]> git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.jcr/src/org/argeo/jcr/JcrAuthorizations.java
projects / lgpl / argeo-commons.git / blob


22592fa178991a1d42f42837b6e19cd191947161
[lgpl/argeo-commons.git] / org.argeo.jcr / src / org / argeo / jcr / JcrAuthorizations.java
1 /*
2 * Copyright (C) 2007-2012 Argeo GmbH
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 package org.argeo.jcr;
17
18 import java.security.Principal;
19 import java.util.ArrayList;
20 import java.util.HashMap;
21 import java.util.List;
22 import java.util.Map;
23
24 import javax.jcr.Repository;
25 import javax.jcr.RepositoryException;
26 import javax.jcr.Session;
27 import javax.jcr.security.AccessControlManager;
28 import javax.jcr.security.Privilege;
29
30 /** Apply authorizations to a JCR repository. */
31 public class JcrAuthorizations implements Runnable {
32 // private final static Log log =
33 // LogFactory.getLog(JcrAuthorizations.class);
34
35 private Repository repository;
36 private String workspace = null;
37
38 private String securityWorkspace = "security";
39
40 /**
41 * key := privilege1,privilege2/path/to/node<br/>
42 * value := group1,group2,user1
43 */
44 private Map<String, String> principalPrivileges = new HashMap<String, String>();
45
46 public void run() {
47 String currentWorkspace = workspace;
48 Session session = null;
49 try {
50 if (workspace != null && workspace.equals("*")) {
51 session = repository.login();
52 String[] workspaces = session.getWorkspace()
53 .getAccessibleWorkspaceNames();
54 JcrUtils.logoutQuietly(session);
55 for (String wksp : workspaces) {
56 currentWorkspace = wksp;
57 if (currentWorkspace.equals(securityWorkspace))
58 continue;
59 session = repository.login(currentWorkspace);
60 initAuthorizations(session);
61 JcrUtils.logoutQuietly(session);
62 }
63 } else {
64 session = repository.login(workspace);
65 initAuthorizations(session);
66 }
67 } catch (Exception e) {
68 JcrUtils.discardQuietly(session);
69 throw new ArgeoJcrException(
70 "Cannot set authorizations " + principalPrivileges
71 + " on workspace " + currentWorkspace, e);
72 } finally {
73 JcrUtils.logoutQuietly(session);
74 }
75 }
76
77 protected void processWorkspace(String workspace) {
78 Session session = null;
79 try {
80 session = repository.login(workspace);
81 initAuthorizations(session);
82 } catch (Exception e) {
83 JcrUtils.discardQuietly(session);
84 throw new ArgeoJcrException("Cannot set authorizations "
85 + principalPrivileges + " on repository " + repository, e);
86 } finally {
87 JcrUtils.logoutQuietly(session);
88 }
89 }
90
91 /** @deprecated call {@link #run()} instead. */
92 @Deprecated
93 public void init() {
94 run();
95 }
96
97 protected void initAuthorizations(Session session)
98 throws RepositoryException {
99 AccessControlManager acm = session.getAccessControlManager();
100
101 for (String privileges : principalPrivileges.keySet()) {
102 String path = null;
103 int slashIndex = privileges.indexOf('/');
104 if (slashIndex == 0) {
105 throw new ArgeoJcrException("Privilege " + privileges
106 + " badly formatted it starts with /");
107 } else if (slashIndex > 0) {
108 path = privileges.substring(slashIndex);
109 privileges = privileges.substring(0, slashIndex);
110 }
111
112 if (path == null)
113 path = "/";
114
115 List<Privilege> privs = new ArrayList<Privilege>();
116 for (String priv : privileges.split(",")) {
117 privs.add(acm.privilegeFromName(priv));
118 }
119
120 String principalNames = principalPrivileges.get(privileges);
121 for (String principalName : principalNames.split(",")) {
122 Principal principal = getOrCreatePrincipal(session,
123 principalName);
124 JcrUtils.addPrivileges(session, path, principal, privs);
125 // if (log.isDebugEnabled()) {
126 // StringBuffer privBuf = new StringBuffer();
127 // for (Privilege priv : privs)
128 // privBuf.append(priv.getName());
129 // log.debug("Added privileges " + privBuf + " to "
130 // + principal.getName() + " on " + path + " in '"
131 // + session.getWorkspace().getName() + "'");
132 // }
133 }
134 }
135
136 // if (log.isDebugEnabled())
137 // log.debug("JCR authorizations applied on '"
138 // + session.getWorkspace().getName() + "'");
139 }
140
141 /**
142 * Returns a {@link SimplePrincipal}, does not check whether it exists since
143 * such capabilities is not provided by the standard JCR API. Can be
144 * overridden to provide smarter handling
145 */
146 protected Principal getOrCreatePrincipal(Session session,
147 String principalName) throws RepositoryException {
148 return new SimplePrincipal(principalName);
149 }
150
151 // public static void addPrivileges(Session session, Principal principal,
152 // String path, List<Privilege> privs) throws RepositoryException {
153 // AccessControlManager acm = session.getAccessControlManager();
154 // // search for an access control list
155 // AccessControlList acl = null;
156 // AccessControlPolicyIterator policyIterator = acm
157 // .getApplicablePolicies(path);
158 // if (policyIterator.hasNext()) {
159 // while (policyIterator.hasNext()) {
160 // AccessControlPolicy acp = policyIterator
161 // .nextAccessControlPolicy();
162 // if (acp instanceof AccessControlList)
163 // acl = ((AccessControlList) acp);
164 // }
165 // } else {
166 // AccessControlPolicy[] existingPolicies = acm.getPolicies(path);
167 // for (AccessControlPolicy acp : existingPolicies) {
168 // if (acp instanceof AccessControlList)
169 // acl = ((AccessControlList) acp);
170 // }
171 // }
172 //
173 // if (acl != null) {
174 // acl.addAccessControlEntry(principal,
175 // privs.toArray(new Privilege[privs.size()]));
176 // acm.setPolicy(path, acl);
177 // session.save();
178 // if (log.isDebugEnabled()) {
179 // StringBuffer buf = new StringBuffer("");
180 // for (int i = 0; i < privs.size(); i++) {
181 // if (i != 0)
182 // buf.append(',');
183 // buf.append(privs.get(i).getName());
184 // }
185 // log.debug("Added privilege(s) '" + buf + "' to '"
186 // + principal.getName() + "' on " + path
187 // + " from workspace '"
188 // + session.getWorkspace().getName() + "'");
189 // }
190 // } else {
191 // throw new ArgeoJcrException("Don't know how to apply privileges "
192 // + privs + " to " + principal + " on " + path
193 // + " from workspace '" + session.getWorkspace().getName()
194 // + "'");
195 // }
196 // }
197
198 @Deprecated
199 public void setGroupPrivileges(Map<String, String> groupPrivileges) {
200 this.principalPrivileges = groupPrivileges;
201 }
202
203 public void setPrincipalPrivileges(Map<String, String> principalPrivileges) {
204 this.principalPrivileges = principalPrivileges;
205 }
206
207 public void setRepository(Repository repository) {
208 this.repository = repository;
209 }
210
211 public void setWorkspace(String workspace) {
212 this.workspace = workspace;
213 }
214
215 public void setSecurityWorkspace(String securityWorkspace) {
216 this.securityWorkspace = securityWorkspace;
217 }
218
219 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi