePackage);
}
+ /**
+ * @ADDED
+ */
public boolean isApplicable(CDORevision revision, CDORevisionProvider revisionProvider, CDOBranchPoint securityContext)
{
EPackage actualPackage = revision.getEClass().getEPackage();
diff --git a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ResourcePermissionImpl.java b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ResourcePermissionImpl.java
index 037ad10bd2..f8e26b42a2 100644
--- a/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ResourcePermissionImpl.java
+++ b/plugins/org.eclipse.emf.cdo.security/src/org/eclipse/emf/cdo/security/impl/ResourcePermissionImpl.java
@@ -18,7 +18,6 @@ import org.eclipse.emf.cdo.security.ResourcePermission;
import org.eclipse.emf.cdo.security.SecurityPackage;
import org.eclipse.emf.ecore.EClass;
-import org.eclipse.emf.ecore.EStructuralFeature;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -39,6 +38,14 @@ import java.util.regex.PatternSyntaxException;
*/
public class ResourcePermissionImpl extends PermissionImpl implements ResourcePermission
{
+ /**
+ * @ADDED
+ */
+ private static final Pattern OMNI_PATTERN = Pattern.compile(".*");
+
+ /**
+ * @ADDED
+ */
private Pattern pattern;
/**
@@ -82,17 +89,41 @@ public class ResourcePermissionImpl extends PermissionImpl implements ResourcePe
eSet(SecurityPackage.Literals.RESOURCE_PERMISSION__PATTERN, newPattern);
}
- @Override
- public void eSet(EStructuralFeature eFeature, Object newValue)
+ /**
+ * @ADDED
+ */
+ public boolean isApplicable(CDORevision revision, CDORevisionProvider revisionProvider, CDOBranchPoint securityContext)
{
- super.eSet(eFeature, newValue);
- if (eFeature == SecurityPackage.Literals.RESOURCE_PERMISSION__PATTERN)
+ if (pattern == null)
+ {
+ String str = getPattern();
+ pattern = compilePattern(str);
+
+ if (pattern == null)
+ {
+ return false;
+ }
+ }
+
+ if (pattern == OMNI_PATTERN)
+ {
+ return true;
+ }
+
+ if (revisionProvider == null)
{
- String value = (String)newValue;
- pattern = compilePattern(value);
+ return false;
}
+
+ String path = CDORevisionUtil.getResourceNodePath(revision, revisionProvider);
+
+ Matcher matcher = pattern.matcher(path);
+ return matcher.matches();
}
+ /**
+ * @ADDED
+ */
private Pattern compilePattern(String value)
{
if (value == null)
@@ -100,6 +131,11 @@ public class ResourcePermissionImpl extends PermissionImpl implements ResourcePe
return null;
}
+ if (value.equals(OMNI_PATTERN.pattern()))
+ {
+ return OMNI_PATTERN;
+ }
+
try
{
return Pattern.compile(value);
@@ -110,22 +146,4 @@ public class ResourcePermissionImpl extends PermissionImpl implements ResourcePe
}
}
- public boolean isApplicable(CDORevision revision, CDORevisionProvider revisionProvider, CDOBranchPoint securityContext)
- {
- if (pattern == null)
- {
- return false;
- }
-
- if (revisionProvider == null)
- {
- return false;
- }
-
- String path = CDORevisionUtil.getResourceNodePath(revision, revisionProvider);
-
- Matcher matcher = pattern.matcher(path);
- return matcher.matches();
- }
-
} // ResourcePermissionImpl
diff --git a/plugins/org.eclipse.emf.cdo.server.security/META-INF/MANIFEST.MF b/plugins/org.eclipse.emf.cdo.server.security/META-INF/MANIFEST.MF
index 4f15b1b5df..7cdd9de33a 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/META-INF/MANIFEST.MF
+++ b/plugins/org.eclipse.emf.cdo.server.security/META-INF/MANIFEST.MF
@@ -2,7 +2,7 @@ Manifest-Version: 1.0
Bundle-ManifestVersion: 2
Bundle-SymbolicName: org.eclipse.emf.cdo.server.security;singleton:=true
Bundle-Name: %pluginName
-Bundle-Version: 4.1.100.qualifier
+Bundle-Version: 4.2.0.qualifier
Bundle-ClassPath: .
Bundle-Vendor: %providerName
Bundle-Localization: plugin
@@ -12,15 +12,15 @@ Require-Bundle: org.eclipse.core.runtime;bundle-version="[3.4.0,4.0.0)",
org.eclipse.emf.cdo.security;bundle-version="[4.1.0,5.0.0)",
org.eclipse.emf.cdo.net4j;bundle-version="[4.1.0,5.0.0)",
org.eclipse.net4j.jvm;bundle-version="[4.1.0,5.0.0)"
-Export-Package: org.eclipse.emf.cdo.server.internal.security;version="4.1.100";
+Export-Package: org.eclipse.emf.cdo.server.internal.security;version="4.2.0";
x-friends:="org.eclipse.emf.cdo.tests,
org.eclipse.emf.cdo.tests.db,
org.eclipse.emf.cdo.tests.db4o,
org.eclipse.emf.cdo.tests.hibernate,
org.eclipse.emf.cdo.tests.mongodb,
org.eclipse.emf.cdo.tests.objectivity",
- org.eclipse.emf.cdo.server.internal.security.bundle;version="4.1.100";x-internal:=true,
- org.eclipse.emf.cdo.server.security;version="4.1.100",
- org.eclipse.emf.cdo.server.spi.security;version="4.1.100"
+ org.eclipse.emf.cdo.server.internal.security.bundle;version="4.2.0";x-internal:=true,
+ org.eclipse.emf.cdo.server.security;version="4.2.0",
+ org.eclipse.emf.cdo.server.spi.security;version="4.2.0"
Bundle-ActivationPolicy: lazy
Bundle-Activator: org.eclipse.emf.cdo.server.internal.security.bundle.OM$Activator
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
index a86ee4d351..980a7ccabd 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
@@ -11,6 +11,7 @@
package org.eclipse.emf.cdo.server.internal.security;
import org.eclipse.emf.cdo.common.branch.CDOBranchPoint;
+import org.eclipse.emf.cdo.common.commit.CDOCommitInfo;
import org.eclipse.emf.cdo.common.model.EMFUtil;
import org.eclipse.emf.cdo.common.revision.CDORevision;
import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
@@ -44,6 +45,7 @@ import org.eclipse.emf.cdo.spi.server.InternalRepository;
import org.eclipse.emf.cdo.spi.server.InternalSessionManager;
import org.eclipse.emf.cdo.transaction.CDOTransaction;
import org.eclipse.emf.cdo.util.CommitException;
+import org.eclipse.emf.cdo.view.CDOView;
import org.eclipse.net4j.Net4jUtil;
import org.eclipse.net4j.acceptor.IAcceptor;
@@ -58,10 +60,12 @@ import org.eclipse.net4j.util.lifecycle.LifecycleUtil;
import org.eclipse.net4j.util.om.monitor.OMMonitor;
import org.eclipse.net4j.util.security.IAuthenticator;
+import org.eclipse.emf.common.util.EList;
import org.eclipse.emf.ecore.EClass;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -98,7 +102,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
private final IManagedContainer container;
- private final Map<String, User> users = new HashMap<String, User>();
+ private final Map<String, User> users = Collections.synchronizedMap(new HashMap<String, User>());
private InternalRepository repository;
@@ -108,7 +112,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
private CDONet4jSession session;
- private CDOTransaction transaction;
+ private CDOView view;
private Realm realm;
@@ -171,22 +175,19 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
public User getUser(String id)
{
- synchronized (users)
+ User item = users.get(id);
+ if (item == null)
{
- User item = users.get(id);
+ item = realm.getUser(id);
if (item == null)
{
- item = realm.getUser(id);
- if (item == null)
- {
- throw new SecurityException("User " + id + " not found");
- }
-
- users.put(id, item);
+ throw new SecurityException("User " + id + " not found");
}
- return item;
+ users.put(id, item);
}
+
+ return item;
}
public Role addRole(final String id)
@@ -291,8 +292,19 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
return result[0];
}
+ public void read(RealmOperation operation)
+ {
+ checkActive();
+ operation.execute(realm);
+ }
+
public void modify(RealmOperation operation)
{
+ modify(operation, false);
+ }
+
+ public void modify(RealmOperation operation, boolean waitUntilReadable)
+ {
checkActive();
CDOTransaction transaction = session.openTransaction();
@@ -300,7 +312,12 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
{
Realm transactionRealm = transaction.getObject(realm);
operation.execute(transactionRealm);
- transaction.commit();
+ CDOCommitInfo commit = transaction.commit();
+
+ if (waitUntilReadable)
+ {
+ view.waitForUpdate(commit.getTimeStamp());
+ }
}
catch (CommitException ex)
{
@@ -401,9 +418,10 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
CDONet4jSessionConfiguration config = CDONet4jUtil.createNet4jSessionConfiguration();
config.setConnector(connector);
config.setRepositoryName(repositoryName);
+ config.setUserID(SYSTEM_USER_ID);
session = config.openNet4jSession();
- transaction = session.openTransaction();
+ CDOTransaction transaction = session.openTransaction();
boolean firstTime = !transaction.hasResource(realmPath);
if (firstTime)
@@ -428,6 +446,13 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
{
throw WrappedException.wrap(ex);
}
+ finally
+ {
+ transaction.close();
+ }
+
+ view = session.openView();
+ realm = view.getObject(realm);
InternalSessionManager sessionManager = repository.getSessionManager();
sessionManager.setAuthenticator(authenticator);
@@ -518,7 +543,8 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
return result;
}
- for (Permission permission : user.getAllPermissions())
+ EList<Permission> allPermissions = user.getAllPermissions();
+ for (Permission permission : allPermissions)
{
CDOPermission p = convertPermission(permission.getAccess());
if (p.ordinal() <= result.ordinal())
@@ -555,7 +581,7 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
session.close();
session = null;
- transaction = null;
+ view = null;
connector.close();
connector = null;
@@ -591,6 +617,12 @@ public class SecurityManager extends Lifecycle implements InternalSecurityManage
{
public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, String userID)
{
+ if (SYSTEM_USER_ID.equals(userID))
+ {
+ // TODO Should we also check for access to the /security resource (the realm)?
+ return CDOPermission.WRITE;
+ }
+
User user = getUser(userID);
InternalCDORevisionManager revisionManager = repository.getRevisionManager();
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/ISecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/ISecurityManager.java
index 53118d3c31..889b2ff2c3 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/ISecurityManager.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/ISecurityManager.java
@@ -24,13 +24,28 @@ import org.eclipse.emf.cdo.server.IRepository;
*/
public interface ISecurityManager extends SecurityItemContainer
{
+ /**
+ * @since 4.2
+ */
+ public static final String SYSTEM_USER_ID = IRepository.SYSTEM_USER_ID;
+
public IRepository getRepository();
public Realm getRealm();
+ /**
+ * @since 4.2
+ */
+ public void read(RealmOperation operation);
+
public void modify(RealmOperation operation);
/**
+ * @since 4.2
+ */
+ public void modify(RealmOperation operation, boolean waitUntilReadable);
+
+ /**
* Modifies a security {@link Realm realm} in a safe transaction.
*
* @author Eike Stepper

Back to the top