From 312741de89a31e0df34589e16b1c2612ded6ebd5 Mon Sep 17 00:00:00 2001 From: Manfred Baedke Date: Mon, 9 Dec 2024 18:24:11 +0100 Subject: [PATCH 01/10] OAK-11199 getSubject is supported only if a security manager is allowed --- .../external/impl/jmx/Delegatee.java | 3 +- .../external/AbstractExternalAuthTest.java | 3 +- .../ExternalIdentityImporterTest.java | 3 +- ...ssControlManagerLimitedSystemUserTest.java | 3 +- .../impl/ReadablePathsAccessControlTest.java | 15 +-- .../oak/benchmark/AbstractTest.java | 3 +- .../jackrabbit/oak/benchmark/CugOakTest.java | 3 +- .../oak/benchmark/LoginSystemTest.java | 3 +- .../oak/commons/Java23Compatability.java | 93 +++++++++++++++++++ .../ChangeCollectorProviderTest.java | 3 +- .../LoginContextProviderImplTest.java | 3 +- .../security/authentication/PreAuthTest.java | 13 +-- .../user/LoginModuleImplTest.java | 3 +- .../RepoPolicyTreePermissionTest.java | 3 +- .../user/CacheValidatorProviderTest.java | 3 +- .../user/CachedGroupPrincipalTest.java | 3 +- .../CachedPrincipalMembershipReaderTest.java | 3 +- .../user/PasswordExpiryAdminTest.java | 3 +- .../security/user/UserInitializerTest.java | 5 +- .../UserPrincipalProviderWithCacheTest.java | 3 +- .../authentication/preauthentication.md | 2 +- .../jackrabbit/j2ee/IndexInitializer.java | 3 +- .../authentication/L9_NullLoginTest.java | 3 +- .../AbstractPrincipalBasedTest.java | 3 +- .../oak/composite/blueGreen/Persistence.java | 3 +- oak-security-spi/pom.xml | 5 + .../authentication/AbstractLoginModule.java | 3 +- 27 files changed, 159 insertions(+), 37 deletions(-) create mode 100644 oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java diff --git a/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java index cf8157a3bec..6c7b3b70d92 100644 --- a/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java +++ b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java @@ -23,6 +23,7 @@ import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.plugins.value.jcr.ValueFactoryImpl; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; @@ -107,7 +108,7 @@ static Delegatee createInstance(@NotNull final ContentRepository repository, int batchSize) { ContentSession systemSession; try { - systemSession = Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repository.login(null, null)); + systemSession = Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repository.login(null, null)); } catch (PrivilegedActionException e) { throw new SyncRuntimeException(ERROR_CREATE_DELEGATEE, e); } diff --git a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java index 3fdc930c3a9..7acbf318491 100644 --- a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java +++ b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java @@ -27,6 +27,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.commons.collections.CollectionUtils; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; @@ -213,7 +214,7 @@ protected DefaultSyncHandler registerSyncHandler(@NotNull Map sy @NotNull protected Root getSystemRoot() throws Exception { if (systemRoot == null) { - systemSession = Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null)); + systemSession = Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null)); systemRoot = systemSession.getLatestRoot(); } return systemRoot; diff --git a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java index c46e3a951cb..2a587a01c67 100644 --- a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java +++ b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java @@ -27,6 +27,7 @@ import javax.security.auth.Subject; import org.apache.jackrabbit.api.JackrabbitRepository; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.jcr.Jcr; import org.apache.jackrabbit.oak.query.QueryEngineSettings; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; @@ -88,7 +89,7 @@ private static void shutdown(Repository repo) { Session createSession(Repository repo, boolean isSystem) throws Exception { if (isSystem) { - return Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null)); + return Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null)); } else { return repo.login(new SimpleCredentials(UserConstants.DEFAULT_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID.toCharArray())); } diff --git a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java index da697b6625c..56a0d9ca2e1 100644 --- a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java +++ b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java @@ -20,6 +20,7 @@ import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.oak.api.AuthInfo; import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; @@ -62,7 +63,7 @@ Root createTestRoot() throws Exception { Set principals = Set.of(testPrincipal); AuthInfo authInfo = new AuthInfoImpl(UID, Collections.emptyMap(), principals); Subject subject = new Subject(true, principals, Set.of(authInfo), Set.of()); - return Subject.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null).getLatestRoot(), null); + return Java23Compatability.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null).getLatestRoot(), null); } void grant(@NotNull Principal principal, @Nullable String path, @NotNull String... privNames) throws Exception { diff --git a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java index 68b68cd4728..86c80aecf27 100644 --- a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java +++ b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java @@ -22,6 +22,7 @@ import org.apache.jackrabbit.JcrConstants; import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager; import org.apache.jackrabbit.oak.api.ContentSession; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.commons.collections.CollectionUtils; import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration; @@ -84,7 +85,7 @@ private Subject getTestSubject() { @Test public void testHasPrivilege() throws Exception { - try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Compatability.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Set principals = Collections.singleton(testPrincipal); @@ -99,7 +100,7 @@ public void testHasPrivilege() throws Exception { @Test public void testNotHasPrivilege() throws Exception { - try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Compatability.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Set principals = Collections.singleton(testPrincipal); @@ -140,7 +141,7 @@ public void testNotHasPrivilegePrincipal() throws Exception { @Test public void testGetPrivileges() throws Exception { - try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Compatability.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Privilege[] expected = privilegesFromNames(JCR_READ); @@ -152,7 +153,7 @@ public void testGetPrivileges() throws Exception { @Test(expected = PathNotFoundException.class) public void testGetPrivilegesAtRoot() throws Exception { - try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Compatability.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); testAcMgr.getPrivileges(ROOT_PATH); } @@ -186,7 +187,7 @@ public void testGetEffectivePoliciesNullPath() throws Exception { @Test(expected = AccessDeniedException.class) public void testGetEffectivePoliciesLimitedAccess() throws Exception { - try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Compatability.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); testAcMgr.getEffectivePolicies(readablePaths.next()); } @@ -201,7 +202,7 @@ public void testGetEffectivePoliciesLimitedAccess2() throws Exception { root.commit(); // test-session can read-ac at readable path but cannot access principal-based policy - try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Compatability.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Set effective = ImmutableSet.copyOf(testAcMgr.getEffectivePolicies(path)); @@ -220,7 +221,7 @@ public void testGetEffectivePoliciesLimitedAccess3() throws Exception { root.commit(); // test-session can read-ac at readable path and at principal-based policy - try (ContentSession cs = Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Compatability.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Set effective = CollectionUtils.toSet(testAcMgr.getEffectivePolicies(path)); diff --git a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java index ce8264b7d75..cac3dc66cc4 100644 --- a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java +++ b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java @@ -37,6 +37,7 @@ import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.math3.stat.descriptive.DescriptiveStatistics; import org.apache.commons.math3.stat.descriptive.SynchronizedDescriptiveStatistics; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.commons.Profiler; import org.apache.jackrabbit.oak.fixture.RepositoryFixture; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; @@ -588,7 +589,7 @@ protected Session systemLogin() { protected Session loginSubject(@NotNull Subject subject) { try { - return Subject.doAsPrivileged(subject, new PrivilegedExceptionAction() { + return Java23Compatability.doAsPrivileged(subject, new PrivilegedExceptionAction() { @Override public Session run() throws Exception { return getRepository().login(null, null); diff --git a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java index 53ad214caf9..3e417f46885 100644 --- a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java +++ b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java @@ -29,6 +29,7 @@ import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.fixture.JcrCreator; import org.apache.jackrabbit.oak.fixture.OakRepositoryFixture; import org.apache.jackrabbit.oak.fixture.RepositoryFixture; @@ -89,7 +90,7 @@ protected void runTest() throws Exception { if (singleSession) { readSession = cs; } else { - readSession = Subject.doAs(subject, new PrivilegedAction() { + readSession = Java23Compatability.doAs(subject, new PrivilegedAction() { @Override public ContentSession run() { try { diff --git a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java index 5e3d2911033..a072d5c0a1a 100644 --- a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java +++ b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java @@ -25,6 +25,7 @@ import javax.security.auth.Subject; import org.apache.jackrabbit.core.security.SystemPrincipal; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; @@ -46,7 +47,7 @@ public void beforeSuite() throws Exception { public void runTest() throws RepositoryException { for (int i = 0; i < COUNT; i++) { try { - Subject.doAsPrivileged(subject, new PrivilegedExceptionAction() { + Java23Compatability.doAsPrivileged(subject, new PrivilegedExceptionAction() { @Override public Session run() throws Exception { return getRepository().login(null, null); diff --git a/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java new file mode 100644 index 00000000000..322169ac0bf --- /dev/null +++ b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java @@ -0,0 +1,93 @@ +package org.apache.jackrabbit.oak.commons; + +import javax.security.auth.Subject; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; +import java.util.concurrent.Callable; + +public class Java23Compatability { + + static Method current, callAs; + + static { + try { + current = Subject.class.getMethod("current", Subject.class); + callAs = Subject.class.getMethod("callAs", Subject.class, Callable.class); + } catch (NoSuchMethodException ignored) {} + } + + public static Subject getSubject() { + Subject result; + if (current != null) { + try { + result = (Subject) current.invoke(null); + } catch (InvocationTargetException | IllegalAccessException e) { + throw new SecurityException(e); + } + } else { + result = Subject.getSubject(AccessController.getContext()); + } + return result; + } + + public static T doAs(Subject subject, PrivilegedAction action) { + T result; + if (callAs != null) { + try { + result = (T) callAs.invoke(subject, action); + } catch (InvocationTargetException | IllegalAccessException e) { + throw new SecurityException(e); + } + } else { + result = Subject.doAs(subject, action); + } + return result; + } + + public static T doAsPrivileged(Subject subject, PrivilegedAction action, AccessControlContext acc) { + T result; + if (callAs != null) { + try { + result = (T) callAs.invoke(subject, action); + } catch (InvocationTargetException | IllegalAccessException e) { + throw new SecurityException(e); + } + } else { + result = Subject.doAsPrivileged(subject, action, acc); + } + return result; + } + + public static T doAs(Subject subject, PrivilegedExceptionAction action) throws PrivilegedActionException { + T result; + if (callAs != null) { + try { + result = (T) callAs.invoke(subject, action); + } catch (InvocationTargetException | IllegalAccessException e) { + throw new SecurityException(e); + } + } else { + result = Subject.doAs(subject, action); + } + return result; + } + + public static T doAsPrivileged(Subject subject, PrivilegedExceptionAction action, AccessControlContext acc) throws PrivilegedActionException { + T result; + if (callAs != null) { + try { + result = (T) callAs.invoke(subject, action); + } catch (InvocationTargetException | IllegalAccessException e) { + throw new SecurityException(e); + } + } else { + result = Subject.doAsPrivileged(subject, action, acc); + } + return result; + } +} diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java index 21c4630ddcc..64c8d075d83 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java @@ -48,6 +48,7 @@ import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.InitialContent; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder; import org.apache.jackrabbit.oak.spi.commit.CommitContext; import org.apache.jackrabbit.oak.spi.commit.CommitInfo; @@ -142,7 +143,7 @@ public void setup() throws PrivilegedActionException, CommitFailedException { .with(getSecurityProvider()); contentRepository = oak.createContentRepository(); - session = Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { + session = Java23Compatability.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { @Override public ContentSession run() throws LoginException, NoSuchWorkspaceException { return contentRepository.login(null, null); diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java index c94b7076f86..d04f8aed4de 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java @@ -33,6 +33,7 @@ import javax.security.auth.login.LoginException; import org.apache.jackrabbit.oak.AbstractSecurityTest; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration; import org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule; @@ -121,7 +122,7 @@ public void getLoginContextWithoutCredentials() throws Exception { @Test public void testGetPreAuthLoginContext() { Subject subject = new Subject(true, Set.of(), Set.of(), Set.of()); - LoginContext ctx = Subject.doAs(subject, (PrivilegedAction) () -> { + LoginContext ctx = Java23Compatability.doAs(subject, (PrivilegedAction) () -> { try { return lcProvider.getLoginContext(null, null); } catch (LoginException e) { diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java index 57577fa5981..e7f5e6d6e94 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java @@ -30,6 +30,7 @@ import org.apache.jackrabbit.oak.AbstractSecurityTest; import org.apache.jackrabbit.oak.api.AuthInfo; import org.apache.jackrabbit.oak.api.ContentSession; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; import org.jetbrains.annotations.Nullable; @@ -66,7 +67,7 @@ public AppConfigurationEntry[] getAppConfigurationEntry(String s) { @Test public void testValidSubject() throws Exception { final Subject subject = new Subject(true, principals, Collections.emptySet(), Collections.emptySet()); - ContentSession cs = Subject.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Compatability.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { @@ -93,7 +94,7 @@ public void testValidSubject() throws Exception { public void testValidSubjectWithCredentials() throws Exception { Set publicCreds = Collections.singleton(new SimpleCredentials("testUserId", new char[0])); final Subject subject = new Subject(false, principals, publicCreds, Collections.emptySet()); - ContentSession cs = Subject.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Compatability.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { @@ -120,7 +121,7 @@ public void testValidSubjectWithCredentials() throws Exception { public void testValidReadSubjectWithCredentials() throws Exception { Set publicCreds = Collections.singleton(new SimpleCredentials("testUserId", new char[0])); final Subject subject = new Subject(true, principals, publicCreds, Collections.emptySet()); - ContentSession cs = Subject.