]>
git.argeo.org Git - gpl/argeo-jcr.git/blob - org.argeo.cms.jcr/src/org/argeo/jcr/JcrAuthorizations.java
3 import java
.security
.Principal
;
4 import java
.util
.ArrayList
;
5 import java
.util
.HashMap
;
9 import javax
.jcr
.Repository
;
10 import javax
.jcr
.RepositoryException
;
11 import javax
.jcr
.Session
;
12 import javax
.jcr
.security
.AccessControlManager
;
13 import javax
.jcr
.security
.Privilege
;
14 import javax
.naming
.InvalidNameException
;
15 import javax
.naming
.ldap
.LdapName
;
17 /** Apply authorizations to a JCR repository. */
18 public class JcrAuthorizations
implements Runnable
{
19 // private final static Log log =
20 // LogFactory.getLog(JcrAuthorizations.class);
22 private Repository repository
;
23 private String workspace
= null;
25 private String securityWorkspace
= "security";
28 * key := privilege1,privilege2/path/to/node<br/>
29 * value := group1,group2,user1
31 private Map
<String
, String
> principalPrivileges
= new HashMap
<String
, String
>();
34 String currentWorkspace
= workspace
;
35 Session session
= null;
37 if (workspace
!= null && workspace
.equals("*")) {
38 session
= repository
.login();
39 String
[] workspaces
= session
.getWorkspace().getAccessibleWorkspaceNames();
40 JcrUtils
.logoutQuietly(session
);
41 for (String wksp
: workspaces
) {
42 currentWorkspace
= wksp
;
43 if (currentWorkspace
.equals(securityWorkspace
))
45 session
= repository
.login(currentWorkspace
);
46 initAuthorizations(session
);
47 JcrUtils
.logoutQuietly(session
);
50 session
= repository
.login(workspace
);
51 initAuthorizations(session
);
53 } catch (RepositoryException e
) {
54 JcrUtils
.discardQuietly(session
);
55 throw new JcrException(
56 "Cannot set authorizations " + principalPrivileges
+ " on workspace " + currentWorkspace
, e
);
58 JcrUtils
.logoutQuietly(session
);
62 protected void processWorkspace(String workspace
) {
63 Session session
= null;
65 session
= repository
.login(workspace
);
66 initAuthorizations(session
);
67 } catch (RepositoryException e
) {
68 JcrUtils
.discardQuietly(session
);
69 throw new JcrException(
70 "Cannot set authorizations " + principalPrivileges
+ " on repository " + repository
, e
);
72 JcrUtils
.logoutQuietly(session
);
76 /** @deprecated call {@link #run()} instead. */
82 protected void initAuthorizations(Session session
) throws RepositoryException
{
83 AccessControlManager acm
= session
.getAccessControlManager();
85 for (String privileges
: principalPrivileges
.keySet()) {
87 int slashIndex
= privileges
.indexOf('/');
88 if (slashIndex
== 0) {
89 throw new IllegalArgumentException("Privilege " + privileges
+ " badly formatted it starts with /");
90 } else if (slashIndex
> 0) {
91 path
= privileges
.substring(slashIndex
);
92 privileges
= privileges
.substring(0, slashIndex
);
98 List
<Privilege
> privs
= new ArrayList
<Privilege
>();
99 for (String priv
: privileges
.split(",")) {
100 privs
.add(acm
.privilegeFromName(priv
));
103 String principalNames
= principalPrivileges
.get(privileges
);
105 new LdapName(principalNames
);
106 // TODO differentiate groups and users ?
107 Principal principal
= getOrCreatePrincipal(session
, principalNames
);
108 JcrUtils
.addPrivileges(session
, path
, principal
, privs
);
109 } catch (InvalidNameException e
) {
110 for (String principalName
: principalNames
.split(",")) {
111 Principal principal
= getOrCreatePrincipal(session
, principalName
);
112 JcrUtils
.addPrivileges(session
, path
, principal
, privs
);
113 // if (log.isDebugEnabled()) {
114 // StringBuffer privBuf = new StringBuffer();
115 // for (Privilege priv : privs)
116 // privBuf.append(priv.getName());
117 // log.debug("Added privileges " + privBuf + " to "
118 // + principal.getName() + " on " + path + " in '"
119 // + session.getWorkspace().getName() + "'");
125 // if (log.isDebugEnabled())
126 // log.debug("JCR authorizations applied on '"
127 // + session.getWorkspace().getName() + "'");
131 * Returns a {@link SimplePrincipal}, does not check whether it exists since
132 * such capabilities is not provided by the standard JCR API. Can be
133 * overridden to provide smarter handling
135 protected Principal
getOrCreatePrincipal(Session session
, String principalName
) throws RepositoryException
{
136 return new SimplePrincipal(principalName
);
139 // public static void addPrivileges(Session session, Principal principal,
140 // String path, List<Privilege> privs) throws RepositoryException {
141 // AccessControlManager acm = session.getAccessControlManager();
142 // // search for an access control list
143 // AccessControlList acl = null;
144 // AccessControlPolicyIterator policyIterator = acm
145 // .getApplicablePolicies(path);
146 // if (policyIterator.hasNext()) {
147 // while (policyIterator.hasNext()) {
148 // AccessControlPolicy acp = policyIterator
149 // .nextAccessControlPolicy();
150 // if (acp instanceof AccessControlList)
151 // acl = ((AccessControlList) acp);
154 // AccessControlPolicy[] existingPolicies = acm.getPolicies(path);
155 // for (AccessControlPolicy acp : existingPolicies) {
156 // if (acp instanceof AccessControlList)
157 // acl = ((AccessControlList) acp);
161 // if (acl != null) {
162 // acl.addAccessControlEntry(principal,
163 // privs.toArray(new Privilege[privs.size()]));
164 // acm.setPolicy(path, acl);
166 // if (log.isDebugEnabled()) {
167 // StringBuffer buf = new StringBuffer("");
168 // for (int i = 0; i < privs.size(); i++) {
171 // buf.append(privs.get(i).getName());
173 // log.debug("Added privilege(s) '" + buf + "' to '"
174 // + principal.getName() + "' on " + path
175 // + " from workspace '"
176 // + session.getWorkspace().getName() + "'");
179 // throw new ArgeoJcrException("Don't know how to apply privileges "
180 // + privs + " to " + principal + " on " + path
181 // + " from workspace '" + session.getWorkspace().getName()
187 public void setGroupPrivileges(Map
<String
, String
> groupPrivileges
) {
188 this.principalPrivileges
= groupPrivileges
;
191 public void setPrincipalPrivileges(Map
<String
, String
> principalPrivileges
) {
192 this.principalPrivileges
= principalPrivileges
;
195 public void setRepository(Repository repository
) {
196 this.repository
= repository
;
199 public void setWorkspace(String workspace
) {
200 this.workspace
= workspace
;
203 public void setSecurityWorkspace(String securityWorkspace
) {
204 this.securityWorkspace
= securityWorkspace
;