]>
git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.jcr/src/org/argeo/jcr/JcrAuthorizations.java
22592fa178991a1d42f42837b6e19cd191947161
2 * Copyright (C) 2007-2012 Argeo GmbH
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.jcr
;
18 import java
.security
.Principal
;
19 import java
.util
.ArrayList
;
20 import java
.util
.HashMap
;
21 import java
.util
.List
;
24 import javax
.jcr
.Repository
;
25 import javax
.jcr
.RepositoryException
;
26 import javax
.jcr
.Session
;
27 import javax
.jcr
.security
.AccessControlManager
;
28 import javax
.jcr
.security
.Privilege
;
30 /** Apply authorizations to a JCR repository. */
31 public class JcrAuthorizations
implements Runnable
{
32 // private final static Log log =
33 // LogFactory.getLog(JcrAuthorizations.class);
35 private Repository repository
;
36 private String workspace
= null;
38 private String securityWorkspace
= "security";
41 * key := privilege1,privilege2/path/to/node<br/>
42 * value := group1,group2,user1
44 private Map
<String
, String
> principalPrivileges
= new HashMap
<String
, String
>();
47 String currentWorkspace
= workspace
;
48 Session session
= null;
50 if (workspace
!= null && workspace
.equals("*")) {
51 session
= repository
.login();
52 String
[] workspaces
= session
.getWorkspace()
53 .getAccessibleWorkspaceNames();
54 JcrUtils
.logoutQuietly(session
);
55 for (String wksp
: workspaces
) {
56 currentWorkspace
= wksp
;
57 if (currentWorkspace
.equals(securityWorkspace
))
59 session
= repository
.login(currentWorkspace
);
60 initAuthorizations(session
);
61 JcrUtils
.logoutQuietly(session
);
64 session
= repository
.login(workspace
);
65 initAuthorizations(session
);
67 } catch (Exception e
) {
68 JcrUtils
.discardQuietly(session
);
69 throw new ArgeoJcrException(
70 "Cannot set authorizations " + principalPrivileges
71 + " on workspace " + currentWorkspace
, e
);
73 JcrUtils
.logoutQuietly(session
);
77 protected void processWorkspace(String workspace
) {
78 Session session
= null;
80 session
= repository
.login(workspace
);
81 initAuthorizations(session
);
82 } catch (Exception e
) {
83 JcrUtils
.discardQuietly(session
);
84 throw new ArgeoJcrException("Cannot set authorizations "
85 + principalPrivileges
+ " on repository " + repository
, e
);
87 JcrUtils
.logoutQuietly(session
);
91 /** @deprecated call {@link #run()} instead. */
97 protected void initAuthorizations(Session session
)
98 throws RepositoryException
{
99 AccessControlManager acm
= session
.getAccessControlManager();
101 for (String privileges
: principalPrivileges
.keySet()) {
103 int slashIndex
= privileges
.indexOf('/');
104 if (slashIndex
== 0) {
105 throw new ArgeoJcrException("Privilege " + privileges
106 + " badly formatted it starts with /");
107 } else if (slashIndex
> 0) {
108 path
= privileges
.substring(slashIndex
);
109 privileges
= privileges
.substring(0, slashIndex
);
115 List
<Privilege
> privs
= new ArrayList
<Privilege
>();
116 for (String priv
: privileges
.split(",")) {
117 privs
.add(acm
.privilegeFromName(priv
));
120 String principalNames
= principalPrivileges
.get(privileges
);
121 for (String principalName
: principalNames
.split(",")) {
122 Principal principal
= getOrCreatePrincipal(session
,
124 JcrUtils
.addPrivileges(session
, path
, principal
, privs
);
125 // if (log.isDebugEnabled()) {
126 // StringBuffer privBuf = new StringBuffer();
127 // for (Privilege priv : privs)
128 // privBuf.append(priv.getName());
129 // log.debug("Added privileges " + privBuf + " to "
130 // + principal.getName() + " on " + path + " in '"
131 // + session.getWorkspace().getName() + "'");
136 // if (log.isDebugEnabled())
137 // log.debug("JCR authorizations applied on '"
138 // + session.getWorkspace().getName() + "'");
142 * Returns a {@link SimplePrincipal}, does not check whether it exists since
143 * such capabilities is not provided by the standard JCR API. Can be
144 * overridden to provide smarter handling
146 protected Principal
getOrCreatePrincipal(Session session
,
147 String principalName
) throws RepositoryException
{
148 return new SimplePrincipal(principalName
);
151 // public static void addPrivileges(Session session, Principal principal,
152 // String path, List<Privilege> privs) throws RepositoryException {
153 // AccessControlManager acm = session.getAccessControlManager();
154 // // search for an access control list
155 // AccessControlList acl = null;
156 // AccessControlPolicyIterator policyIterator = acm
157 // .getApplicablePolicies(path);
158 // if (policyIterator.hasNext()) {
159 // while (policyIterator.hasNext()) {
160 // AccessControlPolicy acp = policyIterator
161 // .nextAccessControlPolicy();
162 // if (acp instanceof AccessControlList)
163 // acl = ((AccessControlList) acp);
166 // AccessControlPolicy[] existingPolicies = acm.getPolicies(path);
167 // for (AccessControlPolicy acp : existingPolicies) {
168 // if (acp instanceof AccessControlList)
169 // acl = ((AccessControlList) acp);
173 // if (acl != null) {
174 // acl.addAccessControlEntry(principal,
175 // privs.toArray(new Privilege[privs.size()]));
176 // acm.setPolicy(path, acl);
178 // if (log.isDebugEnabled()) {
179 // StringBuffer buf = new StringBuffer("");
180 // for (int i = 0; i < privs.size(); i++) {
183 // buf.append(privs.get(i).getName());
185 // log.debug("Added privilege(s) '" + buf + "' to '"
186 // + principal.getName() + "' on " + path
187 // + " from workspace '"
188 // + session.getWorkspace().getName() + "'");
191 // throw new ArgeoJcrException("Don't know how to apply privileges "
192 // + privs + " to " + principal + " on " + path
193 // + " from workspace '" + session.getWorkspace().getName()
199 public void setGroupPrivileges(Map
<String
, String
> groupPrivileges
) {
200 this.principalPrivileges
= groupPrivileges
;
203 public void setPrincipalPrivileges(Map
<String
, String
> principalPrivileges
) {
204 this.principalPrivileges
= principalPrivileges
;
207 public void setRepository(Repository repository
) {
208 this.repository
= repository
;
211 public void setWorkspace(String workspace
) {
212 this.workspace
= workspace
;
215 public void setSecurityWorkspace(String securityWorkspace
) {
216 this.securityWorkspace
= securityWorkspace
;