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Compatability.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { @@ -148,7 +149,7 @@ public void testValidSubjectWithAuthInfo() throws Exception { AuthInfo info = new AuthInfoImpl("testUserId", Collections.emptyMap(), Collections.emptySet()); Set publicCreds = Collections.singleton(info); final Subject subject = new Subject(false, Collections.singleton(new TestPrincipal()), publicCreds, Collections.emptySet()); - ContentSession cs = Subject.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Compatability.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { @@ -171,7 +172,7 @@ public void testValidSubjectWithAuthInfo() throws Exception { @Test public void testSubjectAndCredentials() throws Exception { final Subject subject = new Subject(true, principals, Collections.emptySet(), Collections.emptySet()); - ContentSession cs = Subject.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Compatability.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { ContentSession cs; @@ -204,7 +205,7 @@ public void testNullLogin() throws Exception { @Test public void testSystemSubject() throws Exception { - ContentSession cs = Subject.doAsPrivileged(SystemSubject.INSTANCE, new PrivilegedAction() { + ContentSession cs = Java23Compatability.doAsPrivileged(SystemSubject.INSTANCE, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java index 6f2e98a4926..209623d434e 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java @@ -26,6 +26,7 @@ import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.commons.junit.LogCustomizer; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder; @@ -674,7 +675,7 @@ public void testCommitReadOnlySubject() throws Exception { public void testLoginLogoutPreexistingReadonlySubject() throws Exception { createTestUser(); Subject subject = new Subject(true, Collections.singleton(() -> "JMXPrincipal: foo"), Collections.EMPTY_SET, Collections.EMPTY_SET); - Subject.doAs(subject, (PrivilegedExceptionAction) () -> { + Java23Compatability.doAs(subject, (PrivilegedExceptionAction) () -> { LogCustomizer logCustomizer = LogCustomizer .forLogger("org.apache.jackrabbit.oak.core.ContentSessionImpl") .enable(Level.ERROR) diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java index d9364352865..d0aee10b180 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java @@ -30,6 +30,7 @@ import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.plugins.memory.EmptyNodeState; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; @@ -77,7 +78,7 @@ public void before() throws Exception { accessSession = createTestSession(); Subject notAllowedSubject = new Subject(true, Set.of(EveryonePrincipal.getInstance()), Set.of(), Set.of()); - noAccessSession = Subject.doAs(notAllowedSubject, (PrivilegedAction) () -> { + noAccessSession = Java23Compatability.doAs(notAllowedSubject, (PrivilegedAction) () -> { try { return getContentRepository().login(null, null); } catch (Exception e) { diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java index 41d72d61503..d5ee958b1bf 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java @@ -27,6 +27,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; @@ -89,7 +90,7 @@ private Tree getAuthorizableTree(@NotNull Authorizable authorizable) throws Repo private Tree getCache(@NotNull Authorizable authorizable) throws Exception { // Creating CachedMembershipReader as this is the only class allowed to write in rep:cache - try (ContentSession cs = Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null))) { + try (ContentSession cs = Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null))) { Root r = cs.getLatestRoot(); Tree n = r.getTree(authorizable.getPath()); CachedMembershipReader reader = new CachedPrincipalMembershipReader( diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java index ab8d02941d7..5706dbb2c35 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java @@ -24,6 +24,7 @@ import org.apache.jackrabbit.oak.AbstractSecurityTest; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; @@ -112,7 +113,7 @@ protected ConfigurationParameters getSecurityConfigParameters() { private ContentSession getSystemSession() throws Exception { if (systemSession == null) { - systemSession = Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); + systemSession = Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); } return systemSession; } diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java index e3059a87bfc..90b6a641b50 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java @@ -60,6 +60,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.commons.junit.LogCustomizer; import org.apache.jackrabbit.oak.spi.security.user.cache.CachedMembershipReader; import org.apache.jackrabbit.oak.spi.security.user.cache.CacheLoader; @@ -204,7 +205,7 @@ protected ConfigurationParameters getSecurityConfigParameters() { private Root getSystemRoot() throws Exception { if (systemSession == null) { - systemSession = Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); + systemSession = Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); } return systemSession.getLatestRoot(); } diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java index 179892d196c..e24207d3e08 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java @@ -23,6 +23,7 @@ import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager; import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; @@ -73,7 +74,7 @@ protected ConfigurationParameters getSecurityConfigParameters() { @Override protected ContentSession createAdminSession(@NotNull ContentRepository repository) { try { - return Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repository.login(null, null)); + return Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repository.login(null, null)); } catch (PrivilegedActionException e) { throw new RuntimeException(e); } diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java index 6e47ff5fcc0..445bcd99307 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java @@ -27,6 +27,7 @@ import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.plugins.index.IndexConstants; @@ -173,7 +174,7 @@ public void testAdminConfiguration() throws Exception { .with(sp) .createContentRepository(); - try (ContentSession cs = Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null))) { + try (ContentSession cs = Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null))) { Root root = cs.getLatestRoot(); UserConfiguration uc = sp.getConfiguration(UserConfiguration.class); UserManager umgr = uc.getUserManager(root, NamePathMapper.DEFAULT); @@ -210,7 +211,7 @@ public void testAnonymousConfiguration() throws Exception { .with(sp) .createContentRepository(); - try (ContentSession cs = Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null))) { + try (ContentSession cs = Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null))) { Root root = cs.getLatestRoot(); UserConfiguration uc = sp.getConfiguration(UserConfiguration.class); UserManager umgr = uc.getUserManager(root, NamePathMapper.DEFAULT); diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java index bbe8179dc68..d8be995daf2 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java @@ -28,6 +28,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.apache.jackrabbit.oak.security.principal.AbstractPrincipalProviderTest; @@ -111,7 +112,7 @@ private PrincipalProvider createPrincipalProvider(Root root) { private ContentSession getSystemSession() throws Exception { if (systemSession == null) { - systemSession = Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); + systemSession = Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); } return systemSession; } diff --git a/oak-doc/src/site/markdown/security/authentication/preauthentication.md b/oak-doc/src/site/markdown/security/authentication/preauthentication.md index b958ab77692..774c39659d9 100644 --- a/oak-doc/src/site/markdown/security/authentication/preauthentication.md +++ b/oak-doc/src/site/markdown/security/authentication/preauthentication.md @@ -137,7 +137,7 @@ Example how to use this type of pre-authentication: Subject subject = new Subject(true, principals, Collections.singleton(authInfo), Collections.emptySet()); Session session; try { - session = Subject.doAsPrivileged(subject, new PrivilegedExceptionAction() { + session = Java23Compatability.doAsPrivileged(subject, new PrivilegedExceptionAction() { @Override public Session run() throws Exception { return login(null, null); diff --git a/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java b/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java index 0808528ce91..8f7f83a1bea 100644 --- a/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java +++ b/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java @@ -34,6 +34,7 @@ import org.apache.jackrabbit.JcrConstants; import org.apache.jackrabbit.commons.JcrUtils; import org.apache.jackrabbit.oak.api.AuthInfo; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.plugins.index.IndexConstants; import org.apache.jackrabbit.oak.plugins.index.lucene.LuceneIndexConstants; import org.apache.jackrabbit.oak.plugins.index.search.FulltextIndexConstants; @@ -119,7 +120,7 @@ public String getName() { Subject subject = new Subject(true, singleton(admin), singleton(authInfo), Collections.emptySet()); Session adminSession; try { - adminSession = Subject.doAsPrivileged(subject, new PrivilegedExceptionAction() { + adminSession = Java23Compatability.doAsPrivileged(subject, new PrivilegedExceptionAction() { @Override public Session run() throws Exception { return repository.login(); diff --git a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java index 5b722e9d0df..f4103287518 100644 --- a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java +++ b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java @@ -25,6 +25,7 @@ import javax.security.auth.Subject; import javax.security.auth.login.Configuration; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.test.AbstractJCRTest; /** @@ -112,7 +113,7 @@ public void testSuccessfulNullLogin() throws Exception { Subject subject = null; String expectedId = null; - testSession = Subject.doAs(subject, new PrivilegedExceptionAction() { + testSession = Java23Compatability.doAs(subject, new PrivilegedExceptionAction() { @Override public Session run() throws RepositoryException { return repository.login(null, null); diff --git a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java index f788f99736a..463a25a7ad3 100644 --- a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java +++ b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java @@ -25,6 +25,7 @@ import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.oak.AbstractSecurityTest; import org.apache.jackrabbit.oak.api.ContentSession; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.composite.MountInfoProviderService; import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration; @@ -167,6 +168,6 @@ static PrincipalAccessControlList getApplicablePrincipalAccessControlList(@NotNu @NotNull ContentSession getTestSession(@NotNull Principal... principals) throws Exception { Subject subject = new Subject(true, ImmutableSet.copyOf(principals), Set.of(), Set.of()); - return Subject.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null); + return Java23Compatability.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null); } } \ No newline at end of file diff --git a/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java b/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java index 039a43e5c48..290fd7d83ac 100644 --- a/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java +++ b/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java @@ -50,6 +50,7 @@ import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.composite.CompositeNodeStore; import org.apache.jackrabbit.oak.jcr.Jcr; import org.apache.jackrabbit.oak.namepath.NamePathMapper; @@ -286,7 +287,7 @@ private static void setupPermissions(ContentRepository repo, SecurityProvider securityProvider) throws RepositoryException { ContentSession cs = null; try { - cs = Subject.doAsPrivileged(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { + cs = Java23Compatability.doAsPrivileged(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { @Override public ContentSession run() throws Exception { return repo.login(null, null); diff --git a/oak-security-spi/pom.xml b/oak-security-spi/pom.xml index 8c0680beff1..a0109aebeab 100644 --- a/oak-security-spi/pom.xml +++ b/oak-security-spi/pom.xml @@ -109,6 +109,11 @@ oak-jackrabbit-api ${project.version} + + org.apache.jackrabbit + oak-commons + ${project.version} + org.apache.jackrabbit oak-shaded-guava diff --git a/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java b/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java index 0f334ac6672..41a3b00d5a0 100644 --- a/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java +++ b/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java @@ -42,6 +42,7 @@ import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; @@ -475,7 +476,7 @@ protected Root getRoot() { final ContentRepository repository = rcb.getContentRepository(); if (repository != null) { - systemSession = Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { + systemSession = Java23Compatability.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { @Override public ContentSession run() throws LoginException, NoSuchWorkspaceException { return repository.login(null, rcb.getWorkspaceName()); From 3b915bb19958737d2db8543b5c565615ff134799 Mon Sep 17 00:00:00 2001 From: Manfred Baedke Date: Mon, 9 Dec 2024 18:44:23 +0100 Subject: [PATCH 02/10] OAK-11199 getSubject is supported only if a security manager is allowed Completed refactoring --- .../oak/security/authentication/LoginContextProviderImpl.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java b/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java index b2fc75d1607..09d4e01604c 100644 --- a/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java +++ b/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java @@ -27,6 +27,7 @@ import javax.security.auth.login.LoginException; import org.apache.jackrabbit.oak.api.ContentRepository; +import org.apache.jackrabbit.oak.commons.Java23Compatability; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil; @@ -94,7 +95,7 @@ public LoginContext getLoginContext(Credentials credentials, String workspaceNam private static Subject getSubject() { Subject subject = null; try { - subject = Subject.getSubject(AccessController.getContext()); + subject = Java23Compatability.getSubject(); } catch (SecurityException e) { log.debug("Can't check for pre-authenticated subject. Reason: {}", e.getMessage()); } From 4f58242f01042552a4d0946262a7717f047e7f80 Mon Sep 17 00:00:00 2001 From: Manfred Baedke Date: Mon, 9 Dec 2024 19:05:36 +0100 Subject: [PATCH 03/10] OAK-11199 getSubject is supported only if a security manager is allowed Fixed broken parameter list. --- .../org/apache/jackrabbit/oak/commons/Java23Compatability.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java index 322169ac0bf..9f4f0daff6f 100644 --- a/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java +++ b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java @@ -16,7 +16,7 @@ public class Java23Compatability { static { try { - current = Subject.class.getMethod("current", Subject.class); + current = Subject.class.getMethod("current"); callAs = Subject.class.getMethod("callAs", Subject.class, Callable.class); } catch (NoSuchMethodException ignored) {} } From 776163212365976bd2048f361c3939d6c44e1476 Mon Sep 17 00:00:00 2001 From: Manfred Baedke Date: Mon, 9 Dec 2024 19:09:54 +0100 Subject: [PATCH 04/10] OAK-11199 getSubject is supported only if a security manager is allowed Fixed broken parameter list --- .../jackrabbit/oak/commons/Java23Compatability.