server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/security/JcrAuthorizations.java

   1 /*
   2  * Copyright (C) 2007-2012 Mathieu Baudier
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *         http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16 package org.argeo.jcr.security;
  17
  18 import java.security.Principal;
  19 import java.util.ArrayList;
  20 import java.util.HashMap;
  21 import java.util.List;
  22 import java.util.Map;
  23
  24 import javax.jcr.Repository;
  25 import javax.jcr.RepositoryException;
  26 import javax.jcr.Session;
  27 import javax.jcr.security.AccessControlManager;
  28 import javax.jcr.security.Privilege;
  29
  30 import org.apache.commons.logging.Log;
  31 import org.apache.commons.logging.LogFactory;
  32 import org.argeo.ArgeoException;
  33 import org.argeo.jcr.JcrUtils;
  34 import org.argeo.util.security.SimplePrincipal;
  35
  36 /** Apply authorizations to a JCR repository. */
  37 public class JcrAuthorizations implements Runnable {
  38         private final static Log log = LogFactory.getLog(JcrAuthorizations.class);
  39
  40         private Repository repository;
  41         private String workspace = null;
  42
  43         /**
  44          * key := privilege1,privilege2/path/to/node<br/>
  45          * value := group1,group2,user1
  46          */
  47         private Map<String, String> principalPrivileges = new HashMap<String, String>();
  48
  49         public void run() {
  50                 Session session = null;
  51                 try {
  52                         session = repository.login(workspace);
  53                         initAuthorizations(session);
  54                 } catch (Exception e) {
  55                         JcrUtils.discardQuietly(session);
  56                 } finally {
  57                         JcrUtils.logoutQuietly(session);
  58                 }
  59         }
  60
  61         /** @deprecated call {@link #run()} instead. */
  62         @Deprecated
  63         public void init() {
  64                 run();
  65         }
  66
  67         protected void initAuthorizations(Session session)
  68                         throws RepositoryException {
  69                 AccessControlManager acm = session.getAccessControlManager();
  70
  71                 for (String privileges : principalPrivileges.keySet()) {
  72                         String path = null;
  73                         int slashIndex = privileges.indexOf('/');
  74                         if (slashIndex == 0) {
  75                                 throw new ArgeoException("Privilege " + privileges
  76                                                 + " badly formatted it starts with /");
  77                         } else if (slashIndex > 0) {
  78                                 path = privileges.substring(slashIndex);
  79                                 privileges = privileges.substring(0, slashIndex);
  80                         }
  81
  82                         if (path == null)
  83                                 path = "/";
  84
  85                         List<Privilege> privs = new ArrayList<Privilege>();
  86                         for (String priv : privileges.split(",")) {
  87                                 privs.add(acm.privilegeFromName(priv));
  88                         }
  89
  90                         String principalNames = principalPrivileges.get(privileges);
  91                         for (String principalName : principalNames.split(",")) {
  92                                 Principal principal = getOrCreatePrincipal(session,
  93                                                 principalName);
  94                                 JcrUtils.addPrivileges(session, path, principal, privs);
  95                         }
  96                 }
  97
  98                 if (log.isDebugEnabled())
  99                         log.debug("All authorizations applied on workspace "
 100                                         + session.getWorkspace().getName());
 101         }
 102
 103         /**
 104          * Returns a {@link SimplePrincipal}, does not check whether it exists since
 105          * such capabilities is not provided by the standard JCR API. Can be
 106          * overridden to provide smarter handling
 107          */
 108         protected Principal getOrCreatePrincipal(Session session,
 109                         String principalName) throws RepositoryException {
 110                 return new SimplePrincipal(principalName);
 111         }
 112
 113         // public static void addPrivileges(Session session, Principal principal,
 114         // String path, List<Privilege> privs) throws RepositoryException {
 115         // AccessControlManager acm = session.getAccessControlManager();
 116         // // search for an access control list
 117         // AccessControlList acl = null;
 118         // AccessControlPolicyIterator policyIterator = acm
 119         // .getApplicablePolicies(path);
 120         // if (policyIterator.hasNext()) {
 121         // while (policyIterator.hasNext()) {
 122         // AccessControlPolicy acp = policyIterator
 123         // .nextAccessControlPolicy();
 124         // if (acp instanceof AccessControlList)
 125         // acl = ((AccessControlList) acp);
 126         // }
 127         // } else {
 128         // AccessControlPolicy[] existingPolicies = acm.getPolicies(path);
 129         // for (AccessControlPolicy acp : existingPolicies) {
 130         // if (acp instanceof AccessControlList)
 131         // acl = ((AccessControlList) acp);
 132         // }
 133         // }
 134         //
 135         // if (acl != null) {
 136         // acl.addAccessControlEntry(principal,
 137         // privs.toArray(new Privilege[privs.size()]));
 138         // acm.setPolicy(path, acl);
 139         // session.save();
 140         // if (log.isDebugEnabled()) {
 141         // StringBuffer buf = new StringBuffer("");
 142         // for (int i = 0; i < privs.size(); i++) {
 143         // if (i != 0)
 144         // buf.append(',');
 145         // buf.append(privs.get(i).getName());
 146         // }
 147         // log.debug("Added privilege(s) '" + buf + "' to '"
 148         // + principal.getName() + "' on " + path
 149         // + " from workspace '"
 150         // + session.getWorkspace().getName() + "'");
 151         // }
 152         // } else {
 153         // throw new ArgeoException("Don't know how to apply  privileges "
 154         // + privs + " to " + principal + " on " + path
 155         // + " from workspace '" + session.getWorkspace().getName()
 156         // + "'");
 157         // }
 158         // }
 159
 160         @Deprecated
 161         public void setGroupPrivileges(Map<String, String> groupPrivileges) {
 162                 this.principalPrivileges = groupPrivileges;
 163         }
 164
 165         public void setPrincipalPrivileges(Map<String, String> principalPrivileges) {
 166                 this.principalPrivileges = principalPrivileges;
 167         }
 168
 169         public void setRepository(Repository repository) {
 170                 this.repository = repository;
 171         }
 172
 173         public void setWorkspace(String workspace) {
 174                 this.workspace = workspace;
 175         }
 176
 177 }