]>
git.argeo.org Git - lgpl/argeo-commons.git/blob - server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrAuthorizations.java
2 * Copyright (C) 2007-2012 Argeo GmbH
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 package org
.argeo
.jcr
.security
;
18 import java
.security
.Principal
;
19 import java
.util
.ArrayList
;
20 import java
.util
.HashMap
;
21 import java
.util
.List
;
24 import javax
.jcr
.Repository
;
25 import javax
.jcr
.RepositoryException
;
26 import javax
.jcr
.Session
;
27 import javax
.jcr
.security
.AccessControlManager
;
28 import javax
.jcr
.security
.Privilege
;
30 import org
.argeo
.ArgeoException
;
31 import org
.argeo
.jcr
.JcrUtils
;
32 import org
.argeo
.util
.security
.SimplePrincipal
;
34 /** Apply authorizations to a JCR repository. */
35 public class JcrAuthorizations
implements Runnable
{
36 // private final static Log log =
37 // LogFactory.getLog(JcrAuthorizations.class);
39 private Repository repository
;
40 private String workspace
= null;
42 private String securityWorkspace
= "security";
45 * key := privilege1,privilege2/path/to/node<br/>
46 * value := group1,group2,user1
48 private Map
<String
, String
> principalPrivileges
= new HashMap
<String
, String
>();
51 String currentWorkspace
= workspace
;
52 Session session
= null;
54 if (workspace
!= null && workspace
.equals("*")) {
55 session
= repository
.login();
56 String
[] workspaces
= session
.getWorkspace()
57 .getAccessibleWorkspaceNames();
58 JcrUtils
.logoutQuietly(session
);
59 for (String wksp
: workspaces
) {
60 currentWorkspace
= wksp
;
61 if (currentWorkspace
.equals(securityWorkspace
))
63 session
= repository
.login(currentWorkspace
);
64 initAuthorizations(session
);
65 JcrUtils
.logoutQuietly(session
);
68 session
= repository
.login(workspace
);
69 initAuthorizations(session
);
71 } catch (Exception e
) {
72 JcrUtils
.discardQuietly(session
);
73 throw new ArgeoException(
74 "Cannot set authorizations " + principalPrivileges
75 + " on workspace " + currentWorkspace
, e
);
77 JcrUtils
.logoutQuietly(session
);
81 protected void processWorkspace(String workspace
) {
82 Session session
= null;
84 session
= repository
.login(workspace
);
85 initAuthorizations(session
);
86 } catch (Exception e
) {
87 JcrUtils
.discardQuietly(session
);
88 throw new ArgeoException("Cannot set authorizations "
89 + principalPrivileges
+ " on repository " + repository
, e
);
91 JcrUtils
.logoutQuietly(session
);
95 /** @deprecated call {@link #run()} instead. */
101 protected void initAuthorizations(Session session
)
102 throws RepositoryException
{
103 AccessControlManager acm
= session
.getAccessControlManager();
105 for (String privileges
: principalPrivileges
.keySet()) {
107 int slashIndex
= privileges
.indexOf('/');
108 if (slashIndex
== 0) {
109 throw new ArgeoException("Privilege " + privileges
110 + " badly formatted it starts with /");
111 } else if (slashIndex
> 0) {
112 path
= privileges
.substring(slashIndex
);
113 privileges
= privileges
.substring(0, slashIndex
);
119 List
<Privilege
> privs
= new ArrayList
<Privilege
>();
120 for (String priv
: privileges
.split(",")) {
121 privs
.add(acm
.privilegeFromName(priv
));
124 String principalNames
= principalPrivileges
.get(privileges
);
125 for (String principalName
: principalNames
.split(",")) {
126 Principal principal
= getOrCreatePrincipal(session
,
128 JcrUtils
.addPrivileges(session
, path
, principal
, privs
);
129 // if (log.isDebugEnabled()) {
130 // StringBuffer privBuf = new StringBuffer();
131 // for (Privilege priv : privs)
132 // privBuf.append(priv.getName());
133 // log.debug("Added privileges " + privBuf + " to "
134 // + principal.getName() + " on " + path + " in '"
135 // + session.getWorkspace().getName() + "'");
140 // if (log.isDebugEnabled())
141 // log.debug("JCR authorizations applied on '"
142 // + session.getWorkspace().getName() + "'");
146 * Returns a {@link SimplePrincipal}, does not check whether it exists since
147 * such capabilities is not provided by the standard JCR API. Can be
148 * overridden to provide smarter handling
150 protected Principal
getOrCreatePrincipal(Session session
,
151 String principalName
) throws RepositoryException
{
152 return new SimplePrincipal(principalName
);
155 // public static void addPrivileges(Session session, Principal principal,
156 // String path, List<Privilege> privs) throws RepositoryException {
157 // AccessControlManager acm = session.getAccessControlManager();
158 // // search for an access control list
159 // AccessControlList acl = null;
160 // AccessControlPolicyIterator policyIterator = acm
161 // .getApplicablePolicies(path);
162 // if (policyIterator.hasNext()) {
163 // while (policyIterator.hasNext()) {
164 // AccessControlPolicy acp = policyIterator
165 // .nextAccessControlPolicy();
166 // if (acp instanceof AccessControlList)
167 // acl = ((AccessControlList) acp);
170 // AccessControlPolicy[] existingPolicies = acm.getPolicies(path);
171 // for (AccessControlPolicy acp : existingPolicies) {
172 // if (acp instanceof AccessControlList)
173 // acl = ((AccessControlList) acp);
177 // if (acl != null) {
178 // acl.addAccessControlEntry(principal,
179 // privs.toArray(new Privilege[privs.size()]));
180 // acm.setPolicy(path, acl);
182 // if (log.isDebugEnabled()) {
183 // StringBuffer buf = new StringBuffer("");
184 // for (int i = 0; i < privs.size(); i++) {
187 // buf.append(privs.get(i).getName());
189 // log.debug("Added privilege(s) '" + buf + "' to '"
190 // + principal.getName() + "' on " + path
191 // + " from workspace '"
192 // + session.getWorkspace().getName() + "'");
195 // throw new ArgeoException("Don't know how to apply privileges "
196 // + privs + " to " + principal + " on " + path
197 // + " from workspace '" + session.getWorkspace().getName()
203 public void setGroupPrivileges(Map
<String
, String
> groupPrivileges
) {
204 this.principalPrivileges
= groupPrivileges
;
207 public void setPrincipalPrivileges(Map
<String
, String
> principalPrivileges
) {
208 this.principalPrivileges
= principalPrivileges
;
211 public void setRepository(Repository repository
) {
212 this.repository
= repository
;
215 public void setWorkspace(String workspace
) {
216 this.workspace
= workspace
;
219 public void setSecurityWorkspace(String securityWorkspace
) {
220 this.securityWorkspace
= securityWorkspace
;