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java index 9f4f0daff6f..07f98f964c8 100644 --- a/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java +++ b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java @@ -39,7 +39,7 @@ public static T doAs(Subject subject, PrivilegedAction action) { T result; if (callAs != null) { try { - result = (T) callAs.invoke(subject, action); + result = (T) callAs.invoke(null, subject, action); } catch (InvocationTargetException | IllegalAccessException e) { throw new SecurityException(e); } @@ -53,7 +53,7 @@ public static T doAsPrivileged(Subject subject, PrivilegedAction action, T result; if (callAs != null) { try { - result = (T) callAs.invoke(subject, action); + result = (T) callAs.invoke(null, subject, action); } catch (InvocationTargetException | IllegalAccessException e) { throw new SecurityException(e); } @@ -67,7 +67,7 @@ public static T doAs(Subject subject, PrivilegedExceptionAction action) t T result; if (callAs != null) { try { - result = (T) callAs.invoke(subject, action); + result = (T) callAs.invoke(null, subject, action); } catch (InvocationTargetException | IllegalAccessException e) { throw new SecurityException(e); } @@ -81,7 +81,7 @@ public static T doAsPrivileged(Subject subject, PrivilegedExceptionAction T result; if (callAs != null) { try { - result = (T) callAs.invoke(subject, action); + result = (T) callAs.invoke(null, subject, action); } catch (InvocationTargetException | IllegalAccessException e) { throw new SecurityException(e); } From d2b7ee6116d841f1fcb0c7875e091c147977c692 Mon Sep 17 00:00:00 2001 From: Manfred Baedke Date: Mon, 9 Dec 2024 19:23:42 +0100 Subject: [PATCH 05/10] OAK-11199 getSubject is supported only if a security manager is allowed Fixed type mismatch --- .../jackrabbit/oak/commons/Java23Compatability.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java index 07f98f964c8..63d88ab2765 100644 --- a/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java +++ b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java @@ -39,7 +39,7 @@ public static T doAs(Subject subject, PrivilegedAction action) { T result; if (callAs != null) { try { - result = (T) callAs.invoke(null, subject, action); + result = (T) callAs.invoke(null, subject, (Callable) () -> action.run()); } catch (InvocationTargetException | IllegalAccessException e) { throw new SecurityException(e); } @@ -53,7 +53,7 @@ public static T doAsPrivileged(Subject subject, PrivilegedAction action, T result; if (callAs != null) { try { - result = (T) callAs.invoke(null, subject, action); + result = (T) callAs.invoke(null, subject, (Callable) () -> action.run()); } catch (InvocationTargetException | IllegalAccessException e) { throw new SecurityException(e); } @@ -67,7 +67,7 @@ public static T doAs(Subject subject, PrivilegedExceptionAction action) t T result; if (callAs != null) { try { - result = (T) callAs.invoke(null, subject, action); + result = (T) callAs.invoke(null, subject, (Callable) () -> action.run()); } catch (InvocationTargetException | IllegalAccessException e) { throw new SecurityException(e); } @@ -81,7 +81,7 @@ public static T doAsPrivileged(Subject subject, PrivilegedExceptionAction T result; if (callAs != null) { try { - result = (T) callAs.invoke(null, subject, action); + result = (T) callAs.invoke(null, subject, (Callable) () -> action.run()); } catch (InvocationTargetException | IllegalAccessException e) { throw new SecurityException(e); } From 7af8b8fe2c4eb7bce4e5c02099050190e9126566 Mon Sep 17 00:00:00 2001 From: Manfred Baedke Date: Fri, 13 Dec 2024 12:16:28 +0100 Subject: [PATCH 06/10] OAK-11199: Java 23: getSubject is supported only if a security manager is allowed Fixed typo. --- .../external/impl/jmx/Delegatee.java | 5 ++--- .../external/AbstractExternalAuthTest.java | 5 ++--- .../principal/ExternalIdentityImporterTest.java | 5 ++--- ...ccessControlManagerLimitedSystemUserTest.java | 4 ++-- .../impl/ReadablePathsAccessControlTest.java | 16 ++++++++-------- .../jackrabbit/oak/benchmark/AbstractTest.java | 4 ++-- .../jackrabbit/oak/benchmark/CugOakTest.java | 4 ++-- .../oak/benchmark/LoginSystemTest.java | 4 ++-- ...mpatability.java => Java23Compatibility.java} | 2 +- .../authentication/LoginContextProviderImpl.java | 5 ++--- .../observation/ChangeCollectorProviderTest.java | 5 ++--- .../LoginContextProviderImplTest.java | 4 ++-- .../oak/security/authentication/PreAuthTest.java | 14 +++++++------- .../authentication/user/LoginModuleImplTest.java | 4 ++-- .../permission/RepoPolicyTreePermissionTest.java | 4 ++-- .../user/CacheValidatorProviderTest.java | 5 ++--- .../security/user/CachedGroupPrincipalTest.java | 5 ++--- .../CachedPrincipalMembershipReaderTest.java | 7 +++---- .../security/user/PasswordExpiryAdminTest.java | 5 ++--- .../oak/security/user/UserInitializerTest.java | 7 +++---- .../user/UserPrincipalProviderWithCacheTest.java | 7 ++----- .../security/authentication/preauthentication.md | 2 +- .../apache/jackrabbit/j2ee/IndexInitializer.java | 4 ++-- .../authentication/L9_NullLoginTest.java | 4 ++-- .../AbstractPrincipalBasedTest.java | 4 ++-- .../oak/composite/blueGreen/Persistence.java | 5 ++--- .../authentication/AbstractLoginModule.java | 4 ++-- 27 files changed, 65 insertions(+), 79 deletions(-) rename oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/{Java23Compatability.java => Java23Compatibility.java} (98%) diff --git a/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java index 6c7b3b70d92..044053a937e 100644 --- a/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java +++ b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java @@ -23,7 +23,7 @@ import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.plugins.value.jcr.ValueFactoryImpl; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; @@ -47,7 +47,6 @@ import org.slf4j.LoggerFactory; import javax.jcr.RepositoryException; -import javax.security.auth.Subject; import java.io.IOException; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; @@ -108,7 +107,7 @@ static Delegatee createInstance(@NotNull final ContentRepository repository, int batchSize) { ContentSession systemSession; try { - systemSession = Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repository.login(null, null)); + systemSession = Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repository.login(null, null)); } catch (PrivilegedActionException e) { throw new SyncRuntimeException(ERROR_CREATE_DELEGATEE, e); } diff --git a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java index 7acbf318491..83dc660b046 100644 --- a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java +++ b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java @@ -27,7 +27,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.commons.collections.CollectionUtils; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; @@ -45,7 +45,6 @@ import org.junit.Rule; import javax.jcr.RepositoryException; -import javax.security.auth.Subject; import java.security.PrivilegedExceptionAction; import java.util.Calendar; import java.util.Collections; @@ -214,7 +213,7 @@ protected DefaultSyncHandler registerSyncHandler(@NotNull Map sy @NotNull protected Root getSystemRoot() throws Exception { if (systemRoot == null) { - systemSession = Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null)); + systemSession = Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null)); systemRoot = systemSession.getLatestRoot(); } return systemRoot; diff --git a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java index 2a587a01c67..208fcc54a97 100644 --- a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java +++ b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java @@ -24,10 +24,9 @@ import javax.jcr.Repository; import javax.jcr.Session; import javax.jcr.SimpleCredentials; -import javax.security.auth.Subject; import org.apache.jackrabbit.api.JackrabbitRepository; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.jcr.Jcr; import org.apache.jackrabbit.oak.query.QueryEngineSettings; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; @@ -89,7 +88,7 @@ private static void shutdown(Repository repo) { Session createSession(Repository repo, boolean isSystem) throws Exception { if (isSystem) { - return Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null)); + return Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null)); } else { return repo.login(new SimpleCredentials(UserConstants.DEFAULT_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID.toCharArray())); } diff --git a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java index 56a0d9ca2e1..83806f112cc 100644 --- a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java +++ b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java @@ -20,7 +20,7 @@ import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.oak.api.AuthInfo; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; @@ -63,7 +63,7 @@ Root createTestRoot() throws Exception { Set principals = Set.of(testPrincipal); AuthInfo authInfo = new AuthInfoImpl(UID, Collections.emptyMap(), principals); Subject subject = new Subject(true, principals, Set.of(authInfo), Set.of()); - return Java23Compatability.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null).getLatestRoot(), null); + return Java23Compatibility.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null).getLatestRoot(), null); } void grant(@NotNull Principal principal, @Nullable String path, @NotNull String... privNames) throws Exception { diff --git a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java index 86c80aecf27..13d7f30ab72 100644 --- a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java +++ b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java @@ -22,7 +22,7 @@ import org.apache.jackrabbit.JcrConstants; import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager; import org.apache.jackrabbit.oak.api.ContentSession; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.commons.collections.CollectionUtils; import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration; @@ -85,7 +85,7 @@ private Subject getTestSubject() { @Test public void testHasPrivilege() throws Exception { - try (ContentSession cs = Java23Compatability.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Compatibility.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Set principals = Collections.singleton(testPrincipal); @@ -100,7 +100,7 @@ public void testHasPrivilege() throws Exception { @Test public void testNotHasPrivilege() throws Exception { - try (ContentSession cs = Java23Compatability.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Compatibility.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Set principals = Collections.singleton(testPrincipal); @@ -141,7 +141,7 @@ public void testNotHasPrivilegePrincipal() throws Exception { @Test public void testGetPrivileges() throws Exception { - try (ContentSession cs = Java23Compatability.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Compatibility.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Privilege[] expected = privilegesFromNames(JCR_READ); @@ -153,7 +153,7 @@ public void testGetPrivileges() throws Exception { @Test(expected = PathNotFoundException.class) public void testGetPrivilegesAtRoot() throws Exception { - try (ContentSession cs = Java23Compatability.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Compatibility.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); testAcMgr.getPrivileges(ROOT_PATH); } @@ -187,7 +187,7 @@ public void testGetEffectivePoliciesNullPath() throws Exception { @Test(expected = AccessDeniedException.class) public void testGetEffectivePoliciesLimitedAccess() throws Exception { - try (ContentSession cs = Java23Compatability.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Compatibility.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); testAcMgr.getEffectivePolicies(readablePaths.next()); } @@ -202,7 +202,7 @@ public void testGetEffectivePoliciesLimitedAccess2() throws Exception { root.commit(); // test-session can read-ac at readable path but cannot access principal-based policy - try (ContentSession cs = Java23Compatability.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Compatibility.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Set effective = ImmutableSet.copyOf(testAcMgr.getEffectivePolicies(path)); @@ -221,7 +221,7 @@ public void testGetEffectivePoliciesLimitedAccess3() throws Exception { root.commit(); // test-session can read-ac at readable path and at principal-based policy - try (ContentSession cs = Java23Compatability.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Compatibility.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Set effective = CollectionUtils.toSet(testAcMgr.getEffectivePolicies(path)); diff --git a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java index cac3dc66cc4..9503c894459 100644 --- a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java +++ b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java @@ -37,7 +37,7 @@ import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.math3.stat.descriptive.DescriptiveStatistics; import org.apache.commons.math3.stat.descriptive.SynchronizedDescriptiveStatistics; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.commons.Profiler; import org.apache.jackrabbit.oak.fixture.RepositoryFixture; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; @@ -589,7 +589,7 @@ protected Session systemLogin() { protected Session loginSubject(@NotNull Subject subject) { try { - return Java23Compatability.doAsPrivileged(subject, new PrivilegedExceptionAction() { + return Java23Compatibility.doAsPrivileged(subject, new PrivilegedExceptionAction() { @Override public Session run() throws Exception { return getRepository().login(null, null); diff --git a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java index 3e417f46885..ee658c4942a 100644 --- a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java +++ b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java @@ -29,7 +29,7 @@ import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.fixture.JcrCreator; import org.apache.jackrabbit.oak.fixture.OakRepositoryFixture; import org.apache.jackrabbit.oak.fixture.RepositoryFixture; @@ -90,7 +90,7 @@ protected void runTest() throws Exception { if (singleSession) { readSession = cs; } else { - readSession = Java23Compatability.doAs(subject, new PrivilegedAction() { + readSession = Java23Compatibility.doAs(subject, new PrivilegedAction() { @Override public ContentSession run() { try { diff --git a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java index a072d5c0a1a..c3bef05da3a 100644 --- a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java +++ b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java @@ -25,7 +25,7 @@ import javax.security.auth.Subject; import org.apache.jackrabbit.core.security.SystemPrincipal; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; @@ -47,7 +47,7 @@ public void beforeSuite() throws Exception { public void runTest() throws RepositoryException { for (int i = 0; i < COUNT; i++) { try { - Java23Compatability.doAsPrivileged(subject, new PrivilegedExceptionAction() { + Java23Compatibility.doAsPrivileged(subject, new PrivilegedExceptionAction() { @Override public Session run() throws Exception { return getRepository().login(null, null); diff --git a/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatibility.java similarity index 98% rename from oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java rename to oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatibility.java index 63d88ab2765..bca3c2a089f 100644 --- a/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatability.java +++ b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatibility.java @@ -10,7 +10,7 @@ import java.security.PrivilegedExceptionAction; import java.util.concurrent.Callable; -public class Java23Compatability { +public class Java23Compatibility { static Method current, callAs; diff --git a/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java b/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java index 09d4e01604c..7d7a37208ad 100644 --- a/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java +++ b/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java @@ -16,7 +16,6 @@ */ package org.apache.jackrabbit.oak.security.authentication; -import java.security.AccessController; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; @@ -27,7 +26,7 @@ import javax.security.auth.login.LoginException; import org.apache.jackrabbit.oak.api.ContentRepository; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil; @@ -95,7 +94,7 @@ public LoginContext getLoginContext(Credentials credentials, String workspaceNam private static Subject getSubject() { Subject subject = null; try { - subject = Java23Compatability.getSubject(); + subject = Java23Compatibility.getSubject(); } catch (SecurityException e) { log.debug("Can't check for pre-authenticated subject. Reason: {}", e.getMessage()); } diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java index 64c8d075d83..c3344548adc 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java @@ -36,7 +36,6 @@ import java.util.Set; import javax.jcr.NoSuchWorkspaceException; -import javax.security.auth.Subject; import javax.security.auth.login.LoginException; import org.apache.jackrabbit.JcrConstants; @@ -48,7 +47,7 @@ import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.InitialContent; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder; import org.apache.jackrabbit.oak.spi.commit.CommitContext; import org.apache.jackrabbit.oak.spi.commit.CommitInfo; @@ -143,7 +142,7 @@ public void setup() throws PrivilegedActionException, CommitFailedException { .with(getSecurityProvider()); contentRepository = oak.createContentRepository(); - session = Java23Compatability.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { + session = Java23Compatibility.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { @Override public ContentSession run() throws LoginException, NoSuchWorkspaceException { return contentRepository.login(null, null); diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java index d04f8aed4de..78f35c2eaf3 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java @@ -33,7 +33,7 @@ import javax.security.auth.login.LoginException; import org.apache.jackrabbit.oak.AbstractSecurityTest; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration; import org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule; @@ -122,7 +122,7 @@ public void getLoginContextWithoutCredentials() throws Exception { @Test public void testGetPreAuthLoginContext() { Subject subject = new Subject(true, Set.of(), Set.of(), Set.of()); - LoginContext ctx = Java23Compatability.doAs(subject, (PrivilegedAction) () -> { + LoginContext ctx = Java23Compatibility.doAs(subject, (PrivilegedAction) () -> { try { return lcProvider.getLoginContext(null, null); } catch (LoginException e) { diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java index e7f5e6d6e94..158e6d3b90d 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java @@ -30,7 +30,7 @@ import org.apache.jackrabbit.oak.AbstractSecurityTest; import org.apache.jackrabbit.oak.api.AuthInfo; import org.apache.jackrabbit.oak.api.ContentSession; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; import org.jetbrains.annotations.Nullable; @@ -67,7 +67,7 @@ public AppConfigurationEntry[] getAppConfigurationEntry(String s) { @Test public void testValidSubject() throws Exception { final Subject subject = new Subject(true, principals, Collections.emptySet(), Collections.emptySet()); - ContentSession cs = Java23Compatability.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Compatibility.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { @@ -94,7 +94,7 @@ public void testValidSubject() throws Exception { public void testValidSubjectWithCredentials() throws Exception { Set publicCreds = Collections.singleton(new SimpleCredentials("testUserId", new char[0])); final Subject subject = new Subject(false, principals, publicCreds, Collections.emptySet()); - ContentSession cs = Java23Compatability.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Compatibility.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { @@ -121,7 +121,7 @@ public void testValidSubjectWithCredentials() throws Exception { public void testValidReadSubjectWithCredentials() throws Exception { Set publicCreds = Collections.singleton(new SimpleCredentials("testUserId", new char[0])); final Subject subject = new Subject(true, principals, publicCreds, Collections.emptySet()); - ContentSession cs = Java23Compatability.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Compatibility.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { @@ -149,7 +149,7 @@ public void testValidSubjectWithAuthInfo() throws Exception { AuthInfo info = new AuthInfoImpl("testUserId", Collections.emptyMap(), Collections.emptySet()); Set publicCreds = Collections.singleton(info); final Subject subject = new Subject(false, Collections.singleton(new TestPrincipal()), publicCreds, Collections.emptySet()); - ContentSession cs = Java23Compatability.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Compatibility.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { @@ -172,7 +172,7 @@ public void testValidSubjectWithAuthInfo() throws Exception { @Test public void testSubjectAndCredentials() throws Exception { final Subject subject = new Subject(true, principals, Collections.emptySet(), Collections.emptySet()); - ContentSession cs = Java23Compatability.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Compatibility.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { ContentSession cs; @@ -205,7 +205,7 @@ public void testNullLogin() throws Exception { @Test public void testSystemSubject() throws Exception { - ContentSession cs = Java23Compatability.doAsPrivileged(SystemSubject.INSTANCE, new PrivilegedAction() { + ContentSession cs = Java23Compatibility.doAsPrivileged(SystemSubject.INSTANCE, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java index 209623d434e..04e67a44756 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java @@ -26,7 +26,7 @@ import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.commons.junit.LogCustomizer; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder; @@ -675,7 +675,7 @@ public void testCommitReadOnlySubject() throws Exception { public void testLoginLogoutPreexistingReadonlySubject() throws Exception { createTestUser(); Subject subject = new Subject(true, Collections.singleton(() -> "JMXPrincipal: foo"), Collections.EMPTY_SET, Collections.EMPTY_SET); - Java23Compatability.doAs(subject, (PrivilegedExceptionAction) () -> { + Java23Compatibility.doAs(subject, (PrivilegedExceptionAction) () -> { LogCustomizer logCustomizer = LogCustomizer .forLogger("org.apache.jackrabbit.oak.core.ContentSessionImpl") .enable(Level.ERROR) diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java index d0aee10b180..cf0e73ddc84 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java @@ -30,7 +30,7 @@ import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.plugins.memory.EmptyNodeState; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; @@ -78,7 +78,7 @@ public void before() throws Exception { accessSession = createTestSession(); Subject notAllowedSubject = new Subject(true, Set.of(EveryonePrincipal.getInstance()), Set.of(), Set.of()); - noAccessSession = Java23Compatability.doAs(notAllowedSubject, (PrivilegedAction) () -> { + noAccessSession = Java23Compatibility.doAs(notAllowedSubject, (PrivilegedAction) () -> { try { return getContentRepository().login(null, null); } catch (Exception e) { diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java index d5ee958b1bf..92a6938bf87 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java @@ -27,7 +27,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; @@ -44,7 +44,6 @@ import org.junit.Test; import javax.jcr.RepositoryException; -import javax.security.auth.Subject; import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.List; @@ -90,7 +89,7 @@ private Tree getAuthorizableTree(@NotNull Authorizable authorizable) throws Repo private Tree getCache(@NotNull Authorizable authorizable) throws Exception { // Creating CachedMembershipReader as this is the only class allowed to write in rep:cache - try (ContentSession cs = Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null))) { + try (ContentSession cs = Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null))) { Root r = cs.getLatestRoot(); Tree n = r.getTree(authorizable.getPath()); CachedMembershipReader reader = new CachedPrincipalMembershipReader( diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java index 5706dbb2c35..eb3ecce21fb 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java @@ -24,7 +24,7 @@ import org.apache.jackrabbit.oak.AbstractSecurityTest; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; @@ -35,7 +35,6 @@ import org.junit.Test; import javax.jcr.RepositoryException; -import javax.security.auth.Subject; import java.security.Principal; import java.security.PrivilegedExceptionAction; import java.util.Enumeration; @@ -113,7 +112,7 @@ protected ConfigurationParameters getSecurityConfigParameters() { private ContentSession getSystemSession() throws Exception { if (systemSession == null) { - systemSession = Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); + systemSession = Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); } return systemSession; } diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java index 90b6a641b50..cb01c2448b3 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java @@ -48,11 +48,10 @@ import java.util.Set; import java.util.UUID; import javax.jcr.RepositoryException; -import javax.security.auth.Subject; + import org.apache.jackrabbit.JcrConstants; import org.apache.jackrabbit.api.security.user.Authorizable; import org.apache.jackrabbit.api.security.user.Group; -import org.apache.jackrabbit.guava.common.collect.Lists; import org.apache.jackrabbit.oak.AbstractSecurityTest; import org.apache.jackrabbit.oak.api.CommitFailedException; import org.apache.jackrabbit.oak.api.ContentSession; @@ -60,7 +59,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.commons.junit.LogCustomizer; import org.apache.jackrabbit.oak.spi.security.user.cache.CachedMembershipReader; import org.apache.jackrabbit.oak.spi.security.user.cache.CacheLoader; @@ -205,7 +204,7 @@ protected ConfigurationParameters getSecurityConfigParameters() { private Root getSystemRoot() throws Exception { if (systemSession == null) { - systemSession = Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); + systemSession = Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); } return systemSession.getLatestRoot(); } diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java index e24207d3e08..904b3572610 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java @@ -23,7 +23,7 @@ import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager; import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; @@ -37,7 +37,6 @@ import org.junit.Test; import javax.jcr.SimpleCredentials; -import javax.security.auth.Subject; import javax.security.auth.login.CredentialExpiredException; import javax.security.auth.login.LoginException; import java.security.PrivilegedActionException; @@ -74,7 +73,7 @@ protected ConfigurationParameters getSecurityConfigParameters() { @Override protected ContentSession createAdminSession(@NotNull ContentRepository repository) { try { - return Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repository.login(null, null)); + return Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repository.login(null, null)); } catch (PrivilegedActionException e) { throw new RuntimeException(e); } diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java index 445bcd99307..8f7c6e90000 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java @@ -27,7 +27,7 @@ import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.plugins.index.IndexConstants; @@ -49,7 +49,6 @@ import javax.jcr.GuestCredentials; import javax.jcr.SimpleCredentials; -import javax.security.auth.Subject; import javax.security.auth.login.LoginException; import java.security.PrivilegedExceptionAction; import java.util.HashMap; @@ -174,7 +173,7 @@ public void testAdminConfiguration() throws Exception { .with(sp) .createContentRepository(); - try (ContentSession cs = Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null))) { + try (ContentSession cs = Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null))) { Root root = cs.getLatestRoot(); UserConfiguration uc = sp.getConfiguration(UserConfiguration.class); UserManager umgr = uc.getUserManager(root, NamePathMapper.DEFAULT); @@ -211,7 +210,7 @@ public void testAnonymousConfiguration() throws Exception { .with(sp) .createContentRepository(); - try (ContentSession cs = Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null))) { + try (ContentSession cs = Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null))) { Root root = cs.getLatestRoot(); UserConfiguration uc = sp.getConfiguration(UserConfiguration.class); UserManager umgr = uc.getUserManager(root, NamePathMapper.DEFAULT); diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java index d8be995daf2..05d69560142 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java @@ -28,7 +28,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.apache.jackrabbit.oak.security.principal.AbstractPrincipalProviderTest; @@ -40,13 +40,10 @@ import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider; import org.apache.jackrabbit.oak.spi.security.user.cache.CacheConstants; import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration; -import org.apache.jackrabbit.oak.security.user.CacheConfiguration; -import org.apache.jackrabbit.oak.spi.security.user.cache.CacheConstants; import org.jetbrains.annotations.NotNull; import org.junit.Test; import javax.jcr.SimpleCredentials; -import javax.security.auth.Subject; import java.security.Principal; import java.security.PrivilegedExceptionAction; import java.util.ArrayList; @@ -112,7 +109,7 @@ private PrincipalProvider createPrincipalProvider(Root root) { private ContentSession getSystemSession() throws Exception { if (systemSession == null) { - systemSession = Java23Compatability.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); + systemSession = Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); } return systemSession; } diff --git a/oak-doc/src/site/markdown/security/authentication/preauthentication.md b/oak-doc/src/site/markdown/security/authentication/preauthentication.md index 774c39659d9..c23a2f2b003 100644 --- a/oak-doc/src/site/markdown/security/authentication/preauthentication.md +++ b/oak-doc/src/site/markdown/security/authentication/preauthentication.md @@ -137,7 +137,7 @@ Example how to use this type of pre-authentication: Subject subject = new Subject(true, principals, Collections.singleton(authInfo), Collections.emptySet()); Session session; try { - session = Java23Compatability.doAsPrivileged(subject, new PrivilegedExceptionAction() { + session = Java23Compatibility.doAsPrivileged(subject, new PrivilegedExceptionAction() { @Override public Session run() throws Exception { return login(null, null); diff --git a/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java b/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java index 8f7f83a1bea..d398f6f4cd0 100644 --- a/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java +++ b/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java @@ -34,7 +34,7 @@ import org.apache.jackrabbit.JcrConstants; import org.apache.jackrabbit.commons.JcrUtils; import org.apache.jackrabbit.oak.api.AuthInfo; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.plugins.index.IndexConstants; import org.apache.jackrabbit.oak.plugins.index.lucene.LuceneIndexConstants; import org.apache.jackrabbit.oak.plugins.index.search.FulltextIndexConstants; @@ -120,7 +120,7 @@ public String getName() { Subject subject = new Subject(true, singleton(admin), singleton(authInfo), Collections.emptySet()); Session adminSession; try { - adminSession = Java23Compatability.doAsPrivileged(subject, new PrivilegedExceptionAction() { + adminSession = Java23Compatibility.doAsPrivileged(subject, new PrivilegedExceptionAction() { @Override public Session run() throws Exception { return repository.login(); diff --git a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java index f4103287518..b55cf667b02 100644 --- a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java +++ b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java @@ -25,7 +25,7 @@ import javax.security.auth.Subject; import javax.security.auth.login.Configuration; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.test.AbstractJCRTest; /** @@ -113,7 +113,7 @@ public void testSuccessfulNullLogin() throws Exception { Subject subject = null; String expectedId = null; - testSession = Java23Compatability.doAs(subject, new PrivilegedExceptionAction() { + testSession = Java23Compatibility.doAs(subject, new PrivilegedExceptionAction() { @Override public Session run() throws RepositoryException { return repository.login(null, null); diff --git a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java index 463a25a7ad3..0c3ded3c6ef 100644 --- a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java +++ b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java @@ -25,7 +25,7 @@ import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.oak.AbstractSecurityTest; import org.apache.jackrabbit.oak.api.ContentSession; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.composite.MountInfoProviderService; import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration; @@ -168,6 +168,6 @@ static PrincipalAccessControlList getApplicablePrincipalAccessControlList(@NotNu @NotNull ContentSession getTestSession(@NotNull Principal... principals) throws Exception { Subject subject = new Subject(true, ImmutableSet.copyOf(principals), Set.of(), Set.of()); - return Java23Compatability.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null); + return Java23Compatibility.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null); } } \ No newline at end of file diff --git a/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java b/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java index 290fd7d83ac..669103251fe 100644 --- a/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java +++ b/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java @@ -38,7 +38,6 @@ import javax.jcr.security.AccessControlPolicy; import javax.jcr.security.AccessControlPolicyIterator; import javax.jcr.security.Privilege; -import javax.security.auth.Subject; import org.apache.jackrabbit.JcrConstants; import org.apache.jackrabbit.api.JackrabbitRepository; @@ -50,7 +49,7 @@ import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.composite.CompositeNodeStore; import org.apache.jackrabbit.oak.jcr.Jcr; import org.apache.jackrabbit.oak.namepath.NamePathMapper; @@ -287,7 +286,7 @@ private static void setupPermissions(ContentRepository repo, SecurityProvider securityProvider) throws RepositoryException { ContentSession cs = null; try { - cs = Java23Compatability.doAsPrivileged(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { + cs = Java23Compatibility.doAsPrivileged(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { @Override public ContentSession run() throws Exception { return repo.login(null, null); diff --git a/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java b/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java index 41a3b00d5a0..030e4d16536 100644 --- a/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java +++ b/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java @@ -42,7 +42,7 @@ import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.Java23Compatability; +import org.apache.jackrabbit.oak.commons.Java23Compatibility; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; @@ -476,7 +476,7 @@ protected Root getRoot() { final ContentRepository repository = rcb.getContentRepository(); if (repository != null) { - systemSession = Java23Compatability.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { + systemSession = Java23Compatibility.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { @Override public ContentSession run() throws LoginException, NoSuchWorkspaceException { return repository.login(null, rcb.getWorkspaceName()); From 74988bb7594388760beee22d48b83e7676fd8037 Mon Sep 17 00:00:00 2001 From: Manfred Baedke Date: Fri, 13 Dec 2024 13:43:34 +0100 Subject: [PATCH 07/10] OAK-11199: Java 23: getSubject is supported only if a security manager is allowed Introduced new package to allow for separate versioning; added comments. --- .../external/impl/jmx/Delegatee.java | 4 +-- .../external/AbstractExternalAuthTest.java | 4 +-- .../ExternalIdentityImporterTest.java | 4 +-- ...ssControlManagerLimitedSystemUserTest.java | 4 +-- .../impl/ReadablePathsAccessControlTest.java | 16 +++++------ .../oak/benchmark/AbstractTest.java | 4 +-- .../jackrabbit/oak/benchmark/CugOakTest.java | 4 +-- .../oak/benchmark/LoginSystemTest.java | 4 +-- .../Java23Security.java} | 10 +++++-- .../oak/commons/jdkcompat/package-info.java | 28 +++++++++++++++++++ .../LoginContextProviderImpl.java | 4 +-- .../ChangeCollectorProviderTest.java | 4 +-- .../LoginContextProviderImplTest.java | 4 +-- .../security/authentication/PreAuthTest.java | 14 +++++----- .../user/LoginModuleImplTest.java | 4 +-- .../RepoPolicyTreePermissionTest.java | 4 +-- .../user/CacheValidatorProviderTest.java | 4 +-- .../user/CachedGroupPrincipalTest.java | 4 +-- .../CachedPrincipalMembershipReaderTest.java | 4 +-- .../user/PasswordExpiryAdminTest.java | 4 +-- .../security/user/UserInitializerTest.java | 6 ++-- .../UserPrincipalProviderWithCacheTest.java | 4 +-- .../jackrabbit/j2ee/IndexInitializer.java | 4 +-- .../authentication/L9_NullLoginTest.java | 4 +-- .../AbstractPrincipalBasedTest.java | 4 +-- .../oak/composite/blueGreen/Persistence.java | 4 +-- .../authentication/AbstractLoginModule.java | 4 +-- 27 files changed, 98 insertions(+), 64 deletions(-) rename oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/{Java23Compatibility.java => jdkcompat/Java23Security.java} (90%) create mode 100755 oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/package-info.java diff --git a/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java index 044053a937e..4c9231ab9e1 100644 --- a/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java +++ b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java @@ -23,7 +23,7 @@ import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.plugins.value.jcr.ValueFactoryImpl; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; @@ -107,7 +107,7 @@ static Delegatee createInstance(@NotNull final ContentRepository repository, int batchSize) { ContentSession systemSession; try { - systemSession = Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repository.login(null, null)); + systemSession = Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repository.login(null, null)); } catch (PrivilegedActionException e) { throw new SyncRuntimeException(ERROR_CREATE_DELEGATEE, e); } diff --git a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java index 83dc660b046..e94dc7e759b 100644 --- a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java +++ b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java @@ -27,7 +27,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.commons.collections.CollectionUtils; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; @@ -213,7 +213,7 @@ protected DefaultSyncHandler registerSyncHandler(@NotNull Map sy @NotNull protected Root getSystemRoot() throws Exception { if (systemRoot == null) { - systemSession = Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null)); + systemSession = Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null)); systemRoot = systemSession.getLatestRoot(); } return systemRoot; diff --git a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java index 208fcc54a97..bae5396eabf 100644 --- a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java +++ b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java @@ -26,7 +26,7 @@ import javax.jcr.SimpleCredentials; import org.apache.jackrabbit.api.JackrabbitRepository; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.jcr.Jcr; import org.apache.jackrabbit.oak.query.QueryEngineSettings; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; @@ -88,7 +88,7 @@ private static void shutdown(Repository repo) { Session createSession(Repository repo, boolean isSystem) throws Exception { if (isSystem) { - return Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null)); + return Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null)); } else { return repo.login(new SimpleCredentials(UserConstants.DEFAULT_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID.toCharArray())); } diff --git a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java index 83806f112cc..bb4dbf2c847 100644 --- a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java +++ b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java @@ -20,7 +20,7 @@ import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.oak.api.AuthInfo; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; @@ -63,7 +63,7 @@ Root createTestRoot() throws Exception { Set principals = Set.of(testPrincipal); AuthInfo authInfo = new AuthInfoImpl(UID, Collections.emptyMap(), principals); Subject subject = new Subject(true, principals, Set.of(authInfo), Set.of()); - return Java23Compatibility.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null).getLatestRoot(), null); + return Java23Security.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null).getLatestRoot(), null); } void grant(@NotNull Principal principal, @Nullable String path, @NotNull String... privNames) throws Exception { diff --git a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java index 13d7f30ab72..f0d8b7ad167 100644 --- a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java +++ b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java @@ -22,7 +22,7 @@ import org.apache.jackrabbit.JcrConstants; import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager; import org.apache.jackrabbit.oak.api.ContentSession; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.commons.collections.CollectionUtils; import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration; @@ -85,7 +85,7 @@ private Subject getTestSubject() { @Test public void testHasPrivilege() throws Exception { - try (ContentSession cs = Java23Compatibility.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Set principals = Collections.singleton(testPrincipal); @@ -100,7 +100,7 @@ public void testHasPrivilege() throws Exception { @Test public void testNotHasPrivilege() throws Exception { - try (ContentSession cs = Java23Compatibility.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Set principals = Collections.singleton(testPrincipal); @@ -141,7 +141,7 @@ public void testNotHasPrivilegePrincipal() throws Exception { @Test public void testGetPrivileges() throws Exception { - try (ContentSession cs = Java23Compatibility.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Privilege[] expected = privilegesFromNames(JCR_READ); @@ -153,7 +153,7 @@ public void testGetPrivileges() throws Exception { @Test(expected = PathNotFoundException.class) public void testGetPrivilegesAtRoot() throws Exception { - try (ContentSession cs = Java23Compatibility.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); testAcMgr.getPrivileges(ROOT_PATH); } @@ -187,7 +187,7 @@ public void testGetEffectivePoliciesNullPath() throws Exception { @Test(expected = AccessDeniedException.class) public void testGetEffectivePoliciesLimitedAccess() throws Exception { - try (ContentSession cs = Java23Compatibility.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); testAcMgr.getEffectivePolicies(readablePaths.next()); } @@ -202,7 +202,7 @@ public void testGetEffectivePoliciesLimitedAccess2() throws Exception { root.commit(); // test-session can read-ac at readable path but cannot access principal-based policy - try (ContentSession cs = Java23Compatibility.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Set effective = ImmutableSet.copyOf(testAcMgr.getEffectivePolicies(path)); @@ -221,7 +221,7 @@ public void testGetEffectivePoliciesLimitedAccess3() throws Exception { root.commit(); // test-session can read-ac at readable path and at principal-based policy - try (ContentSession cs = Java23Compatibility.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Set effective = CollectionUtils.toSet(testAcMgr.getEffectivePolicies(path)); diff --git a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java index 9503c894459..3b2aa0ca664 100644 --- a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java +++ b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java @@ -37,7 +37,7 @@ import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.math3.stat.descriptive.DescriptiveStatistics; import org.apache.commons.math3.stat.descriptive.SynchronizedDescriptiveStatistics; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.commons.Profiler; import org.apache.jackrabbit.oak.fixture.RepositoryFixture; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; @@ -589,7 +589,7 @@ protected Session systemLogin() { protected Session loginSubject(@NotNull Subject subject) { try { - return Java23Compatibility.doAsPrivileged(subject, new PrivilegedExceptionAction() { + return Java23Security.doAsPrivileged(subject, new PrivilegedExceptionAction() { @Override public Session run() throws Exception { return getRepository().login(null, null); diff --git a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java index ee658c4942a..847b77f25e5 100644 --- a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java +++ b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java @@ -29,7 +29,7 @@ import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.fixture.JcrCreator; import org.apache.jackrabbit.oak.fixture.OakRepositoryFixture; import org.apache.jackrabbit.oak.fixture.RepositoryFixture; @@ -90,7 +90,7 @@ protected void runTest() throws Exception { if (singleSession) { readSession = cs; } else { - readSession = Java23Compatibility.doAs(subject, new PrivilegedAction() { + readSession = Java23Security.doAs(subject, new PrivilegedAction() { @Override public ContentSession run() { try { diff --git a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java index c3bef05da3a..9e742daa1bf 100644 --- a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java +++ b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java @@ -25,7 +25,7 @@ import javax.security.auth.Subject; import org.apache.jackrabbit.core.security.SystemPrincipal; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; @@ -47,7 +47,7 @@ public void beforeSuite() throws Exception { public void runTest() throws RepositoryException { for (int i = 0; i < COUNT; i++) { try { - Java23Compatibility.doAsPrivileged(subject, new PrivilegedExceptionAction() { + Java23Security.doAsPrivileged(subject, new PrivilegedExceptionAction() { @Override public Session run() throws Exception { return getRepository().login(null, null); diff --git a/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatibility.java b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/Java23Security.java similarity index 90% rename from oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatibility.java rename to oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/Java23Security.java index bca3c2a089f..4546fdc143a 100644 --- a/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/Java23Compatibility.java +++ b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/Java23Security.java @@ -1,4 +1,4 @@ -package org.apache.jackrabbit.oak.commons; +package org.apache.jackrabbit.oak.commons.jdkcompat; import javax.security.auth.Subject; import java.lang.reflect.InvocationTargetException; @@ -10,7 +10,13 @@ import java.security.PrivilegedExceptionAction; import java.util.concurrent.Callable; -public class Java23Compatibility { +/** + * This class contains methods replacing the deprecated + * {@link Subject#getSubject(AccessControlContext)} + * and associated methods, which changed their behavior + * with Java 23 (@see https://inside.java/2024/07/08/quality-heads-up). + */ +public class Java23Security { static Method current, callAs; diff --git a/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/package-info.java b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/package-info.java new file mode 100755 index 00000000000..d7ad32e566f --- /dev/null +++ b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/package-info.java @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * Package containing utilities to handle incompatible JDK changes. + */ +@Internal +@Version("1.0.0") +package org.apache.jackrabbit.oak.commons.jdkcompat; + +import org.apache.jackrabbit.oak.commons.annotations.Internal; +import org.osgi.annotation.versioning.Version; diff --git a/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java b/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java index 7d7a37208ad..2ff4471f75b 100644 --- a/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java +++ b/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java @@ -26,7 +26,7 @@ import javax.security.auth.login.LoginException; import org.apache.jackrabbit.oak.api.ContentRepository; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil; @@ -94,7 +94,7 @@ public LoginContext getLoginContext(Credentials credentials, String workspaceNam private static Subject getSubject() { Subject subject = null; try { - subject = Java23Compatibility.getSubject(); + subject = Java23Security.getSubject(); } catch (SecurityException e) { log.debug("Can't check for pre-authenticated subject. Reason: {}", e.getMessage()); } diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java index c3344548adc..5834ffd3128 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java @@ -47,7 +47,7 @@ import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.InitialContent; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder; import org.apache.jackrabbit.oak.spi.commit.CommitContext; import org.apache.jackrabbit.oak.spi.commit.CommitInfo; @@ -142,7 +142,7 @@ public void setup() throws PrivilegedActionException, CommitFailedException { .with(getSecurityProvider()); contentRepository = oak.createContentRepository(); - session = Java23Compatibility.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { + session = Java23Security.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { @Override public ContentSession run() throws LoginException, NoSuchWorkspaceException { return contentRepository.login(null, null); diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java index 78f35c2eaf3..4049008e28e 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java @@ -33,7 +33,7 @@ import javax.security.auth.login.LoginException; import org.apache.jackrabbit.oak.AbstractSecurityTest; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration; import org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule; @@ -122,7 +122,7 @@ public void getLoginContextWithoutCredentials() throws Exception { @Test public void testGetPreAuthLoginContext() { Subject subject = new Subject(true, Set.of(), Set.of(), Set.of()); - LoginContext ctx = Java23Compatibility.doAs(subject, (PrivilegedAction) () -> { + LoginContext ctx = Java23Security.doAs(subject, (PrivilegedAction) () -> { try { return lcProvider.getLoginContext(null, null); } catch (LoginException e) { diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java index 158e6d3b90d..4182cfa1601 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java @@ -30,7 +30,7 @@ import org.apache.jackrabbit.oak.AbstractSecurityTest; import org.apache.jackrabbit.oak.api.AuthInfo; import org.apache.jackrabbit.oak.api.ContentSession; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; import org.jetbrains.annotations.Nullable; @@ -67,7 +67,7 @@ public AppConfigurationEntry[] getAppConfigurationEntry(String s) { @Test public void testValidSubject() throws Exception { final Subject subject = new Subject(true, principals, Collections.emptySet(), Collections.emptySet()); - ContentSession cs = Java23Compatibility.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Security.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { @@ -94,7 +94,7 @@ public void testValidSubject() throws Exception { public void testValidSubjectWithCredentials() throws Exception { Set publicCreds = Collections.singleton(new SimpleCredentials("testUserId", new char[0])); final Subject subject = new Subject(false, principals, publicCreds, Collections.emptySet()); - ContentSession cs = Java23Compatibility.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Security.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { @@ -121,7 +121,7 @@ public void testValidSubjectWithCredentials() throws Exception { public void testValidReadSubjectWithCredentials() throws Exception { Set publicCreds = Collections.singleton(new SimpleCredentials("testUserId", new char[0])); final Subject subject = new Subject(true, principals, publicCreds, Collections.emptySet()); - ContentSession cs = Java23Compatibility.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Security.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { @@ -149,7 +149,7 @@ public void testValidSubjectWithAuthInfo() throws Exception { AuthInfo info = new AuthInfoImpl("testUserId", Collections.emptyMap(), Collections.emptySet()); Set publicCreds = Collections.singleton(info); final Subject subject = new Subject(false, Collections.singleton(new TestPrincipal()), publicCreds, Collections.emptySet()); - ContentSession cs = Java23Compatibility.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Security.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { @@ -172,7 +172,7 @@ public void testValidSubjectWithAuthInfo() throws Exception { @Test public void testSubjectAndCredentials() throws Exception { final Subject subject = new Subject(true, principals, Collections.emptySet(), Collections.emptySet()); - ContentSession cs = Java23Compatibility.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Security.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { ContentSession cs; @@ -205,7 +205,7 @@ public void testNullLogin() throws Exception { @Test public void testSystemSubject() throws Exception { - ContentSession cs = Java23Compatibility.doAsPrivileged(SystemSubject.INSTANCE, new PrivilegedAction() { + ContentSession cs = Java23Security.doAsPrivileged(SystemSubject.INSTANCE, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java index 04e67a44756..606d87c5f56 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java @@ -26,7 +26,7 @@ import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.commons.junit.LogCustomizer; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder; @@ -675,7 +675,7 @@ public void testCommitReadOnlySubject() throws Exception { public void testLoginLogoutPreexistingReadonlySubject() throws Exception { createTestUser(); Subject subject = new Subject(true, Collections.singleton(() -> "JMXPrincipal: foo"), Collections.EMPTY_SET, Collections.EMPTY_SET); - Java23Compatibility.doAs(subject, (PrivilegedExceptionAction) () -> { + Java23Security.doAs(subject, (PrivilegedExceptionAction) () -> { LogCustomizer logCustomizer = LogCustomizer .forLogger("org.apache.jackrabbit.oak.core.ContentSessionImpl") .enable(Level.ERROR) diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java index cf0e73ddc84..038a8c7bb8a 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java @@ -30,7 +30,7 @@ import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.plugins.memory.EmptyNodeState; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; @@ -78,7 +78,7 @@ public void before() throws Exception { accessSession = createTestSession(); Subject notAllowedSubject = new Subject(true, Set.of(EveryonePrincipal.getInstance()), Set.of(), Set.of()); - noAccessSession = Java23Compatibility.doAs(notAllowedSubject, (PrivilegedAction) () -> { + noAccessSession = Java23Security.doAs(notAllowedSubject, (PrivilegedAction) () -> { try { return getContentRepository().login(null, null); } catch (Exception e) { diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java index 92a6938bf87..94e8c9b2b91 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java @@ -27,7 +27,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; @@ -89,7 +89,7 @@ private Tree getAuthorizableTree(@NotNull Authorizable authorizable) throws Repo private Tree getCache(@NotNull Authorizable authorizable) throws Exception { // Creating CachedMembershipReader as this is the only class allowed to write in rep:cache - try (ContentSession cs = Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null))) { + try (ContentSession cs = Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null))) { Root r = cs.getLatestRoot(); Tree n = r.getTree(authorizable.getPath()); CachedMembershipReader reader = new CachedPrincipalMembershipReader( diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java index eb3ecce21fb..743359d0eec 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java @@ -24,7 +24,7 @@ import org.apache.jackrabbit.oak.AbstractSecurityTest; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; @@ -112,7 +112,7 @@ protected ConfigurationParameters getSecurityConfigParameters() { private ContentSession getSystemSession() throws Exception { if (systemSession == null) { - systemSession = Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); + systemSession = Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); } return systemSession; } diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java index cb01c2448b3..8a428efa7ef 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java @@ -59,7 +59,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.commons.junit.LogCustomizer; import org.apache.jackrabbit.oak.spi.security.user.cache.CachedMembershipReader; import org.apache.jackrabbit.oak.spi.security.user.cache.CacheLoader; @@ -204,7 +204,7 @@ protected ConfigurationParameters getSecurityConfigParameters() { private Root getSystemRoot() throws Exception { if (systemSession == null) { - systemSession = Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); + systemSession = Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); } return systemSession.getLatestRoot(); } diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java index 904b3572610..26a8ae41239 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java @@ -23,7 +23,7 @@ import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager; import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; @@ -73,7 +73,7 @@ protected ConfigurationParameters getSecurityConfigParameters() { @Override protected ContentSession createAdminSession(@NotNull ContentRepository repository) { try { - return Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repository.login(null, null)); + return Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repository.login(null, null)); } catch (PrivilegedActionException e) { throw new RuntimeException(e); } diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java index 8f7c6e90000..3e5a4a57bbe 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java @@ -27,7 +27,7 @@ import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.plugins.index.IndexConstants; @@ -173,7 +173,7 @@ public void testAdminConfiguration() throws Exception { .with(sp) .createContentRepository(); - try (ContentSession cs = Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null))) { + try (ContentSession cs = Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null))) { Root root = cs.getLatestRoot(); UserConfiguration uc = sp.getConfiguration(UserConfiguration.class); UserManager umgr = uc.getUserManager(root, NamePathMapper.DEFAULT); @@ -210,7 +210,7 @@ public void testAnonymousConfiguration() throws Exception { .with(sp) .createContentRepository(); - try (ContentSession cs = Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null))) { + try (ContentSession cs = Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null))) { Root root = cs.getLatestRoot(); UserConfiguration uc = sp.getConfiguration(UserConfiguration.class); UserManager umgr = uc.getUserManager(root, NamePathMapper.DEFAULT); diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java index 05d69560142..a689c16ae66 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java @@ -28,7 +28,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.apache.jackrabbit.oak.security.principal.AbstractPrincipalProviderTest; @@ -109,7 +109,7 @@ private PrincipalProvider createPrincipalProvider(Root root) { private ContentSession getSystemSession() throws Exception { if (systemSession == null) { - systemSession = Java23Compatibility.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); + systemSession = Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); } return systemSession; } diff --git a/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java b/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java index d398f6f4cd0..e0b01a518d4 100644 --- a/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java +++ b/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java @@ -34,7 +34,7 @@ import org.apache.jackrabbit.JcrConstants; import org.apache.jackrabbit.commons.JcrUtils; import org.apache.jackrabbit.oak.api.AuthInfo; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.plugins.index.IndexConstants; import org.apache.jackrabbit.oak.plugins.index.lucene.LuceneIndexConstants; import org.apache.jackrabbit.oak.plugins.index.search.FulltextIndexConstants; @@ -120,7 +120,7 @@ public String getName() { Subject subject = new Subject(true, singleton(admin), singleton(authInfo), Collections.emptySet()); Session adminSession; try { - adminSession = Java23Compatibility.doAsPrivileged(subject, new PrivilegedExceptionAction() { + adminSession = Java23Security.doAsPrivileged(subject, new PrivilegedExceptionAction() { @Override public Session run() throws Exception { return repository.login(); diff --git a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java index b55cf667b02..593455ce981 100644 --- a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java +++ b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java @@ -25,7 +25,7 @@ import javax.security.auth.Subject; import javax.security.auth.login.Configuration; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.test.AbstractJCRTest; /** @@ -113,7 +113,7 @@ public void testSuccessfulNullLogin() throws Exception { Subject subject = null; String expectedId = null; - testSession = Java23Compatibility.doAs(subject, new PrivilegedExceptionAction() { + testSession = Java23Security.doAs(subject, new PrivilegedExceptionAction() { @Override public Session run() throws RepositoryException { return repository.login(null, null); diff --git a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java index 0c3ded3c6ef..1cc9a9a40c5 100644 --- a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java +++ b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java @@ -25,7 +25,7 @@ import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.oak.AbstractSecurityTest; import org.apache.jackrabbit.oak.api.ContentSession; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.composite.MountInfoProviderService; import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration; @@ -168,6 +168,6 @@ static PrincipalAccessControlList getApplicablePrincipalAccessControlList(@NotNu @NotNull ContentSession getTestSession(@NotNull Principal... principals) throws Exception { Subject subject = new Subject(true, ImmutableSet.copyOf(principals), Set.of(), Set.of()); - return Java23Compatibility.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null); + return Java23Security.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null); } } \ No newline at end of file diff --git a/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java b/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java index 669103251fe..5201597a95c 100644 --- a/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java +++ b/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java @@ -49,7 +49,7 @@ import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.composite.CompositeNodeStore; import org.apache.jackrabbit.oak.jcr.Jcr; import org.apache.jackrabbit.oak.namepath.NamePathMapper; @@ -286,7 +286,7 @@ private static void setupPermissions(ContentRepository repo, SecurityProvider securityProvider) throws RepositoryException { ContentSession cs = null; try { - cs = Java23Compatibility.doAsPrivileged(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { + cs = Java23Security.doAsPrivileged(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { @Override public ContentSession run() throws Exception { return repo.login(null, null); diff --git a/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java b/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java index 030e4d16536..3c65c36c183 100644 --- a/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java +++ b/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java @@ -42,7 +42,7 @@ import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.Java23Compatibility; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; @@ -476,7 +476,7 @@ protected Root getRoot() { final ContentRepository repository = rcb.getContentRepository(); if (repository != null) { - systemSession = Java23Compatibility.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { + systemSession = Java23Security.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { @Override public ContentSession run() throws LoginException, NoSuchWorkspaceException { return repository.login(null, rcb.getWorkspaceName()); From 0113fd273a1a66c1ad43c5aebc1b34ebba1803e6 Mon Sep 17 00:00:00 2001 From: Manfred Baedke Date: Fri, 13 Dec 2024 14:08:32 +0100 Subject: [PATCH 08/10] OAK-11199: Java 23: getSubject is supported only if a security manager is allowed Added missing package export. --- oak-commons/pom.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/oak-commons/pom.xml b/oak-commons/pom.xml index b7648727ed6..45e77b411aa 100644 --- a/oak-commons/pom.xml +++ b/oak-commons/pom.xml @@ -55,7 +55,8 @@ org.apache.jackrabbit.oak.commons.json, org.apache.jackrabbit.oak.commons.log, org.apache.jackrabbit.oak.commons.sort, - org.apache.jackrabbit.oak.commons.properties + org.apache.jackrabbit.oak.commons.properties, + org.apache.jackrabbit.oak.commons.jdkcompat From 35ed438bd8c74eadf4b39548117a337485796ee3 Mon Sep 17 00:00:00 2001 From: mbaedke Date: Fri, 13 Dec 2024 14:15:12 +0100 Subject: [PATCH 09/10] Added license header --- .../oak/commons/jdkcompat/Java23Security.java | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/Java23Security.java b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/Java23Security.java index 4546fdc143a..07c719ff77b 100644 --- a/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/Java23Security.java +++ b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/Java23Security.java @@ -1,3 +1,19 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.apache.jackrabbit.oak.commons.jdkcompat; import javax.security.auth.Subject; From cf8a8060a603258e8310fd044c1f166d35da9738 Mon Sep 17 00:00:00 2001 From: Manfred Baedke Date: Mon, 16 Dec 2024 17:06:55 +0100 Subject: [PATCH 10/10] OAK-11199: Java 23: getSubject is supported only if a security manager is allowed Changed class name, added tests. --- .../external/impl/jmx/Delegatee.java | 4 +- .../external/AbstractExternalAuthTest.java | 4 +- .../ExternalIdentityImporterTest.java | 4 +- ...ssControlManagerLimitedSystemUserTest.java | 4 +- .../impl/ReadablePathsAccessControlTest.java | 16 ++--- .../oak/benchmark/AbstractTest.java | 4 +- .../jackrabbit/oak/benchmark/CugOakTest.java | 4 +- .../oak/benchmark/LoginSystemTest.java | 4 +- ...Java23Security.java => Java23Subject.java} | 2 +- .../commons/jdkcompat/Java23SubjectTest.java | 58 +++++++++++++++++++ .../LoginContextProviderImpl.java | 4 +- .../ChangeCollectorProviderTest.java | 4 +- .../LoginContextProviderImplTest.java | 4 +- .../security/authentication/PreAuthTest.java | 14 ++--- .../user/LoginModuleImplTest.java | 4 +- .../RepoPolicyTreePermissionTest.java | 4 +- .../user/CacheValidatorProviderTest.java | 4 +- .../user/CachedGroupPrincipalTest.java | 4 +- .../CachedPrincipalMembershipReaderTest.java | 4 +- .../user/PasswordExpiryAdminTest.java | 4 +- .../security/user/UserInitializerTest.java | 6 +- .../UserPrincipalProviderWithCacheTest.java | 4 +- .../jackrabbit/j2ee/IndexInitializer.java | 4 +- .../authentication/L9_NullLoginTest.java | 4 +- .../AbstractPrincipalBasedTest.java | 4 +- .../oak/composite/blueGreen/Persistence.java | 4 +- .../authentication/AbstractLoginModule.java | 4 +- 27 files changed, 121 insertions(+), 63 deletions(-) rename oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/{Java23Security.java => Java23Subject.java} (99%) create mode 100755 oak-commons/src/test/java/org/apache/jackrabbit/oak/commons/jdkcompat/Java23SubjectTest.java diff --git a/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java index 4c9231ab9e1..fa3b0684df7 100644 --- a/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java +++ b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/Delegatee.java @@ -23,7 +23,7 @@ import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.plugins.value.jcr.ValueFactoryImpl; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; @@ -107,7 +107,7 @@ static Delegatee createInstance(@NotNull final ContentRepository repository, int batchSize) { ContentSession systemSession; try { - systemSession = Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repository.login(null, null)); + systemSession = Java23Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repository.login(null, null)); } catch (PrivilegedActionException e) { throw new SyncRuntimeException(ERROR_CREATE_DELEGATEE, e); } diff --git a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java index e94dc7e759b..1df8bffee8c 100644 --- a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java +++ b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.java @@ -27,7 +27,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.commons.collections.CollectionUtils; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; @@ -213,7 +213,7 @@ protected DefaultSyncHandler registerSyncHandler(@NotNull Map sy @NotNull protected Root getSystemRoot() throws Exception { if (systemRoot == null) { - systemSession = Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null)); + systemSession = Java23Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null)); systemRoot = systemSession.getLatestRoot(); } return systemRoot; diff --git a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java index bae5396eabf..6dae601d34b 100644 --- a/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java +++ b/oak-auth-external/src/test/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityImporterTest.java @@ -26,7 +26,7 @@ import javax.jcr.SimpleCredentials; import org.apache.jackrabbit.api.JackrabbitRepository; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.jcr.Jcr; import org.apache.jackrabbit.oak.query.QueryEngineSettings; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; @@ -88,7 +88,7 @@ private static void shutdown(Repository repo) { Session createSession(Repository repo, boolean isSystem) throws Exception { if (isSystem) { - return Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null)); + return Java23Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null)); } else { return repo.login(new SimpleCredentials(UserConstants.DEFAULT_ADMIN_ID, UserConstants.DEFAULT_ADMIN_ID.toCharArray())); } diff --git a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java index bb4dbf2c847..cd5bcaface2 100644 --- a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java +++ b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AccessControlManagerLimitedSystemUserTest.java @@ -20,7 +20,7 @@ import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.oak.api.AuthInfo; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; @@ -63,7 +63,7 @@ Root createTestRoot() throws Exception { Set principals = Set.of(testPrincipal); AuthInfo authInfo = new AuthInfoImpl(UID, Collections.emptyMap(), principals); Subject subject = new Subject(true, principals, Set.of(authInfo), Set.of()); - return Java23Security.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null).getLatestRoot(), null); + return Java23Subject.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null).getLatestRoot(), null); } void grant(@NotNull Principal principal, @Nullable String path, @NotNull String... privNames) throws Exception { diff --git a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java index f0d8b7ad167..80e1caf9aa7 100644 --- a/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java +++ b/oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsAccessControlTest.java @@ -22,7 +22,7 @@ import org.apache.jackrabbit.JcrConstants; import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager; import org.apache.jackrabbit.oak.api.ContentSession; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.commons.collections.CollectionUtils; import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration; @@ -85,7 +85,7 @@ private Subject getTestSubject() { @Test public void testHasPrivilege() throws Exception { - try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Set principals = Collections.singleton(testPrincipal); @@ -100,7 +100,7 @@ public void testHasPrivilege() throws Exception { @Test public void testNotHasPrivilege() throws Exception { - try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Set principals = Collections.singleton(testPrincipal); @@ -141,7 +141,7 @@ public void testNotHasPrivilegePrincipal() throws Exception { @Test public void testGetPrivileges() throws Exception { - try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Privilege[] expected = privilegesFromNames(JCR_READ); @@ -153,7 +153,7 @@ public void testGetPrivileges() throws Exception { @Test(expected = PathNotFoundException.class) public void testGetPrivilegesAtRoot() throws Exception { - try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); testAcMgr.getPrivileges(ROOT_PATH); } @@ -187,7 +187,7 @@ public void testGetEffectivePoliciesNullPath() throws Exception { @Test(expected = AccessDeniedException.class) public void testGetEffectivePoliciesLimitedAccess() throws Exception { - try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); testAcMgr.getEffectivePolicies(readablePaths.next()); } @@ -202,7 +202,7 @@ public void testGetEffectivePoliciesLimitedAccess2() throws Exception { root.commit(); // test-session can read-ac at readable path but cannot access principal-based policy - try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Set effective = ImmutableSet.copyOf(testAcMgr.getEffectivePolicies(path)); @@ -221,7 +221,7 @@ public void testGetEffectivePoliciesLimitedAccess3() throws Exception { root.commit(); // test-session can read-ac at readable path and at principal-based policy - try (ContentSession cs = Java23Security.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { + try (ContentSession cs = Java23Subject.doAsPrivileged(getTestSubject(), (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null)) { PrincipalBasedAccessControlManager testAcMgr = new PrincipalBasedAccessControlManager(getMgrProvider(cs.getLatestRoot()), getFilterProvider()); Set effective = CollectionUtils.toSet(testAcMgr.getEffectivePolicies(path)); diff --git a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java index 3b2aa0ca664..ec9cc7a204b 100644 --- a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java +++ b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/AbstractTest.java @@ -37,7 +37,7 @@ import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.math3.stat.descriptive.DescriptiveStatistics; import org.apache.commons.math3.stat.descriptive.SynchronizedDescriptiveStatistics; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.commons.Profiler; import org.apache.jackrabbit.oak.fixture.RepositoryFixture; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; @@ -589,7 +589,7 @@ protected Session systemLogin() { protected Session loginSubject(@NotNull Subject subject) { try { - return Java23Security.doAsPrivileged(subject, new PrivilegedExceptionAction() { + return Java23Subject.doAsPrivileged(subject, new PrivilegedExceptionAction() { @Override public Session run() throws Exception { return getRepository().login(null, null); diff --git a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java index 847b77f25e5..a9fe6114352 100644 --- a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java +++ b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/CugOakTest.java @@ -29,7 +29,7 @@ import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.fixture.JcrCreator; import org.apache.jackrabbit.oak.fixture.OakRepositoryFixture; import org.apache.jackrabbit.oak.fixture.RepositoryFixture; @@ -90,7 +90,7 @@ protected void runTest() throws Exception { if (singleSession) { readSession = cs; } else { - readSession = Java23Security.doAs(subject, new PrivilegedAction() { + readSession = Java23Subject.doAs(subject, new PrivilegedAction() { @Override public ContentSession run() { try { diff --git a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java index 9e742daa1bf..12851cb5430 100644 --- a/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java +++ b/oak-benchmarks/src/main/java/org/apache/jackrabbit/oak/benchmark/LoginSystemTest.java @@ -25,7 +25,7 @@ import javax.security.auth.Subject; import org.apache.jackrabbit.core.security.SystemPrincipal; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.jcr.repository.RepositoryImpl; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; @@ -47,7 +47,7 @@ public void beforeSuite() throws Exception { public void runTest() throws RepositoryException { for (int i = 0; i < COUNT; i++) { try { - Java23Security.doAsPrivileged(subject, new PrivilegedExceptionAction() { + Java23Subject.doAsPrivileged(subject, new PrivilegedExceptionAction() { @Override public Session run() throws Exception { return getRepository().login(null, null); diff --git a/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/Java23Security.java b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/Java23Subject.java similarity index 99% rename from oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/Java23Security.java rename to oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/Java23Subject.java index 07c719ff77b..63c4fe248e6 100644 --- a/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/Java23Security.java +++ b/oak-commons/src/main/java/org/apache/jackrabbit/oak/commons/jdkcompat/Java23Subject.java @@ -32,7 +32,7 @@ * and associated methods, which changed their behavior * with Java 23 (@see https://inside.java/2024/07/08/quality-heads-up). */ -public class Java23Security { +public class Java23Subject { static Method current, callAs; diff --git a/oak-commons/src/test/java/org/apache/jackrabbit/oak/commons/jdkcompat/Java23SubjectTest.java b/oak-commons/src/test/java/org/apache/jackrabbit/oak/commons/jdkcompat/Java23SubjectTest.java new file mode 100755 index 00000000000..a74deb2bb44 --- /dev/null +++ b/oak-commons/src/test/java/org/apache/jackrabbit/oak/commons/jdkcompat/Java23SubjectTest.java @@ -0,0 +1,58 @@ +package org.apache.jackrabbit.oak.commons.jdkcompat; + +import org.junit.Test; + +import javax.security.auth.Subject; + +import java.security.PrivilegedAction; +import java.util.Arrays; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; + +public class Java23SubjectTest { + + static int specVersion = Runtime.version().feature(); + + @Test + public void testApiExistence() { + if (specVersion > 17) { + assertNotNull(Java23Subject.current); + assertNotNull(Java23Subject.callAs); + } else { + assertNull(Java23Subject.current); + assertNull(Java23Subject.callAs); + } + } + + @Test + public void testApiFunction() { + Subject subject = new Subject(); + if (specVersion > 17) { + assertEquals(subject, + Java23Subject.doAs(subject, (PrivilegedAction) () -> { + assertEquals(Java23Subject.getSubject(), subject); + StackTraceElement[] stackTrace = Thread.currentThread().getStackTrace(); + assertFalse(Arrays.stream(stackTrace) + .map(elt -> elt.getMethodName()) + .filter(name -> "callAs".equals(name)) + .findFirst() + .isEmpty()); + return subject; + })); + } else { + assertEquals(subject, + Java23Subject.doAs(subject, (PrivilegedAction) () -> { + assertEquals(Java23Subject.getSubject(), subject); + StackTraceElement[] stackTrace = Thread.currentThread().getStackTrace(); + assertTrue(Arrays.stream(stackTrace) + .map(elt -> elt.getMethodName()) + .filter(name -> "doAs".equals(name)).count() == 2); + return subject; + })); + } + } +} diff --git a/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java b/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java index 2ff4471f75b..d8c38caba87 100644 --- a/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java +++ b/oak-core/src/main/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImpl.java @@ -26,7 +26,7 @@ import javax.security.auth.login.LoginException; import org.apache.jackrabbit.oak.api.ContentRepository; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil; @@ -94,7 +94,7 @@ public LoginContext getLoginContext(Credentials credentials, String workspaceNam private static Subject getSubject() { Subject subject = null; try { - subject = Java23Security.getSubject(); + subject = Java23Subject.getSubject(); } catch (SecurityException e) { log.debug("Can't check for pre-authenticated subject. Reason: {}", e.getMessage()); } diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java index 5834ffd3128..832d394804e 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/plugins/observation/ChangeCollectorProviderTest.java @@ -47,7 +47,7 @@ import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; import org.apache.jackrabbit.oak.InitialContent; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder; import org.apache.jackrabbit.oak.spi.commit.CommitContext; import org.apache.jackrabbit.oak.spi.commit.CommitInfo; @@ -142,7 +142,7 @@ public void setup() throws PrivilegedActionException, CommitFailedException { .with(getSecurityProvider()); contentRepository = oak.createContentRepository(); - session = Java23Security.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { + session = Java23Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { @Override public ContentSession run() throws LoginException, NoSuchWorkspaceException { return contentRepository.login(null, null); diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java index 4049008e28e..9b63b8b65b7 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.java @@ -33,7 +33,7 @@ import javax.security.auth.login.LoginException; import org.apache.jackrabbit.oak.AbstractSecurityTest; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.authentication.AuthenticationConfiguration; import org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule; @@ -122,7 +122,7 @@ public void getLoginContextWithoutCredentials() throws Exception { @Test public void testGetPreAuthLoginContext() { Subject subject = new Subject(true, Set.of(), Set.of(), Set.of()); - LoginContext ctx = Java23Security.doAs(subject, (PrivilegedAction) () -> { + LoginContext ctx = Java23Subject.doAs(subject, (PrivilegedAction) () -> { try { return lcProvider.getLoginContext(null, null); } catch (LoginException e) { diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java index 4182cfa1601..43cd02b9330 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/PreAuthTest.java @@ -30,7 +30,7 @@ import org.apache.jackrabbit.oak.AbstractSecurityTest; import org.apache.jackrabbit.oak.api.AuthInfo; import org.apache.jackrabbit.oak.api.ContentSession; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; import org.jetbrains.annotations.Nullable; @@ -67,7 +67,7 @@ public AppConfigurationEntry[] getAppConfigurationEntry(String s) { @Test public void testValidSubject() throws Exception { final Subject subject = new Subject(true, principals, Collections.emptySet(), Collections.emptySet()); - ContentSession cs = Java23Security.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Subject.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { @@ -94,7 +94,7 @@ public void testValidSubject() throws Exception { public void testValidSubjectWithCredentials() throws Exception { Set publicCreds = Collections.singleton(new SimpleCredentials("testUserId", new char[0])); final Subject subject = new Subject(false, principals, publicCreds, Collections.emptySet()); - ContentSession cs = Java23Security.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Subject.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { @@ -121,7 +121,7 @@ public void testValidSubjectWithCredentials() throws Exception { public void testValidReadSubjectWithCredentials() throws Exception { Set publicCreds = Collections.singleton(new SimpleCredentials("testUserId", new char[0])); final Subject subject = new Subject(true, principals, publicCreds, Collections.emptySet()); - ContentSession cs = Java23Security.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Subject.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { @@ -149,7 +149,7 @@ public void testValidSubjectWithAuthInfo() throws Exception { AuthInfo info = new AuthInfoImpl("testUserId", Collections.emptyMap(), Collections.emptySet()); Set publicCreds = Collections.singleton(info); final Subject subject = new Subject(false, Collections.singleton(new TestPrincipal()), publicCreds, Collections.emptySet()); - ContentSession cs = Java23Security.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Subject.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { @@ -172,7 +172,7 @@ public void testValidSubjectWithAuthInfo() throws Exception { @Test public void testSubjectAndCredentials() throws Exception { final Subject subject = new Subject(true, principals, Collections.emptySet(), Collections.emptySet()); - ContentSession cs = Java23Security.doAsPrivileged(subject, new PrivilegedAction() { + ContentSession cs = Java23Subject.doAsPrivileged(subject, new PrivilegedAction() { @Override public @Nullable ContentSession run() { ContentSession cs; @@ -205,7 +205,7 @@ public void testNullLogin() throws Exception { @Test public void testSystemSubject() throws Exception { - ContentSession cs = Java23Security.doAsPrivileged(SystemSubject.INSTANCE, new PrivilegedAction() { + ContentSession cs = Java23Subject.doAsPrivileged(SystemSubject.INSTANCE, new PrivilegedAction() { @Override public @Nullable ContentSession run() { try { diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java index 606d87c5f56..504f891cbff 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.java @@ -26,7 +26,7 @@ import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.commons.junit.LogCustomizer; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder; @@ -675,7 +675,7 @@ public void testCommitReadOnlySubject() throws Exception { public void testLoginLogoutPreexistingReadonlySubject() throws Exception { createTestUser(); Subject subject = new Subject(true, Collections.singleton(() -> "JMXPrincipal: foo"), Collections.EMPTY_SET, Collections.EMPTY_SET); - Java23Security.doAs(subject, (PrivilegedExceptionAction) () -> { + Java23Subject.doAs(subject, (PrivilegedExceptionAction) () -> { LogCustomizer logCustomizer = LogCustomizer .forLogger("org.apache.jackrabbit.oak.core.ContentSessionImpl") .enable(Level.ERROR) diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java index 038a8c7bb8a..540f76ee7e3 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/authorization/permission/RepoPolicyTreePermissionTest.java @@ -30,7 +30,7 @@ import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.plugins.memory.EmptyNodeState; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; @@ -78,7 +78,7 @@ public void before() throws Exception { accessSession = createTestSession(); Subject notAllowedSubject = new Subject(true, Set.of(EveryonePrincipal.getInstance()), Set.of(), Set.of()); - noAccessSession = Java23Security.doAs(notAllowedSubject, (PrivilegedAction) () -> { + noAccessSession = Java23Subject.doAs(notAllowedSubject, (PrivilegedAction) () -> { try { return getContentRepository().login(null, null); } catch (Exception e) { diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java index 94e8c9b2b91..52498b7e0c0 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.java @@ -27,7 +27,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; @@ -89,7 +89,7 @@ private Tree getAuthorizableTree(@NotNull Authorizable authorizable) throws Repo private Tree getCache(@NotNull Authorizable authorizable) throws Exception { // Creating CachedMembershipReader as this is the only class allowed to write in rep:cache - try (ContentSession cs = Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null))) { + try (ContentSession cs = Java23Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null))) { Root r = cs.getLatestRoot(); Tree n = r.getTree(authorizable.getPath()); CachedMembershipReader reader = new CachedPrincipalMembershipReader( diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java index 743359d0eec..1d7d5bf3971 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.java @@ -24,7 +24,7 @@ import org.apache.jackrabbit.oak.AbstractSecurityTest; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject; @@ -112,7 +112,7 @@ protected ConfigurationParameters getSecurityConfigParameters() { private ContentSession getSystemSession() throws Exception { if (systemSession == null) { - systemSession = Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); + systemSession = Java23Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); } return systemSession; } diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java index 8a428efa7ef..b10759550d4 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/CachedPrincipalMembershipReaderTest.java @@ -59,7 +59,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.commons.junit.LogCustomizer; import org.apache.jackrabbit.oak.spi.security.user.cache.CachedMembershipReader; import org.apache.jackrabbit.oak.spi.security.user.cache.CacheLoader; @@ -204,7 +204,7 @@ protected ConfigurationParameters getSecurityConfigParameters() { private Root getSystemRoot() throws Exception { if (systemSession == null) { - systemSession = Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); + systemSession = Java23Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); } return systemSession.getLatestRoot(); } diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java index 26a8ae41239..86d93643612 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/PasswordExpiryAdminTest.java @@ -23,7 +23,7 @@ import org.apache.jackrabbit.oak.api.PropertyState; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager; import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants; @@ -73,7 +73,7 @@ protected ConfigurationParameters getSecurityConfigParameters() { @Override protected ContentSession createAdminSession(@NotNull ContentRepository repository) { try { - return Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repository.login(null, null)); + return Java23Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repository.login(null, null)); } catch (PrivilegedActionException e) { throw new RuntimeException(e); } diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java index 3e5a4a57bbe..6edd57e099b 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserInitializerTest.java @@ -27,7 +27,7 @@ import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.plugins.index.IndexConstants; @@ -173,7 +173,7 @@ public void testAdminConfiguration() throws Exception { .with(sp) .createContentRepository(); - try (ContentSession cs = Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null))) { + try (ContentSession cs = Java23Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null))) { Root root = cs.getLatestRoot(); UserConfiguration uc = sp.getConfiguration(UserConfiguration.class); UserManager umgr = uc.getUserManager(root, NamePathMapper.DEFAULT); @@ -210,7 +210,7 @@ public void testAnonymousConfiguration() throws Exception { .with(sp) .createContentRepository(); - try (ContentSession cs = Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null))) { + try (ContentSession cs = Java23Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> repo.login(null, null))) { Root root = cs.getLatestRoot(); UserConfiguration uc = sp.getConfiguration(UserConfiguration.class); UserManager umgr = uc.getUserManager(root, NamePathMapper.DEFAULT); diff --git a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java index a689c16ae66..9ffab3c9a14 100644 --- a/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java +++ b/oak-core/src/test/java/org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.java @@ -28,7 +28,7 @@ import org.apache.jackrabbit.oak.api.Root; import org.apache.jackrabbit.oak.api.Tree; import org.apache.jackrabbit.oak.api.Type; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.plugins.memory.PropertyStates; import org.apache.jackrabbit.oak.plugins.tree.TreeUtil; import org.apache.jackrabbit.oak.security.principal.AbstractPrincipalProviderTest; @@ -109,7 +109,7 @@ private PrincipalProvider createPrincipalProvider(Root root) { private ContentSession getSystemSession() throws Exception { if (systemSession == null) { - systemSession = Java23Security.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); + systemSession = Java23Subject.doAs(SystemSubject.INSTANCE, (PrivilegedExceptionAction) () -> login(null)); } return systemSession; } diff --git a/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java b/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java index e0b01a518d4..fa0df8a3ab0 100644 --- a/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java +++ b/oak-examples/webapp/src/main/java/org/apache/jackrabbit/j2ee/IndexInitializer.java @@ -34,7 +34,7 @@ import org.apache.jackrabbit.JcrConstants; import org.apache.jackrabbit.commons.JcrUtils; import org.apache.jackrabbit.oak.api.AuthInfo; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.plugins.index.IndexConstants; import org.apache.jackrabbit.oak.plugins.index.lucene.LuceneIndexConstants; import org.apache.jackrabbit.oak.plugins.index.search.FulltextIndexConstants; @@ -120,7 +120,7 @@ public String getName() { Subject subject = new Subject(true, singleton(admin), singleton(authInfo), Collections.emptySet()); Session adminSession; try { - adminSession = Java23Security.doAsPrivileged(subject, new PrivilegedExceptionAction() { + adminSession = Java23Subject.doAsPrivileged(subject, new PrivilegedExceptionAction() { @Override public Session run() throws Exception { return repository.login(); diff --git a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java index 593455ce981..f02667589d0 100644 --- a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java +++ b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authentication/L9_NullLoginTest.java @@ -25,7 +25,7 @@ import javax.security.auth.Subject; import javax.security.auth.login.Configuration; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.test.AbstractJCRTest; /** @@ -113,7 +113,7 @@ public void testSuccessfulNullLogin() throws Exception { Subject subject = null; String expectedId = null; - testSession = Java23Security.doAs(subject, new PrivilegedExceptionAction() { + testSession = Java23Subject.doAs(subject, new PrivilegedExceptionAction() { @Override public Session run() throws RepositoryException { return repository.login(null, null); diff --git a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java index 1cc9a9a40c5..0c6ed8a58ce 100644 --- a/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java +++ b/oak-exercise/src/test/java/org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/AbstractPrincipalBasedTest.java @@ -25,7 +25,7 @@ import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.oak.AbstractSecurityTest; import org.apache.jackrabbit.oak.api.ContentSession; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.commons.PathUtils; import org.apache.jackrabbit.oak.composite.MountInfoProviderService; import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration; @@ -168,6 +168,6 @@ static PrincipalAccessControlList getApplicablePrincipalAccessControlList(@NotNu @NotNull ContentSession getTestSession(@NotNull Principal... principals) throws Exception { Subject subject = new Subject(true, ImmutableSet.copyOf(principals), Set.of(), Set.of()); - return Java23Security.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null); + return Java23Subject.doAsPrivileged(subject, (PrivilegedExceptionAction) () -> getContentRepository().login(null, null), null); } } \ No newline at end of file diff --git a/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java b/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java index 5201597a95c..3b69f6b4f4a 100644 --- a/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java +++ b/oak-lucene/src/test/java/org/apache/jackrabbit/oak/composite/blueGreen/Persistence.java @@ -49,7 +49,7 @@ import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.composite.CompositeNodeStore; import org.apache.jackrabbit.oak.jcr.Jcr; import org.apache.jackrabbit.oak.namepath.NamePathMapper; @@ -286,7 +286,7 @@ private static void setupPermissions(ContentRepository repo, SecurityProvider securityProvider) throws RepositoryException { ContentSession cs = null; try { - cs = Java23Security.doAsPrivileged(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { + cs = Java23Subject.doAsPrivileged(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { @Override public ContentSession run() throws Exception { return repo.login(null, null); diff --git a/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java b/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java index 3c65c36c183..8c49550772b 100644 --- a/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java +++ b/oak-security-spi/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/AbstractLoginModule.java @@ -42,7 +42,7 @@ import org.apache.jackrabbit.oak.api.ContentRepository; import org.apache.jackrabbit.oak.api.ContentSession; import org.apache.jackrabbit.oak.api.Root; -import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Security; +import org.apache.jackrabbit.oak.commons.jdkcompat.Java23Subject; import org.apache.jackrabbit.oak.namepath.NamePathMapper; import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters; import org.apache.jackrabbit.oak.spi.security.SecurityProvider; @@ -476,7 +476,7 @@ protected Root getRoot() { final ContentRepository repository = rcb.getContentRepository(); if (repository != null) { - systemSession = Java23Security.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { + systemSession = Java23Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction() { @Override public ContentSession run() throws LoginException, NoSuchWorkspaceException { return repository.login(null, rcb.getWorkspaceName());